Redstate

Cyberwar, again.

By blackhedd Posted in War — Comments (2) / Email this page » / Leave a comment »

You probably remember the stories that came out over the last two weeks about a "botnet" attack against the Internet's root DNS servers. We had several stories about the attack here at RedState. I mentioned it myself here in a piece called Cyberwar.

Coordinated attacks against DNS by swarms of computer "zombies" are splashy, get a lot of media attention, and point out some genuine problems with how we use computers and how we write software (I'm looking at you, Microsoft). They can indeed be dangerous, but they're the equivalent of throwing rocks at the highest and best defended citadel.

There really is quite a lot more to the picture, however. According to a story appearing in Federal Computer Week:

...the predominant threat comes from Chinese hackers, who are constantly waging all-out warfare against Defense Department networks, Netwarcom officials said.

Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication, said a senior Netwarcom official, who spoke to reporters on background Feb 12. The conflict has reached the level of a campaign-style, force-on-force engagement, he said.

Netwarcom is the Naval Network Warfare Command, based in Norfolk VA.

More...

No modern nation depends more than the US on the free flow of information to enable both commerce and security. China's January 11 test of an anti-satellite missile capability was only the most spectacular move in a campaign that has been going on for decades. China has been systematically snooping our defense and industrial information for decades, in ways ranging the gamut from low-technology to high.

What are they looking for?

The motives of Chinese hackers run the gamut, including technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD networks for future action, the official said.

Exactly the kinds of capabilities you would expect someone to pursue if they were preparing for war. In fact:

A recent Chinese military white paper states that China plans to be able to win an “informationized war” by the middle of this century. Overall, China seeks a position of power to ensure its freedom of action in international affairs and the ability to influence the global economy, the senior official said.

How do we know the attacks against military computers and networks are coming from China? I've heard people point out that most of the "zombie" computers (linked together into botnets) are located in China, simply because China has the most people. (And most of those computers are running pirated copies of Windows, which is easy enough to hack.) But only about 135 million Chinese are online. (Remember, the vast majority of Chinese are still dirt-poor.) A lot of the Viagra and Nigerian-427 spam you get appears to come from China, although the spam operators probably are located elsewhere. However, the coordinated attacks against military assets are different. They appear to have a lot of intelligence and coordination behind them:

Chinese hackers gained notoriety in the United States when a series of devastating intrusions, beginning in 2003, was traced to a team of researchers in Guangdong Province. The program, which DOD called Titan Rain, was first reported by Federal Computer Week in August 2005... That particular set of hackers is still active, the Netwarcom official said. He would not confirm whether the Titan Rain group was linked to the NWC attack or any other recent high-profile intrusions.

What is DoD doing about this? If you've ever worked with DoD or DoE, you know they have some very stringent rules for information access and procedures for securing network perimeters. The doctrines of "Defense in Depth" and compartmentalization are applied in infotech just as in many other areas. The very most sensitive information is carried on "black" networks that have no points of contact with the public internet. Of course the standard inadvertent and willful breaches of security can and do take place even in partitioned networks. (The Los Alamos National Laboratory is notorious for this kind of thing. It's rumored that LANL will soon be sanctioned, again, for its lax approach to security.)

But passive defenses and network monitoring are not enough, when considering that the nature of the threat has shifted from eavesdropping to active attack:

Netwarcom, the Navy’s lead cyber agency, is moving from monitoring the networks to full command-and-control capabilities. The Air Force announced in October 2006 that it will create a Cyber Command, based on the infrastructure of the 8th Air Force under Lt. Gen. Robert Elder, at Barksdale Air Force Base, La., to coordinate its cyber warfare efforts.

In the end, the cyberthreat is revolutionary, officials said, because it has no battle lines, the intelligence is intangible, and attacks come without warning, leaving no time to prepare defenses.

The bottom line is that it's essential to recognize the magnitude and purposefulness of the activities being mounted against us by the Chinese.

The simple presence of Chinese nationals in all of our university advanced-technology laboratories and engineering programs is a cause for concern. While no one argues against this, it has long been suspected that more than a little coordinated information-gathering is going on here, directed by and for the benefit of people in China's government and military.

Why does China want to attack us in the first place? Don't be fooled by people who will tell you that they have no incentives. It's not paranoia to recognize that the Chinese are ultimately not comfortable with a world that responds to our control. And information technology does provide many levers of control. The Chinese have long been committed to blunting this fundamental edge that we possess.

China is not interested in full-scale symmetrical warfare with us. Theirs is not an ideologically-driven regime like that of USSR or of Mao. However, they are extremely interested in eroding our current military edge and matching our future military advances, so as to make it impossible for us ever to dictate to them. They are not an existential threat to us, and they want to be sure that the reverse never becomes true.

But the world is a dangerous and fluid place. The intentions of China and other actors (both state and substate) can't be predicted far into the future. We dare not allow our defense information capabilities be compromised so easily. Thanks to the brilliant minds at the New York Times and the legions of media-types who follow them, the whole idea of a national secret has been recast as a dangerous device used by Republicans to limit the freedoms of Americans. Their constant warfare against our ability to safeguard secrets is as naive and short-sighted as it is pusillanimous.