Management Matters Management MattersManagement Matters
Practical advice for federal leaders on managing people, processes and projects.

Cyber Wars

September seemed to mark a serious escalation in global cyber warfare. Media reports detailed what appeared to be Chinese attacks against Pentagon networks and government computer systems in Germany, France and the United Kingdom -- putting Defense Department officials on the offensive.

It began in early September when Financial Times reported attacks against Pentagon computer systems, and quoted unnamed Defense Department officials who pinned the blame on China's People's Liberation Army. In France, Germany, the U.K. and New Zealand, officials reported attacks and evidence of spyware traceable to China on government computer systems. In the U.K., Times Online reported that "China leads the list of countries hacking into government computers that contain Britain's military and foreign policy secrets."

At the same time, China has accused the United States and other Western powers of conducting a campaign of computer infiltration and subversion through the Internet, according to Vice Minister of Information Industry Lou Qinjian. In an article published by Reuters, Lou said Internet technology products exported to China by the United States and other countries contain "back doors" used for technological espionage.

Security experts say it's hard to determine exactly who is behind the recent global wave of cyberattacks, due to the diffuse nature of the Internet. While a set of attacks against one nation could seem to emanate from China, in reality those computers could be part of a botnet army controlled by a third country that hijacked Chinese computers, according to Kent Anderson, managing director of Network Risk Management.

Alan Paller, director of the SANS Institute in Bethesda, Md., says it's wrong to call the latest round of attacks cyber war. Paller prefers the term "cyber espionage" or probes to determine the nature of network systems, rather than an all-out attack to take them down.

Government policies "keep attacks so secret that top government executives do not know how bad the problem really is," Paller says. After recent media reports, Pentagon officials acknowledged that they took e-mail systems in the Office of the Secretary of Defense offline last spring after hackers got into the network.

In an internal paper, Defense refuses to identify China as the source of attacks, but acknowledges, "We have seen attempts by a variety of state- and nonstate-sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD information systems."

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, says he does not know whether cyberattacks in September were mounted by amateur hackers or nations, but either way, they should serve as a warning. "If you practice poor computer security, you will pay a price for it," he says.

The Defense Department has redundant systems in place to defend its network against cyberattacks, but in the past year it has started to push development of offensive information warfare capabilities. If "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests," Marine Gen. James Cartwright, commander of the Strategic Command, told the House Armed Services Committee in March.

In June, Lt. Gen. Robert Elder, head of the Air Force's cyber command, told the Defense Technology Forum in Washington that he intends to "redefine air power" and extend the service's "global reach and power into cyberspace." That includes both defensive and offensive operations, Elder added.

A report released in April by the Defense Science Board stated: "Adversaries need to be assured that their attacks against U.S. information systems will be detected, that U.S. functionality will be restored . . . and an adversary needs to know that the U.S. possesses powerful hard- and soft-kill [cyber warfare] means for attacking adversary information and command and support systems at all levels."

The Army and Air Force started pushing to acquire technology to go on the offense in cyberspace this year. In May, Army officials released a solicitation for a wide range of offensive information tools, saying, "technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use."

In a similar solicitation in April, the Air Force's 950th Electronic Systems Group said it wanted industry help to define technologies to "disrupt, deny, degrade or deceive an adversary's information system." The service also seeks tools that will help it map and access data and voice networks, conduct denial-of-service attacks and manipulate data on enemy networks.

Instead of going on the offensive, nations should instead develop a code of "best behavior" for the Internet, says Philip Coyle, senior adviser with the Center for Defense Information who served as assistant secretary of Defense and director of its operational test and evaluation office from 1994 to 2001.

The Internet is a global cyber commons, and launching attacks inside such a common infrastructure "is as irresponsible as shouting fire in a crowded theater," Coyle says. He believes national leaders such as President Bush and Premier Wen Jiabao should take an arms control approach to ratchet down cyber warfare. "It wouldn't be any easier to negotiate such arms control than it has been where nuclear weapons are concerned," Coyle says. "But it may become necessary just the same."


Bob Brewin joined Government Executive in April 2007, bringing with him more than 20 years of experience as a journalist focusing on defense issues and technology. Bob covers the world of defense and information technology for Nextgov, and is the author of the “What’s Brewin” blog.

Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.