As attackers hack government computer networks across the globe, the Pentagon seeks the best defense.
September seemed to mark a serious escalation in global cyber warfare. Media reports detailed what appeared to be Chinese attacks against Pentagon networks and government computer systems in Germany, France and the United Kingdom-putting Defense Department officials on the offensive.
It began in early September when Financial Times reported attacks against Pentagon computer systems, and quoted unnamed Defense Department officials who pinned the blame on China's People's Liberation Army. In France, Germany, the U.K. and New Zealand, officials reported attacks and evidence of spyware traceable to China on government computer systems. In the U.K., Times Online reported that "China leads the list of countries hacking into government computers that contain Britain's military and foreign policy secrets."
At the same time, China has accused the United States and other Western powers of conducting a campaign of computer infiltration and subversion through the Internet, according to Vice Minister of Information Industry Lou Qinjian. In an article published by Reuters, Lou said Internet technology products exported to China by the United States and other countries contain "back doors" used for technological espionage.
Security experts say it's hard to determine exactly who is behind the recent global wave of cyberattacks, due to the diffuse nature of the Internet. While a set of attacks against one nation could seem to emanate from China, in reality those computers could be part of a botnet army controlled by a third country that hijacked Chinese computers, according to Kent Anderson, managing director of Network Risk Management.
Alan Paller, director of the SANS Institute in Bethesda, Md., says it's wrong to call the latest round of attacks cyber war. Paller prefers the term "cyber espionage" or probes to determine the nature of network systems, rather than an all-out attack to take them down.
Government policies "keep attacks so secret that top government executives do not know how bad the problem really is," Paller says. After recent media reports, Pentagon officials acknowledged that they took e-mail systems in the Office of the Secretary of Defense offline last spring after hackers got into the network. In an internal paper, Defense refuses to identify China as the source of attacks, but acknowledges, "We have seen attempts by a variety of state- and nonstate-sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD information systems."
Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, says he does not know whether cyberattacks in September were mounted by amateur hackers or nations, but either way, they should serve as a warning. "If you practice poor computer security, you will pay a price for it," he says.
The Defense Department has redundant systems in place to defend its network against cyberattacks, but in the past year it has started to push development of offensive information warfare capabilities. If "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests," Marine Gen. James Cartwright, commander of the Strategic Command, told the House Armed Services Committee in March.
In June, Lt. Gen. Robert Elder, head of the Air Force's cyber command, told the Defense Technology Forum in Washington that he intends to "redefine air power" and extend the service's "global reach and power into cyberspace." That includes both defensive and offensive operations, Elder added.
A report released in April by the Defense Science Board stated:
"Adversaries need to be assured that their attacks against U.S. information systems will be detected, that U.S. functionality will be restored . . . and an adversary needs to know that the U.S. possesses powerful hard- and soft-kill [cyber warfare] means for attacking adversary information and command and support systems at all levels."
The Army and Air Force started pushing to acquire technology to go on the offense in cyberspace this year. In May, Army officials released a solicitation for a wide range of offensive information tools, saying, "technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use."
In a similar solicitation in April, the Air Force's 950th Electronic Systems Group said it wanted industry help to define technologies to "disrupt, deny, degrade or deceive an adversary's information system." The service also seeks tools that will help it map and access data and voice networks, conduct denial-of-service attacks and manipulate data on enemy networks.
Instead of going on the offensive, nations should instead develop a code of "best behavior" for the Internet, says Philip Coyle, senior adviser with the Center for Defense Information who served as assistant secretary of Defense and director of its operational test and evaluation office from 1994 to 2001.
The Internet is a global cyber commons, and launching attacks inside such a common infrastructure "is as irresponsible as shouting fire in a crowded theater," Coyle says. He believes national leaders such as President Bush and Premier Wen Jiabao should take an arms control approach to ratchet down cyber warfare. "It wouldn't be any easier to negotiate such arms control than it has been where nuclear weapons are concerned," Coyle says. "But it may become necessary just the same."