Cyber Wars

As attackers hack government computer networks across the globe, the Pentagon seeks the best defense.

September seemed to mark a serious escalation in global cyber warfare. Media reports detailed what appeared to be Chinese attacks against Pentagon networks and government computer systems in Germany, France and the United Kingdom-putting Defense Department officials on the offensive.

It began in early September when Financial Times reported attacks against Pentagon computer systems, and quoted unnamed Defense Department officials who pinned the blame on China's People's Liberation Army. In France, Germany, the U.K. and New Zealand, officials reported attacks and evidence of spyware traceable to China on government computer systems. In the U.K., Times Online reported that "China leads the list of countries hacking into government computers that contain Britain's military and foreign policy secrets."

At the same time, China has accused the United States and other Western powers of conducting a campaign of computer infiltration and subversion through the Internet, according to Vice Minister of Information Industry Lou Qinjian. In an article published by Reuters, Lou said Internet technology products exported to China by the United States and other countries contain "back doors" used for technological espionage.

Security experts say it's hard to determine exactly who is behind the recent global wave of cyberattacks, due to the diffuse nature of the Internet. While a set of attacks against one nation could seem to emanate from China, in reality those computers could be part of a botnet army controlled by a third country that hijacked Chinese computers, according to Kent Anderson, managing director of Network Risk Management.

Alan Paller, director of the SANS Institute in Bethesda, Md., says it's wrong to call the latest round of attacks cyber war. Paller prefers the term "cyber espionage" or probes to determine the nature of network systems, rather than an all-out attack to take them down.

Government policies "keep attacks so secret that top government executives do not know how bad the problem really is," Paller says. After recent media reports, Pentagon officials acknowledged that they took e-mail systems in the Office of the Secretary of Defense offline last spring after hackers got into the network. In an internal paper, Defense refuses to identify China as the source of attacks, but acknowledges, "We have seen attempts by a variety of state- and nonstate-sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD information systems."

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, says he does not know whether cyberattacks in September were mounted by amateur hackers or nations, but either way, they should serve as a warning. "If you practice poor computer security, you will pay a price for it," he says.

The Defense Department has redundant systems in place to defend its network against cyberattacks, but in the past year it has started to push development of offensive information warfare capabilities. If "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests," Marine Gen. James Cartwright, commander of the Strategic Command, told the House Armed Services Committee in March.

In June, Lt. Gen. Robert Elder, head of the Air Force's cyber command, told the Defense Technology Forum in Washington that he intends to "redefine air power" and extend the service's "global reach and power into cyberspace." That includes both defensive and offensive operations, Elder added.

A report released in April by the Defense Science Board stated:

"Adversaries need to be assured that their attacks against U.S. information systems will be detected, that U.S. functionality will be restored . . . and an adversary needs to know that the U.S. possesses powerful hard- and soft-kill [cyber warfare] means for attacking adversary information and command and support systems at all levels."

The Army and Air Force started pushing to acquire technology to go on the offense in cyberspace this year. In May, Army officials released a solicitation for a wide range of offensive information tools, saying, "technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use."

In a similar solicitation in April, the Air Force's 950th Electronic Systems Group said it wanted industry help to define technologies to "disrupt, deny, degrade or deceive an adversary's information system." The service also seeks tools that will help it map and access data and voice networks, conduct denial-of-service attacks and manipulate data on enemy networks.

Instead of going on the offensive, nations should instead develop a code of "best behavior" for the Internet, says Philip Coyle, senior adviser with the Center for Defense Information who served as assistant secretary of Defense and director of its operational test and evaluation office from 1994 to 2001.

The Internet is a global cyber commons, and launching attacks inside such a common infrastructure "is as irresponsible as shouting fire in a crowded theater," Coyle says. He believes national leaders such as President Bush and Premier Wen Jiabao should take an arms control approach to ratchet down cyber warfare. "It wouldn't be any easier to negotiate such arms control than it has been where nuclear weapons are concerned," Coyle says. "But it may become necessary just the same."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    Download
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    Download

When you download a report, your information may be shared with the underwriters of that document.