DarkGovernment

Congress Warns of China’s Cyber Pursuits

China has developed a sophisticated cyber warfare program and stepped up its capacity to penetrate US computer networks to extract sensitive information, a US congressional panel warned on Thursday.”China has an active cyber espionage program,” the US-China Economic and Security Review Commission said in its annual report to the US Congress. “China is targeting US government and commercial computers.”

In its 393-page report, the panel also criticized Beijing for exercising “heavy-handed government control” over its economy and “continuing arms sales and military support to rogue regimes” such as Sudan, Myanmar and Iran.

The commission also issued a warning about China’s space program. “China continues to make significant progress in developing space capabilities, many of which easily translate to enhanced military capacity,” it said.

“Although some Chinese space programs have no explicit military intent, many space systems — such as communications, navigation, meteorological, and imagery systems — are dual use in nature,” the commission said.

The commission, which was established by Congress in 2000 to analyze the economic and national security relationship between the two nations, said China was investing heavily in cyber warfare.

“Since China’s current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts,” the commission said.

It said Chinese hacker groups may be operating with government support.

“By some estimates, there are 250 hacker groups in China that are tolerated and may even be encouraged by the government to enter and disrupt computer networks,” the commission said.

It quoted Colonel Gary McAlum, chief of staff for the US Strategic Command’s Joint Task Force for Global Network Operations, as saying China has recognized the importance of cyber operations as a tool of warfare and “has the intent and capability to conduct cyber operations anywhere in the world at any time.”

“China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States,” the commission said. “In a conflict situation, this advantage would reduce current US conventional military dominance.”

The commission recalled that unclassified US military, government and government contractor websites and computer systems were the victims of cyber intrusions in 2002 codenamed “Titan Rain” and attributed to China.

And earlier this month The Financial Times, citing an unnamed senior US official, reported that Chinese hackers — possibly with backing by the Beijing government — had penetrated the White House computer network and obtained emails between government officials.

The commission made 45 recommendations to Congress including possible “additional funding for military, intelligence and homeland security programs that monitor and protect critical American computer networks.”

On the economic front, the commission said “China relies on heavy-handed government control over its economy to maintain an export advantage over other countries.”

“The result: China has amassed nearly two trillion dollars in foreign exchange and has increasingly used its hoard to manipulate currency trading and diplomatic relations with other nations,” it said.

“Rather than use this money for the benefit of its citizens — by funding pensions and erecting hospitals and schools, for example — China has been using the funds to seek political and economic influence over other nations,” said Larry Wortzel, chairman of the commission.

Beijing’s “continuing arms sales and military support to rogue regimes, namely Sudan, Burma, and Iran, threaten the stability of fragile regions and hinder US and international efforts to address international crises, such as the genocide in Darfur,” the commission added.

The commission acknowledged some progress by China, specifically its adherence to non-proliferation agreements and involvement in the six-party talks to dismantle North Korea’s nuclear weapons production capacity.

But it criticized China’s use of prison labor to produce goods for export and an “information control regime” that it said regulates the print and broadcast media, Internet, entertainment and education.

Full Report: 2008-annual-report-to-congress-concerning-china (PDF)

Tags: annual report, china, congress, cyber attack

Cyber warfare needs Rules of Engagement

The rapid advancement of cyber attacks and the emergence of cyber warfare have caught government and military leaders around the world off guard. Decision making in time requiring defensive measures or military crisis is guided by doctrine and rules of engagement, but in the case of cyber attacks and cyber warfare they do not currently exist. The complexities and unique characteristics of cyber warfare mandate establishing Cyber Attack and Warfare Rules of Engagement (CAWRoE).

Cyber warfare is different than the conventional war in many ways. It is this difference that will challenge the minds of experts around the world when they attempt to create cyber warfare doctrine and ROE. To frame this discussion, below you will find two definitions that put this challenge in context.

Definition - Cyber Warfare & Terrorism - “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” Source: This definition was published in the U.S. Army Cyber Operations and Cyber Terrorism Handbook 1.02. This definition was written by Kevin Coleman back in 2004 for an online article.

Definition - Rules of Engagement - Rules of engagement date at least to the Middle Ages in Europe. In military terms this refers to a directive issued by a military authority controlling the use and degree of force, esp. specifying circumstances and limitations for engaging in combat. The directive delineates the limitations and circumstances under which forces will initiate and prosecute combat engagement with other forces encountered. Source: This definition is based on multiple authorities’ sources and combined to clearly articulate ROE.

NOTE– After months of research, we will soon publish a paper that addresses the question: “What constitutes an act of cyber war?”

History has shown that ROE are often over controlled and regulated by politicians and military leaders. It is anticipated that this will also be the case as it relates to cyber attacks and warfare. In addition, commanders and government leaders at all levels must understand the situation, complexities and uncertainty they face.

The increase in complexity, technical aspects and difficulty in tracing the cyber attacks back to the aggressor will combine to increase the difficulty of creating the ROE for cyber. Careful crafting of cyber ROE is required to diminish ambiguities that could caused delays in actions when the use of force is required and will surely lead to increased implication on the United States.

Cyber attack and warfare rules of engagement will undoubtedly require hundreds of pages to establish a decision framework. That being said, there are a few critical areas that will pose the most significant challenge to policy makers. One of these areas will be the level of confidence in the identification of the entity behind an attack on a nation. Tracing and tracking cyber attacks back to those responsible is not an easy task. Usually this takes months or years not minutes and hours. Current intelligence and surveillance capabilities will provide only minimal assistance in this effort. Although promising research on tracking and tracing cyber attacks is currently underway and advances are occurring on a regular basis, we are far from being able to rapidly identify the party or parties behind the attack with the high degree of confidence and hard evidence necessary to launch an offensive cyber response. At the present time, the newness of cyber attacks and weapons coupled with their potential, but unproven power and the uncertainty about how they might be used, have pushed the decision around the response to cyber attacks all the way to the top and in the hands of the President of the United States.

Conclusion
Over 140 countries around the world have cyber weapons development efforts underway but lack a comprehensive doctrine and legal framework for responding to cyber attacks as well as using offensive cyber weapons against attackers and adversaries. President-elect Barack Obama’s national security team will have to rapidly establish the rules of engagement as they relate to cyber attacks and all out cyber warfare. His national security team is said to include: Sarah Sewall, Tom Donilon, Wendy R. Sherman, Michelle A. Flournoy, John P. White, Robert R. Beers, Clark Kent Ervin, Gayle E. Smith, Aaron Williams, John O. Brennan and Judith A. (”Jami”) Miscik.

The United States Military has an expansive arsenal of sophisticated cyber weapons at its disposal, policy makers have yet to define the rules of engagement that govern when and how to use them. In a briefing earlier this year I said: “This is totally uncharted territory for policy makers. The characteristics of cyber attacks coupled with the operational aspects of cyber weapons make this a unique challenge.”

This remains the case and time is growing short before the next significant cyber attack is launched. Cyber warfare requires new rules of engagement.

See How the Air Force is Developing a Cyber Defense Plan

Tags: air force navy, cyber attack, cyber defense, cyber war, cyber warfare

Government Cyber Attacks in Georgia

Right along with bombs guns and bullets come cyber attacks on the government computer systems of Georgia, who at the time of this article is in a military conflict with Russia.

As Georgian troops retreated to defend their capital from Russian attack, the websites of their government, also under fire, retreated to Google.

In an Internet first, Georgia’s Ministry of Foreign Affairs reopened its site on Google’s free Blogger network and gave reporters a Gmail address to reach the National Security Council.

The attacks have deluged the websites of the president, various ministries, and news agencies with bogus traffic. The jam not only shut down those sites but also clogged Georgia’s Internet access, exposing its reliance on Russian Internet pipelines.

Some in the cyber security community say this may be nothing more than grass roots “hactivism,” which usually springs up during international confrontations. Others, however, warn that the attack highlights the leverage some countries have gained over adversaries by laying down fiber-optic cables and providing cheap Internet services.

“The lesson here for Washington is that any modern conflict will include a cyberwarfare component, simply because it’s too inexpensive to be passed up,” says Bill Woodcock, research director at Packet Clearing House, a nonprofit Internet research institute in San Francisco. “The best [defensive] strategy is always preparedness. We’ve spent eight years completely ignoring that, while the Chinese and Indian governments have been paying really close attention and investing many tens of billions of dollars.”

Georgia’s Internet infrastructure has two big weaknesses. First, most of its external connections go through Russia. Second, there’s a lack of internal connections called Internet exchange points. So when a Web surfer in Georgia calls up a Georgian Web page, that request routes through another country, which is similar to driving to Mexico to get across town in San Francisco, says Mr. Woodcock, whose organization helps countries build their own Internet exchange points.

“If you look at how the routing is done on the Internet, there are a few major networks that are providing interconnectivity to everyone else,” says Dmitri Alperovitch, director of intelligence analysis at Secure Computing Corporation, a data-security firm based in San Jose, Calif.

A Problem for 110 Nations

By one count, 110 nations are saddled with the problem. Former Soviet states in particular are poorly connected and increasingly reliant on Russia, he says. That’s in part due to the legacy of the Soviet period. But now it has more to do with Russia’s ability to offer superior Internet service through its investments in infrastructure. The situation is somewhat analogous to the more-widely-noticed reliance that neighbors have on Russia’s energy pipelines.

China and India have been laying even more fiber-optic cable than Russia, allowing them to offer cheap prices and snatch away much of the Asian Web traffic that at one time flowed through Palo Alto and Los Angeles, says Woodcock.

Shoring up the cyberdefenses of friendly governments could involve laying new fiber to be price-competitive with adversaries, establishing Internet exchange points, and building up expert strike teams that can respond rapidly to attacks, cybersecurity experts say.

The Baltic nation of Estonia, which last year weathered significant cyberattacks, has dispatched two computer experts to help Georgia, according to Katrin Pärgmäe, an Estonian spokeswoman.

The attacks seen on Georgia were shorter, but more intense, than those seen in Estonia, says Jose Nazario with Arbor Networks, a network-security firm in Lexington, Mass. They have also gone in both directions at times, with some limited attacks on Russian sites. Despite Russia’s military halt, cyberattacks were still reported against some Georgian sites as of press time Tuesday. “I don’t see a cybertruce, but I’m not seeing devastating effects as well,” he says.

Cyberattack Began July 20

Georgia was under cyberassault as early as July 20, when the president’s website was barraged with traffic, according to André DiMino with Shadowserver, an Internet-based security watchdog group.

The computer used to lead that initial assault, known as a denial of service (DOS) attack, was in the US and was shut down fairly quickly, he says. Then DOS attacks resurged over the weekend, this time with a leading machine in Turkey.

The locations of the machines mean little, however, since nefarious hackers and crime syndicates are able to hijack computers across borders.

Experts like Mr. DiMino and Gadi Evron, a former Israeli computer-security official, say they’ve seen no indication yet that the attacks are more sophisticated than something that could be done by hactivists.

“It’s obvious they are suffering from serious attacks, but saying this is an Internet war is blowing it out of any possible proportion before we have more information,” says Mr. Evron.

Others, including Mr. Alperovitch and Woodcock, see the DOS attacks as more sophisticated in the way they have choked the limited data pipelines that Georgia depends on.

Indeed, much of Georgia’s remaining connectivity has come through non-Russian pipes, Woodcock says.

Sources and methods aside, there’s broad agreement that cyberattacks can be so cheap and distracting as to be a no-brainer once bullets start flying.

Alperovitch describes such attacks as “psy-ops,” comparable to bombing radio towers to stifle an opponent’s ability to get its message out.

Georgia’s online retreat to Google was also no doubt demoralizing.

In a long-term conflict, says Woodcock, such an attack could serve longer-term goals.

“You can bet that these attacks have cost Georgia’s private sector far more than the perhaps $2,000 it cost the [perpetrators] to do them,” he says.

“And in the long run, that loss of national productivity affects not only Georgia’s financial ability to wage war, but its people’s willingness to engage in it,” he adds.

Tags: cyber attack, cyberwarfare, georgia, russia