Sanger and two colleagues reported in the New York Times on Tuesday that a secretive unit of the People’s Liberation Army, the Chinese military, is responsible for most of the many Chinese cyber attacks on U.S. corporations and infrastructure.
As has been previously shared, the unit is called the 'Blue Army' and is supposedly made up of over 100,000 computer hackers - and may be as high as over 250,000 cyber warfare experts.
The problems cyber warfare present are more than serious. At hand is the ability of rogue countries to possibly take control of another nation's weapons, cripple its electronic grid and infrastructure,and cause unthinkable fear and economic chaos.
The New York Times Sanger said, “This is, diplomatically, I think one of the most complicated problems out there. The fact that your adversary would know that you could get into their systems and turn them on or off at any time – whether it was cell phones or air traffic control or whatever – might well affect your future behavior. So it doesn’t mean that they’re going to do it, or there’s out-and-out war, but it does mean that they have a capability to do this by remote control.” Last month The New York Times reported the newspaper was the victim of Chinese hackers due to retribution for publishing a negative report on the finances of Prime Minister Wen Jiabao.
In reaction to the attack, the New York Times hired a leading cyber security technology firm, Mandiant, to investigate the attack. Mandiant's investigation followed the attack on The New York Times to a building solely occupied by the Chinese Military in Shanghai - where it is believed that a portion of the military's Blue Army is housed in the 12 story building. .
“It’s got thousands of people working in it,” Sanger said. His colleague, David Barboza visited the site, but was not allowed inside.
Chad Sweet, the former Chief of Staff of the Homeland Security and a former CIA offiica who is the Managing partner of the high-profile global security firm the Chertoff Group, told CNN"s Amanpour. “We’re essentially facing a new Cold War – a cyber Cold War. “The destructive capacity is equal to that of a nuclear warhead… But what makes it more sinister than the nuclear age is that there’s no easily identifiable plume.”
With respect to the possibilities of a direct attach by China against the United States, Sweet said he did not think China would “pull the trigger” unless its “back was up against the wall” – for example if the U.S. threatened China’s claim over Taiwan.
Is there a build-up by all the world's formidable nations? Yes.
In fact, as Sanger pointed out, “That is how the U.S. got into the Iranian nuclear program.” (though the operation has been heavily credited to Israel's activities and refers to the Stuxnet computer virus that was launched last year).
Because of the nature of these programs, it is impossible to verify the extent or intent of either the U.S. or China’s cyber warfare or capability.
Sanger said that during his reporting on the Stuxnet virus, he learned of a prescient Situation Room meeting early in the Obama administration. “President Obama said to some of his aides in the Situation Room several years ago,” Sanger recounted, “that he was worried that once the U.S. went down this road, other countries might use it as a pretense to launch their own attacks, presumably not with the discipline and the rules the U.S. has. Well I think that’s probably pretty much exactly what’s happened.”
The Following report was issued by the Christian Science Monitor. I think it is worth sharing:
A stunning report by a US digital-security company accuses China’s military of conducting more than 100 cyberattacks on American corporate and government computers. If accurate, the report by the firm Mandiant only adds to the urgency to develop international norms in cyberwar and cyberespionage.
Each new tool of aggression requires its own rules of war. Cyberwarfare should be no different. Without a code of ethics for conflict in the digital universe, nations could eventually bring down each other’s water supplies, electric grids, military defenses, and vital institutions. And key values, such as privacy and a right to intellectual property, could also be lost.
Global rules now restrict the use of nuclear, chemical, and biological weapons. They also help safeguard civilians and prisoners of war. What the Mandiant report shows is that the world may be losing the struggle to come up with rules for cyberspace behavior.
The scale of the Chinese cyberthreat is now so massive that it might lead to a rush to imitate rather than a campaign to prevent a cyber blow-for-blow. One of the unusual aspects of cyberweapons is that once they are used, they can be easily replicated for a return attack.
Coming up with such rules will not be easy. For starters, simply defining what is a cyberweapon or a cyberattack could be a problem. Even if that issue is settled, how can an attack’s originator be correctly identified? And given the speed of digital technology, the distinction between defensive and offensive capabilities can be easily blurred.
“You have to have an offensive mind-set to better focus on defense,” said retired Marine Corps Gen. James Cartwright recently in a discussion on cyberwarfare at the US Naval Institute.
Current rules of war under the Geneva Conventions and the International Committee of the Red Cross may cover some aspects of cyberwar, but not all. The United Nations and other global bodies need to make such rules clear.
Even within the United States, Congress and President Obama cannot agree on rules for national defense against cyberattacks. An attempt to pass a law last year that would have required companies to cooperate with the government in cybersecurity ran into concerns over civil liberties.
As a result, Mr. Obama issued an executive order last week offering incentives for companies to improve data sharing with the government. The aim is to protect vital infrastructure now run by private firms.
Like the current US policy on clandestine drone strikes against terrorists, Obama is moving toward a legal presumption of executive authority in being able to launch cyberattacks without approval by Congress or legal oversight by a court. If he does assume such powers, it raises a difficult constitutional issue that needs public debate.
Nations have a strong record of creating norms that restrain types of warfare. Before more reports of cyberattacks emerge, the world must see a common interest in rules to prevent cyberwar.
