Beware of Cyber China: How should we define an “act of war” in the virtual world of the internet?
March 23, 2012
Cyberspace is awash in vulnerabilities. Actors in the cyber domain are wise to protect against crime, espionage, and hacktivist intrusions. But while those vulnerabilities are all too real, they are not driving the policy debate today in Washington. Instead, what seems to have seized the imagination of so many is the prospect of a true cyberwar.
But we’ve never had a real cyberwar (though the Russian attack on Georgia comes close), so there is no solid data on the threats that exist. We can only assess the potential for cyberwar by measuring the capabilities or our possible adversaries, and then only by educated guess work. We have no clear sense of true intent. As a result we lack a solid quantifiable risk assessment of the cyber threat to national security and this leaves policy makers only with speculation as to the extent of our risk from a cyber attack by a willful cyber opponent.
The uncertainty does not, however, prevent us from thinking about the problem. We struggle today with two inter-related questions: Who are we likely to fight? And how are we going to fight them?
American military strategists see China as the most likely peer opponent in cyberspace. As the Department of Defense’s (DoD) 2010 report to Congress, Military and Security Developments Involving the People’s Republic of China, concluded:
numerous computer systems around the world, including those owned by the U.S. government, continued to be the target of intrusions that appear to have originated within the [People’s Republic of China]. These intrusions focused on exfiltratring information, some of which could be of strategic or of military utility. The accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks. It remains unclear if these intrusions were conducted by, or with the endorsement of, the [People’s Liberation Army] or other elements of the [People’s Republic of China] government. However, developing capabilities for cyberwarfare is consistent with authoritative [People’s Liberation Army] military writings.
Likewise, China sees the United States as its principal cyber-competitor. A recent report in the Chinese-language, Liberation Army Daily (an unofficial but well-vetted source) put it this way:
The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak. . . . Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army. . . . Although our country has developed into an Internet great power, our Internet security defenses are still very weak. So we must accelerate development of Internet battle technology and armament.
China has demonstrated significant cyber capabilities in recent years. One of the most notable events was Operation Aurora. In early 2010, Google announced that it had been the subject of a “highly sophisticated and targeted attack” that had originated in China, resulting in the “theft of intellectual property” from Google. The attacks seemed to be targeted at Chinese human rights activists. And Google was not alone—at least twenty other major companies spanning sectors including internet, finance, and the chemical industry were also targeted. At its core, the attack apparently attempted to corrupt some of Google’s source code.
China, naturally, denied responsibility for the attacks and even claimed that evidence of their complicity had been falsified. But, according to one classified State Department cable (released by WikiLeaks) the operation was authorized by the Politburo Standing Committee, the rough equivalent in authority of the U.S. National Security Council. And later analysis by Google (assisted by NSA) traced the source of Internet Protocol addresses and servers used to facilitate the exploitation to a single foreign entity consisting either of “agents of the Chinese state or proxies thereof.”
American military strategists see China as the most likely peer opponent in cyberspace.
Another display of Chinese capabilities occurred in April 2010, when the internet was hijacked. Traffic on the internet is, typically, routed through the most efficient route. Servers calculate that route based upon a “call-and-response” interaction with other servers—in effect, downstream servers advertise their own carrying capacity and current load, soliciting traffic.
On April 8, 2010, China Telecom began broadcasting erroneous network traffic routes. As a result, American and other foreign servers were instructed to send internet traffic through Chinese servers. In the end, according to the United States China Economic and Security Review Commission, roughly 15 percent of the world’s traffic was routed to China. This included official US government traffic, as well as the traffic from any number of commercial websites.
Even more chillingly, some reports have suggested that our electronic grid and telecommunications systems have already been infiltrated by logic bombs (malicious code inserted in a system that will be set off only upon instruction or when certain conditions are met). In 2009, the Wall Street Journal reported that software had been placed into our system, so that it could be “detonated” at a later date, presumably in a time of war. Doing so could cripple our economy and military capabilities at a time of crisis. Richard Clarke, the former cybersecurity czar, likens these cyber logic bombs to mines, and blames China for their placement.
And, recently, the security firm RSA (which manufactures the security tokens that many companies use to control access to secure systems) was penetrated by an intrusion that compromised the company’s SecureID system. Just a few weeks later, Lockheed Martin was attacked by someone using the stolen RSA data. The focus on a defense contractor, rather than on a bank, seems a clear indication that the RSA hack was done by a sovereign peer competitor, not by cyber criminals who would have used the data to break into bank accounts instead. Again, China denied any responsibility for the attack but, as Clarke said, “this attack [has] all the hallmarks of Chinese government operations.”
In the end, just as the United States has begun to prepare for a cyber war (through the organization of US Cyber Command) China, too, is preparing for one. Last May, China announced the formation of a cyber “Blue Army,” with two stated purposes: defending the nation against cyber attacks and leading cyber offensives in case of war. That’s the same mission that US Cyber Command has. Though a full cyberwar has yet to be fought, both sides are preparing for the worst.
What Is A Cyber War?
We know what war looks like in the real world—generals marshal armies and launch attacks, things get blown up, and people die. But what would be an “act of war” in cyberspace? Consider the following hypotheticals (all of which are reasonably realistic). An adversary…