China, Russia, Iran and Cyber Warfare. Where Does America Go From Here?

Where do we really go from here? 

 

It is a question that many individuals, particularly those actively involved in military intelligence and national security, are asking in the face of the New York Times investigation into into the cyber espionage attacks it recently faced that led the uber cyber-security team Mandiant, to discover that a highly sophisticated cyber warfare scheme targeting the United States and its citizens orchestrated by the China's military has been long underway.

 

Obviously the possibilities of cyber warfare are endless. Understanding what is ahead of us is critical.

 

 

I am pleased to share this important article written by Matt Schiavenza and published in the Atlantic:

 

 

The New York Times' revelation that Unit 61398 of China's People's Liberation Army (PLA) systematically hacked into U.S. computer networks has emerged as the latest salvo in the increasingly contentious Sino-American rivalry. While the story presented fresh evidence of Chinese hacking -- in stunning detail -- the aftermath presents more questions than answers.

Who, exactly, authorized the attacks carried out by Unit 61398?

On the surface, this question seems fatuous and unnecessary -- the Chinese political system, like the American one, places the military under civilian leadership. However, the PLA has consistently operated with great autonomy, and there are occasionally rumors that China's political leaders don't always know what the military is doing. James Lewis, a senior fellow at the Center for Strategic and International Studies and an expert on Chinese cyber-security, put it this way: "The first time some parts of the Chinese government probably encountered this story was through reading The New York Times." Could Unit 61398 have been reporting to military, rather than political, superiors?

There is reason to be skeptical of such a scenario. The Chinese government has explicitly sought increased capability as a cyberspace power, and the hacking is consistent with this larger strategic goal. So while it is unlikely that President Xi Jinping himself authorized specific targets, it would be a major stretch to suggest that the PLA is disobeying the wishes of the civilian government by conducting these attacks.

 

Is China the only country that conducts cyber attacks? Why does it do it?

According to Lewis, there are five countries which stand out as having significant cyber-espionage capability: China, Russia, France, Israel, and the U.S. Capability, of course, does not mean intent, and it would be a mistake to judge all cyber attacks as equivalent. The United States, after all, famously conducted a series of attacks aimed at disrupting the Iranian nuclear program, an operation described in great and vivid detail by the New York Times' David Sanger. To say that China is the only country to launch cyber attacks against another is plainly inaccurate.

 

However, Adam Segal, the Maurice B. Greenberg Senior Fellow for China Studies for the Council on Foreign Relations, believes that the scale and scope of cyber conflict is greatest in China. "There's a sense of competitive metabolism there," he said, "and China has resources that the other countries lack." In terms of Beijing's relationship with the United States, cyber is an area in which China -- whose conventional military strength remains far inferior to that of the U.S. -- can gain an asymmetrical advantage over its strategic rival. Though the country continues to invest in its armed forces, China remains hemmed in by American military power in the Pacific and a string of U.S.-allied countries on its periphery, giving Beijing a strong incentive to seek any advantage it can get.

China also has motives that go beyond simple national security considerations. Since Deng Xiaoping initiated widespread reforms in 1978, Beijing has aggressively sought to acquire foreign technology and know-how as a means of developing the economy. Government efforts to foster "indigenous innovation" have yet to bear much fruit, so as a result, Lewis says, Beijing has adopted a "stopgap solution to use Western technology to get closer to their goals." The PLA's breach of commercial targets may have less to do with weakening American institutions than with strengthening Chinese ones.

 

How is the United States going to respond?

Just eight days ago, the Obama administration issued an Executive Order creating a voluntary program for organizations to adopt stringent cyber-security programs, evidence that the White House is hardly unaware of the threat from foreign hackers. Thus far, however, the U.S. has reacted to these threats defensively, urging companies and individuals to heighten their vigilance of possible "spearphishing" attacks, defined as those which involve embedding malicious links inside innocuous-seeming e-mails.

 

With news of cyber attacks increasing in frequency, there's a growing sense that the U.S. will have to respond to these provocations more forcefully. James Lewis predicts that the issue "will come to a head" this year, and that Washington will present a response that might, for example, restrict visa access for certain segments of the Chinese population. Trade sanctions, due to both W.T.O rules as well as the symbiotic nature of the Sino-American economic relationship, seem less likely but also within the realm of possibility. All said, though, short of willfully escalating tensions with China there isn't a whole lot Washington can do.

 

What do we learn from this story?

In the midst of what may develop into a diplomatic crisis between China and the United States, it's easy to forget that the whole story began with a simple act of journalism. Last fall, the Times published an article revealing the tremendous hidden wealth of former Premier Wen Jiabao, a self-styled "man of the people" who liked referring to himself in public as "grandpa Wen". The retaliatory Chinese hacks -- detailed here -- and subsequent Times investigation led directly to the uncovering of PLA Unit 61398.

 

China has long had an uneasy relationship with the Western media, often dismissing critical reports in newspapers such as The New York Times as little more than thinly veiled government attempts to discredit the country. Yet China's decision to retaliate against the foreign press has now produced unintended consequences. Had Beijing ignored last fall's Wen Jiabao story, the chain of events leading to Unit 61398 would likely never have materialized. One underlying lesson from this story is that a major news organization -- unusually concerned about its security -- is capable of potentially earth-shattering discoveries.

No matter your view, one thing is for sure: cyber espionage and the threat of cyber warfare are issues we must deal carefully prepare for.

Peter Thomas Senese

Peter Thomas Senese: The Face Of Cyber Warfare - China's Military Attacks On U.S. Businesses Serious Concern

The U.S. believes that cyber warfare could begin to threaten the underpinnings of its relationship with China, New York Times journalist David Sanger told CNN’s Christiane Amanpour on Tuesday.

Sanger and two colleagues reported in the New York Times on Tuesday that a secretive unit of the People’s Liberation Army, the Chinese military, is responsible for most of the many Chinese cyber attacks on U.S. corporations and infrastructure.

As has been previously shared, the unit is called the 'Blue Army' and is supposedly made up of over 100,000 computer hackers - and may be as high as over 250,000 cyber warfare experts. 

The problems cyber warfare present are more than serious. At hand is the ability of rogue countries to possibly take control of another nation's weapons, cripple its electronic grid and infrastructure,and cause unthinkable fear and economic chaos. 

The New York Times Sanger said, “This is, diplomatically, I think one of the most complicated problems out there.  The fact that your adversary would know that you could get into their systems and turn them on or off at any time – whether it was cell phones or air traffic control or whatever – might well affect your future behavior. So it doesn’t mean that they’re going to do it, or there’s out-and-out war, but it does mean that they have a capability to do this by remote control.” Last month The New York Times reported the newspaper was the victim of Chinese hackers due to retribution for publishing a negative report on the finances of Prime Minister Wen Jiabao.

In reaction to the attack, the New York Times hired a leading cyber security technology firm, Mandiant, to investigate the attack.  Mandiant's investigation  followed the attack on The New York Times to a building solely occupied by the Chinese Military in Shanghai - where it is believed that a portion of the military's Blue Army is housed in the 12 story building. .

“It’s got thousands of people working in it,” Sanger said. His colleague, David Barboza visited the site, but was not allowed inside.

Of course the Chinese government hotly denies all the allegations in the Mandiant report, citing the investigation as“baseless,” “irresponsible and unprofessional.” Of course, in the same breath, China then accused the United States of conducting cyber warfare and electronic espionage.

Chad Sweet, the former Chief of Staff of the Homeland Security and a former CIA offiica who is the Managing partner of the high-profile global security firm the Chertoff Group, told CNN"s Amanpour. “We’re essentially facing a new Cold War – a cyber Cold War. “The destructive capacity is equal to that of a nuclear warhead… But what makes it more sinister than the nuclear age is that there’s no easily identifiable plume.”


With respect to the possibilities of a direct attach by China against the United States, Sweet said he did not think China would “pull the trigger” unless its “back was up against the wall” – for example if the U.S. threatened China’s claim over Taiwan.

Is there a build-up by all the world's formidable nations?  Yes.

In fact, as Sanger pointed out, “That is how the U.S. got into the Iranian nuclear program.” (though the operation has been heavily credited to Israel's activities and refers to the Stuxnet computer virus that was launched last year).

Because of the nature of these programs, it is impossible to verify the extent or intent of either the U.S. or China’s cyber warfare or capability.

Sanger said that during his reporting on the Stuxnet virus, he learned of a prescient Situation Room meeting early in the Obama administration. “President Obama said to some of his aides in the Situation Room several years ago,” Sanger recounted, “that he was worried that once the U.S. went down this road, other countries might use it as a pretense to launch their own attacks, presumably not with the discipline and the rules the U.S. has. Well I think that’s probably pretty much exactly what’s happened.”

The Following report was issued by the Christian Science Monitor. I think it is worth sharing:

A stunning report by a US digital-security company accuses China’s military of conducting more than 100 cyberattacks on American corporate and government computers. If accurate, the report by the firm Mandiant only adds to the urgency to develop international norms in cyberwar and cyberespionage.

Each new tool of aggression requires its own rules of war. Cyberwarfare should be no different. Without a code of ethics for conflict in the digital universe, nations could eventually bring down each other’s water supplies, electric grids, military defenses, and vital institutions. And key values, such as privacy and a right to intellectual property, could also be lost.

Global rules now restrict the use of nuclear, chemical, and biological weapons. They also help safeguard civilians and prisoners of war. What the Mandiant report shows is that the world may be losing the struggle to come up with rules for cyberspace behavior.

The scale of the Chinese cyberthreat is now so massive that it might lead to a rush to imitate rather than a campaign to prevent a cyber blow-for-blow. One of the unusual aspects of cyberweapons is that once they are used, they can be easily replicated for a return attack.

RELATED OPINION: Iran's view on global cyber rules

 

Coming up with such rules will not be easy. For starters, simply defining what is a cyberweapon or a cyberattack could be a problem. Even if that issue is settled, how can an attack’s originator be correctly identified? And given the speed of digital technology, the distinction between defensive and offensive capabilities can be easily blurred.

“You have to have an offensive mind-set to better focus on defense,” said retired Marine Corps Gen. James Cartwright recently in a discussion on cyberwarfare at the US Naval Institute.
Current rules of war under the Geneva Conventions and the International Committee of the Red Cross may cover some aspects of cyberwar, but not all. The United Nations and other global bodies need to make such rules clear.

Even within the United States, Congress and President Obama cannot agree on rules for national defense against cyberattacks. An attempt to pass a law last year that would have required companies to cooperate with the government in cybersecurity ran into concerns over civil liberties.
As a result, Mr. Obama issued an executive order last week offering incentives for companies to improve data sharing with the government. The aim is to protect vital infrastructure now run by private firms.

MONITOR'S VIEW: For Obama's second term, a call to arms control

Like the current US policy on clandestine drone strikes against terrorists, Obama is moving toward a legal presumption of executive authority in being able to launch cyberattacks without approval by Congress or legal oversight by a court. If he does assume such powers, it raises a difficult constitutional issue that needs public debate.

Nations have a strong record of creating norms that restrain types of warfare. Before more reports of cyberattacks emerge, the world must see a common interest in rules to prevent cyberwar.

China Cyber Warfare Against The United States Confirmed

A secretive Chinese military unit is believed to be behind a series of hacking attacks, according to U.S. computer security company Mandiant.  Of course the Chinese government strongly denied the accusation, and then attempted to turn around the accusation by stating that China was in fact the victim of U.S. hacking.

Now those of you who have read my novel 'The Den of the Assassin' have learned a few things about cyber-warfare, and how the real world military threat is not going to be between foot soldiers, but will be fought in cyber war, where countries can realistically attempt to use one nation's own military weapons against themselves by taking control of the weapons when they are deployed.  An unconfirmed example of this is when the Iran military is believed to have landed a U.S. Drone on Iran's soil.

But there is so much more at stake, and part of China's end-game is to remove the United States dollar as the world currency. 

How could they accomplish this?

By shaken the financial infrastructure of America's banking and commerce centers vial cyber warfare, that's how.

Imagine if the United States Federal Reserve gets hacked into, or several of our largest banks for that matter?

What if our national grid gets shut down?

If you think this is not possible, then you better think again.

The truth of the matter is that nations such as China, North Korea, Russia, Iran, and others have sizeable military personnel units (tens of thousands in the case of China's 'Blue Army') dedicated to cyber-warfare.

Now, the United States is far from sitting ideal; however, the reality is that if the Chinese government had their military cyberware units attack American companies on American soil, then sadly, we are very much at war.

                                          Is China Declaring War On The United States?
                                     

                                                      Special Mandiant Video Report


The following was issued by Rueters:

The company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.

 
"The nature of 'Unit 61398's' work is considered by China to be a state secret; however, we believe it engages in harmful 'Computer Network Operations'," Mandiant said in a report released in the United States on Monday.
 
"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.
 
China's Defense Ministry issued a flat denial of the accusations and called them "unprofessional". It said hacking attacks are a global problem and that China is one of world's biggest victims of cyber assaults.
 
"The Chinese army has never supported any hacking activity," the Defense Ministry said in a brief faxed statement to Reuters. "Statements about the Chinese army engaging in cyber attacks are unprofessional and not in line with facts."
 
Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report.
 
The unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006", it said.
 
Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.
 
The 12-storey building, which houses the unit, sits in an unassuming residential area and is surrounded by a wall adorned with military propaganda photos and slogans; outside the gate a sign warns members of the public they are in a restricted military area and should not take pictures.
There were no obvious signs of extra security on Tuesday.

The Chinese Foreign Ministry said the government firmly opposed hacking, adding that it doubted the evidence provided in the U.S. security group's report.

"Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable," spokesman Hong Lei told a daily news briefing.

"Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue."

Hong cited a Chinese study which pointed to the United States as being behind hacking in China.
"Of the above mentioned Internet hacking attacks, attacks originating from the United States rank first."

"ECONOMIC CYBER ESPIONAGE"

Some experts said they doubted Chinese government denials.

"The PLA plays a key role in China's multi-faceted security strategy, so it makes sense that its resources would be used to facilitate economic cyber espionage that helps the Chinese economy," said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, one of Mandiant's competitors.

Though privately held and little known to the general public, Mandiant is one of a handful of U.S. cyber-security companies that specialize in attempting to detect, prevent and trace the most advanced hacking attacks, instead of the garden-variety viruses and criminal intrusions that befoul corporate networks on a daily basis.

But Mandiant does not promote its analysis in public and only rarely issues topical papers about changes in techniques or behaviors.

It has never before given the apparent proper names of suspected hackers or directly tied them to a military branch of the Chinese government, giving the new report special resonance.

The company published details of the attack programs and dummy websites used to infiltrate U.S. companies, typically via deceptive emails.

U.S. officials have complained in the past to China about sanctioned trade-secret theft, but have had a limited public record to point to.

Mandiant said it knew the PLA would shift tactics and programs in response to its report but concluded that the disclosure was worth it because of the scale of the harm and the ability of China to issue denials in the past and duck accountability.

The company traced Unit 61398's presence on the Internet - including registration data for a question-and-answer session with a Chinese professor and numeric Internet addresses within a block assigned to the PLA unit - and concluded that it was a major contributor to operations against the U.S. companies.

Members of Congress and intelligence authorities in the United States have publicized the same general conclusions: that economic espionage is an official mission of the PLA and other elements of the Chinese government, and that hacking is a primary method.

In November 2011, the U.S. National Counterintelligence Executive publicly decried China in particular as the biggest known thief of U.S. trade secrets.

The Mandiant report comes a week after U.S. President Barack Obama issued a long-awaited executive order aimed at getting the private owners of power plants and other critical infrastructure to share data on attacks with officials and to begin to follow consensus best practices on security.
Both U.S. Democrats and Republicans have said more powerful legislation is needed, citing Chinese penetration not just of the largest companies but of operations essential to a functioning country, including those comprising the electric grid.

                                      China Accuses The United States of Cyber Warfare

The reality of cyber warfare is upon us.  There is real cause for concern.  Fortunately, the United States has not ignored these threats.