Life as we know it is “severely threatened” by weapons such as “botnets,” “phishing,” “DOS attacks” and “scans” says the U.S. Director of National Intelligence Dennis Blair. Last month, Blair delivered his Annual Threat Assessment to Congress by drawing attention to threats of computer warfare. These weapons, says Blair, could shut down our critical infrastructure and we are woefully unprepared to defend ourselves against them.
Our European allies are even less prepared. Last week, urgent warnings were sounded throughout the European Union and NATO that governments and military institutions lacked effective defenses against this serious and growing threat.
The culprits using these weapons are tech-savvy terrorists, organized criminal groups, and nation states like China. They employ the aforementioned malicious cyber weapons to steal and destroy, and their level of activity has increased exponentially over the past year to an estimated 1.6 billion attacks every month against U.S. Government networks.
The U.S. is especially vulnerable to cyber attacks because virtually all American commerce, infrastructure and government activities are tethered to the Internet. The problem is getting worse not only because the incidents are increasing, but also because hackers keep pace with information technology advances.
Technology advances like network convergence — merging voice and data on a common network structure — and channel consolidation — the concentration of personnel data by service providers — increase information network performance but also increase the potential for exploitation by malicious entities. The culprits are smart and they are tapping into every aspect of our information infrastructure to include these vulnerable advances.
Cyber spies have also reportedly penetrated the U.S. electrical grid and left “zombie” software programs ready on command to disrupt our system. Last year, a senior intelligence official told the Wall Street Journal, “The Chinese have attempted to map our infrastructure, such as the electrical grid,” ostensibly for future attacks. Officials indicate water, sewage and other infrastructure systems are also at risk from malicious cyber manipulation.
Director Blair warns “We cannot be certain that our cyberspace infrastructure will remain available and reliable during a time of crisis.” That’s why realists warn we are living in a pre-9/11 era when it comes to security and resilience of the country’s information infrastructure.
China is one of our most dangerous cyber enemies. Last fall the U.S.-China Economic and Security Review Commission report to Congress found China appears increasingly to be piercing U.S. government and defense industry computer networks to gather data for its military. The report describes growing Chinese military ambitions in cyberspace to develop the capacity to destroy adversary networks.
The Chinese also use their cyber arsenal for business and political ends. They have become very good at cherry-picking information via cyber espionage to make their products more competitive and steal a competitor’s secrets.
In December, Google, the most popular Internet search engine, and at least 20 other companies were victimized by “highly sophisticated and targeted attacks” originating in China. The attacks tried to gain access to the e-mail accounts of anti-Beijing human rights activists.
China’s threat is driven by its rapid economic growth which thirsts for better information, its rapid military modernization, and hundreds of millions of Internet users, mostly young, who in many cases are carefully directed by government efforts.
Doubters about China’s aggressive cyber activities should visit the website http://www.securitywizardry.com/radar.htm. Click on the outline of China on the world map, scroll down to "Top Threat Sources,” and review the statistics for China in each malicious cyber activity category. Four of these activities can become a weapon.
The number of daily denial of service (DOS) attacks originating from China routinely exceeds all other attacks combined, e.g., there were 579 originating from China on March 10 posted on the above website. A DOS attack makes the target network inaccessible.
“Botnets” are basically captured computers that attackers use to remotely control for their malicious purposes. China has captured an untold number of computers in the U.S. and elsewhere and uses them on command to conduct malicious actions.
“Scanning” is a process used to search for computers running a particular service. Scans are often the prelude to an attack, and services scanned by attackers often indicate known vulnerabilities for those services.
“Phishing” is a technique used to mimic legitimate websites, often financial institutions, to steal logins, passwords and personal information.
Consider five approaches to defend against these cyber weapons.
First, create closed networks such as the Secret Internet Protocol Router Network (SIPRNet). SIPRNet is the Pentagon’s system to transmit classified information in a completely secure environment. The drawbacks to a closed network are the expense and no access to non-networked sources. Use of a closed network offers an obvious advantage for critical infrastructure like our electrical grid.
Second, stay ahead of the threats by constantly improving technologies. That has proven to be very difficult and expensive, however. Director Blair acknowledges cyber attackers have “…displayed remarkable technical innovation with an agility presently exceeding the response capability of network defenders.” This is our current approach which is not going well.
Third, grow government and private sector cyber-defense partnerships. Blair concedes, “Neither the U.S. Government nor the private sector can fully control or protect the country’s information infrastructure.” The China-Google incident prompted the National Security Agency (NSA) to partner with Google. Google benefits from NSA’s capacity to process information and the government gains access to information on domestic and foreign actors alike. But private-government partnering should alarm civil libertarians because of the possibility for abuse.
Fourth, launch an international effort to standardize network security in cyberspace like air traffic agreements do the airways. Free trade and Internet access serve our universal interest but nations like China, which rely on cyberspace to repress political dissent and steal technical information, may never cooperate.
Finally, we must consider a get-tough approach. We can identify with good precision the source of many attacks vis-à-vis technologies like the website indicated earlier. The U.S. Government or the military’s new cyber command should police cyberspace for malicious activities directed at American networks – both government and private – and then launch cyber counterattacks either as a warning or to cripple malicious networks.
The current wave of cyber attacks are robbing our technology, gaining personal information for financial exploitation, and could threaten a 9/11-like infrastructure catastrophe. We must treat these attacks like a wave of enemy soldiers assaulting Manhattan or Los Angeles and aggressively do what’s necessary to protect our way of life.