US struggles to find cyber war defense
On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.The Chinese response to Google and Clinton reflects their own insecurities. Bill Gertz reports:
The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.
What some participants in the simulation knew — and others did not — was that a version of their nightmare had just played out in real life, not at the Pentagon where they were meeting, but in the far less formal war rooms at Google Inc. Computers at Google and more than 30 other companies had been penetrated, and Google’s software engineers quickly tracked, the source of the attack to seven servers in Taiwan, with footprints back to the Chinese mainland.
After that, the trail disappeared into a cloud of angry Chinese government denials, and then an ugly exchange of accusations between Washington and Beijing. That continued Monday, with Chinese assertions that critics were trying to “denigrate China” and that the United States was pursuing “hegemonic domination” in cyberspace.
These recent events demonstrate how quickly the nation’s escalating cyberbattles have outpaced the rush to find a deterrent, something equivalent to the cold-war-era strategy of threatening nuclear retaliation.
...You can see how frightened they are. It suggest the Chinese government's hold on its people is more fragile than thought. Or, it could be just disingenuous bluster to cover for their own responsibility in the hacking attacks. Neither alternative is flattering to the Chinese government. The NY Times story reveals just how ineffective the US "hacker Web force" is at this time.
The Chinese accused the Pentagon of boosting cyberwarfare efforts, and suggested Washington both covertly used electronic social networks to foment recent protests in Iran and was behind recent computer attacks on the Chinese Internet-search engine Baidu.
An unusually harsh commentary published in the People's Daily, official newspaper of the Central Committee of the Chinese Communist Party, stated that the Pentagon is increasing the U.S. military's cyberwarfare capabilities and has created the world's first "hacker Web force."
The report said U.S. information warfare efforts include using the promotion of democracy and free access to the Internet as an ideological battleground against nondemocratic states.
One thing is clear. We need to get much better at the forensics of finding those responsible for hacking.
Noah Schactman says DARPA is trying to develop away of tracking hackers "with a new effort to develop the 'cyber equivalent of fingerprints or DNA' that can identify even the best-cloaked hackers."