Red storm rising

DOD's efforts to stave off nation-state cyberattacks begin with China

A growing band of civilian units inside China is writing malicous code and training to launch cyberstrikes into enemy systems.And for many of these units, the first enemy is the U.S. Defense Department.Pentagon officials say there are more than three million daily scans of the Global Information Grid, the Defense Department's main network artery, and that the United States and China are the top two originating countries.'China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD's Non-Classified IP Router Network),' said Maj. Gen. William Lord, director of information, services and integration in the Air Force's Office of Warfighting Integration and Chief Information Officer, during the recent Air Force IT Conference in Montgomery, Ala.'They're looking for your identity so they can get into the network as you,' said Lord, adding that Chinese hackers had yet to penetrate DOD's secret, classified network. 'There is a nation-state threat by the Chinese.'People's Liberation Army writings in recent years have called for the use of all means necessary, including'or particularly'information warfare, to support or advance their nation's interests.To China's PLA, attacks against DOD systems would be the first salvo in a long-term strategy to cripple the U.S. military's ability to communicate and deliver precision weapons.A big part of the strategy is the PLA's civilian units'IT engineers drawn from universities, institutes and corporations. The PLA views these militias as its trump card and a way of asserting virtual dominance to paralyze the United States and other potential adversaries.The U.S. military is familiar with China's approach. In fact, its own strategy in cyberspace is similar to the PLA's'the countries' doctrines and strategies almost mirror one another.It is unclear how aggressive a posture the United States is taking when it comes to defending against cyberattacks. But DOD certainly is paying attention to China's offensive aggression, and even considering offensive actions of its own, Lord said. 'But the rules of engagement have to change before we're fully engaged in cyberspace.'The Pentagon has made net-centricity the core of its transformation into a modern military force, and it seeks ways to create a vast web of information accessible at every level of the warfighting operation, from ground troops to pilots, command staffs to logistics operations.China, recognizing America's dominance in C4'command, control, communications and computers'wants to disrupt or even remove that advantage, experts have said.If the armies of bygone days traveled on their stomachs, future armies will travel on invisible threads of data.But the concern should not be limited to DOD. All federal agencies have to be aware of the Chinese view of information warfare.Chinese military writings make it clear that in cyberspace there are no boundaries between military and civilian targets. If crashing a country's financial system through computer attack will paralyze the foe, that's all part of the new face of war.If DOD'the most security-conscious of all federal agencies'can be attacked, can have information stolen, then other agencies must seem like low-hanging fruit by comparison.China is not the only country targeting DOD systems. John Thompson, chairman and chief executive officer of Symantec Corp. of Cupertino, Calif., told the audience at the Air Force conference: 'There are at least 20 nations that have their own cyberattack programs.' He said there is no way to know how many terrorist organizations have launched similar efforts.But China'the largest country by population at 1.3 billion, third in area, and among the fastest-growing economically'gets the most attention, in part because it is the single largest source of cheap goods sold in the United States, including technology.While Defense and Homeland Security department officials are reluctant to make pointed accusations, events in cyberspace show how the two countries are jockeying for position in preparation for 'virtual' conflict.From at least 2003 to 2005, a series of coordinated cyberattacks hit U.S. military, government and contractor Web sites with abandon. The systematic intrusions, collectively dubbed Titan Rain, attacked hundreds of government computers.Time magazine reported last year that the incursions originated on a local network that connected to three routers in Guangdong Province, though U.S. officials still offer only generic comments about this and other published reports about Titan Rain.'What I can say about this is [that] we have seen some attempts at access to our network. We've seen some of that from China,' said Air Force Lt. Gen. Robert Kehler, deputy commander of the U.S. Strategic Command.[IMGCAP(2)]'We are seeing attacks that traversed through China. I can't say with any real assurance that that's where they start,' added Navy Rear Adm. Elizabeth Hight, deputy director of DOD's Joint Task Force for Global Network Operations.A military attache at the Chinese Embassy in Washington insisted that, to his knowledge, Beijing 'does not want' to use hackers to attack the United States.'The official answer is, I have no idea about this,' said Sr. Col. Wang in a brief telephone interview.The fallout from this cybercampaign continues among other agencies.In June, the Energy Department revealed that names and other personal information on more than 1,500 employees of the National Nuclear Security Administration had been stolen in a network incursion that took place more than two years ago. NNSA didn't discover the breach for more than a year after it happened.Officials would not confirm for the record that the data breach was part of Titan Rain, but Alan Paller, research director for the SANS Institute of Bethesda, Md., called it 'an example of the kind of attack and extraction that [has been] going on for the last 2 1⁄2 years.'