By Jose Nazario
February was an incredible month of developments. Obviously the two big stories are the Mandiant report on the group tagged APT 1, and the White House’s reactions to the cyber espionage issue by using international trade efforts. Even the NYT, WaPo and WSJ hacks all pale in comparison to these developments.
A busy month for cyber conflict. Lots of great debate, too, so be sure to look at the blogs and opinion pieces linked here, plenty of informed reactions to the Mandiant report and the administration’s efforts in that arena.
In the meantime, until some of the key nations get hit with a cyber attack that they view as too costly, aggressive competition with some self-limiting by general principles of the law of armed conflict is probably as far as international law will go in terms of regulating cyber warfare.
Talks of cyberwar and a cyber Pearl Harbor seem to be a regular fixture of news reports in the last few months, with prominent U.S. administration officials like Janet Napolitano or Leon Panetta regularly touting the threat of a cyber attack on the United States. But not everybody is buying it. For one, Howard Schmidt, the former chief cybersecurity advisor to President Barack Obama, is skeptical.
WASHINGTON — The Obama administration is considering more assertive action against Beijing to combat a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies.
As The New York Times and Wall Street Journal reported Thursday that their computer systems had been infiltrated by China-based hackers, cybersecurity experts said the U.S. government is eyeing more pointed diplomatic and trade measures.
Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem. One official said it also will cite more directly a role by the Chinese government in such espionage.
WASHINGTON — A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review.
Computer networks at the Energy Department were attacked by sophisticated hackers in a major cyber incident two weeks ago and personal information on several hundred employees was compromised by the intruders.
Energy Department officials, along with FBI agents, are investigating the attack on servers at the Washington headquarters. They believe the sophisticated penetration attack was not limited to stealing personal information. There are indications the attackers had other motives, possibly including plans to gain future access to classified and other sensitive information.
With the Pentagon now officially recognizing cyberspace as a domain of warfare, U.S. military commanders are emphasizing their readiness to defend the nation against cyberthreats from abroad. What they do not say is that they are equally prepared to launch their own cyberattacks against U.S. adversaries.
President Barack Obama issued an executive order aimed at boosting U.S. cybersecurity for vital assets such as power grids and water-treatment plants after Congress failed to pass legislation.
The order directs the government to develop a voluntary program of cybersecurity standards for companies operating critical, privately owned infrastructure. It instructs federal agencies to consider putting those standards in existing regulations for businesses.
Analysis: Presidential Cyber Direction Looks Quite Familiar, by Jason Healey, February 12, 2013.
One way or the other, the president of the United States is going to unveil a new executive order on cyber security this week. Long in coming — cyber security has simmered in the background of the national security policy agenda for at least two years — the new order will create a set of standards that private companies operating critical infrastructure, such as power plans and water utilities, can choose to follow voluntarily, according to a report from Bloomberg News.
A new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness, according to individuals familiar with the report.
The National Intelligence Estimate identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain.
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
Report link: http://intelreport.mandiant.com/
The White House is reportedly considering fines and other trade penalties against China or any other country guilty of cyberattacks amid evidence of an unrelenting cyber espionage campaign linked to the Chinese government.
The Associated Press reported Wednesday that the actions are being considered as part of the Obama administration’s response to a report that claimed the Chinese army is behind a series of cyberattacks on U.S. companies.
Commentary from Jay Healey: http://www.usnews.com/opinion/blogs/world-report/2013/02/21/fighting-chinese-cyberespionage-obamas-next–move
Commentary from Eugene Spafford at ACM: http://usacm.acm.org/images/documents/CybersecurityEOStatement.pdf
In a story in this week’s magazine, TIME profiles Wan Tao, once one of China’s most feared hongke, or red hackers, cyberwarriors motivated by patriotism to attack foreign digital victims.
As Iran met in Kazakhstan this week with members of the UN Security Council to discuss its nuclear program, researchers announced that a new variant of the sophisticated cyberweapon known as Stuxnet had been found, which predates other known versions of the malicious code that were reportedly unleashed by the U.S. and Israel several years ago in an attempt to sabotage Iran’s nuclear program.
The new variant was designed for a different kind of attack against centrifuges used in Iran’s uranium enrichment program than later versions that were released, according to Symantec, the U.S-based computer security firm that reverse-engineered Stuxnet in 2010 and also found the latest variant.
Blogs & Opinion Pieces
While I am not usually an advocate of legislation as a foundation for addressing critical commercial challenges, cyber is one area where the nature of the threat transcends a clear government/free-market divide. The threats and challenges raise to the level of National Security threats and any point of failure could have catastrophic consequences. It is time for close collaboration and cooperation between government experts—some of the most talented cyber defenders in the world—and operators of critical commercial infrastructure in the free-market economy.
But there’s another question about the Chinese hackers and their long-suspected links to the Chinese government: Why would Beijing think this is okay to do? How could Chinese Communist Party leaders square their goal of becoming a respected global power with behavior – possibly hacking a Western media organization in response to an embarrassing story – that seems more in line with that of a defensive pariah state?
The answer, or at least a very compelling theory, may be contained in a fascinating blog post by Christopher Ford of the Hudson Institute.
Barack Obama is probably America’s most web-savvy president ever. But when it comes to actually crafting policy for the nation’s cyber security, his administration has been consistent in only one aspect: bluster. Obama’s major legacy on cyber security, it increasingly seems, will be an infrastructure for waging a non-existent “cyber war” that’s incapable of defending the country from the types of cyber attacks that are actually coming.
In order to create effective policy and strategy, policymakers must first acknowledge that cyber power is part of an ongoing strategic military competition between the United States and nations such as Russia and China. Militarized malware is but one part of a larger cyber power complex that other powers seek to imitate and counter. Only by considering the whole of military cyber power will the United States formulate responses to the expansion of military competition in and over cyberspace.
While Vice President Biden and Russian Foreign Minister Sergey Lavrov were dealing with Syrian rebels and other conflicts, some at the recent Munich Security Conference were focused on a topic with much greater implications for global security: cyberthreats. Unfortunately, those conversations revealed how strikingly little has been done to create international norms of behavior in cyberspace and the means to punish those who would deviate from them.
How the U.S. Should Respond to Chinese Cyberespionage
By JASON HEALEY
Chinese espionage has been a major problem for a decade, largely because the Chinese never faced any penalty for their actions. Now that, again, the private sector has taken the lead, the U.S. government must shake off its reluctance and jump into gear.
ACTIVE CYBER DEFENSE: A FRAMEWORK FOR POLICYMAKERS
by Dr. Irving Lachow
Cyber attacks are posing ever more serious economic and national security risks to the United States. In Active Cyber Defense: A Framework for Policymakers, CNAS Senior Fellow and Director of the Program on Technology and U.S. National Security Dr. Irving Lachow urges policymakers to provide guidance and clarity on an intensifying debate about active cyber defense (ACD).
Putting China’s “Hacking Army” into Perspective
By Thomas P. M. Barnett
What really drives China is its own leadership’s fears. Beijing knows it has mortgaged just about everything to grow so rapidly. Besides the environment (which is enough, trust me), a good example is found in China’s unprecedented demographic aging – i.e., the vast piling up of elders. China’s entitlement burden there will dwarf our own. By mid-century, China will have more elders (400 million-plus) than we’ve got citizens (around 400 million total). The massive trade-offs on guns-vs.-butter are coming just as China’s reliance on foreign sources of food and energy skyrocket, and America “pivots” to East Asia in a transparent “boxing in” military containment strategy.
Trade War Versus Cyberwar
By Anup Ghosh
Today, trade warfare is initiated through a spearphish — in which a simple click can lead to loss of corporate secrets in a matter of minutes. The best offense is a strong defense and attribution of attacks. Our most important challenge is not taking the fight to the enemy, but rather having the courage and political will to defend our own national treasures.
The essay begins by presenting the necessary conditions for a successful strategy of deterrence. It then reviews the central claims regarding the difﬁculties in applying successful deterrence in cyber warfare vis-à-vis each of these conditions. The third part discusses some beneﬁts and shortcomings of certain factors that may strengthen deterrence against cyber warfare. Finally, it highlights the importance of continuing the discussion of deterrence and cyber warfare, indicating a number of directions for future research.