Cyber Wars

As attackers hack government computer networks across the globe, the Pentagon seeks the best defense.

September seemed to mark a serious escalation in global cyber warfare. Media reports detailed what appeared to be Chinese attacks against Pentagon networks and government computer systems in Germany, France and the United Kingdom-putting Defense Department officials on the offensive.

It began in early September when Financial Times reported attacks against Pentagon computer systems, and quoted unnamed Defense Department officials who pinned the blame on China's People's Liberation Army. In France, Germany, the U.K. and New Zealand, officials reported attacks and evidence of spyware traceable to China on government computer systems. In the U.K., Times Online reported that "China leads the list of countries hacking into government computers that contain Britain's military and foreign policy secrets."

At the same time, China has accused the United States and other Western powers of conducting a campaign of computer infiltration and subversion through the Internet, according to Vice Minister of Information Industry Lou Qinjian. In an article published by Reuters, Lou said Internet technology products exported to China by the United States and other countries contain "back doors" used for technological espionage.

Security experts say it's hard to determine exactly who is behind the recent global wave of cyberattacks, due to the diffuse nature of the Internet. While a set of attacks against one nation could seem to emanate from China, in reality those computers could be part of a botnet army controlled by a third country that hijacked Chinese computers, according to Kent Anderson, managing director of Network Risk Management.

Alan Paller, director of the SANS Institute in Bethesda, Md., says it's wrong to call the latest round of attacks cyber war. Paller prefers the term "cyber espionage" or probes to determine the nature of network systems, rather than an all-out attack to take them down.

Government policies "keep attacks so secret that top government executives do not know how bad the problem really is," Paller says. After recent media reports, Pentagon officials acknowledged that they took e-mail systems in the Office of the Secretary of Defense offline last spring after hackers got into the network. In an internal paper, Defense refuses to identify China as the source of attacks, but acknowledges, "We have seen attempts by a variety of state- and nonstate-sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD information systems."

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, says he does not know whether cyberattacks in September were mounted by amateur hackers or nations, but either way, they should serve as a warning. "If you practice poor computer security, you will pay a price for it," he says.

The Defense Department has redundant systems in place to defend its network against cyberattacks, but in the past year it has started to push development of offensive information warfare capabilities. If "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests," Marine Gen. James Cartwright, commander of the Strategic Command, told the House Armed Services Committee in March.

In June, Lt. Gen. Robert Elder, head of the Air Force's cyber command, told the Defense Technology Forum in Washington that he intends to "redefine air power" and extend the service's "global reach and power into cyberspace." That includes both defensive and offensive operations, Elder added.

A report released in April by the Defense Science Board stated:

"Adversaries need to be assured that their attacks against U.S. information systems will be detected, that U.S. functionality will be restored . . . and an adversary needs to know that the U.S. possesses powerful hard- and soft-kill [cyber warfare] means for attacking adversary information and command and support systems at all levels."

The Army and Air Force started pushing to acquire technology to go on the offense in cyberspace this year. In May, Army officials released a solicitation for a wide range of offensive information tools, saying, "technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use."

In a similar solicitation in April, the Air Force's 950th Electronic Systems Group said it wanted industry help to define technologies to "disrupt, deny, degrade or deceive an adversary's information system." The service also seeks tools that will help it map and access data and voice networks, conduct denial-of-service attacks and manipulate data on enemy networks.

Instead of going on the offensive, nations should instead develop a code of "best behavior" for the Internet, says Philip Coyle, senior adviser with the Center for Defense Information who served as assistant secretary of Defense and director of its operational test and evaluation office from 1994 to 2001.

The Internet is a global cyber commons, and launching attacks inside such a common infrastructure "is as irresponsible as shouting fire in a crowded theater," Coyle says. He believes national leaders such as President Bush and Premier Wen Jiabao should take an arms control approach to ratchet down cyber warfare. "It wouldn't be any easier to negotiate such arms control than it has been where nuclear weapons are concerned," Coyle says. "But it may become necessary just the same."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

    Download
  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

    Download
  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

    Download
  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

    Download
  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

    Download
  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

    Download
  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

    Download
  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

    Download
  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

    Download
  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.

    Download

When you download a report, your information may be shared with the underwriters of that document.