Cybersecurity

Tuesday, September 11, 2007

From The Economist

Alarm grows over China's apparent capacity to wreak havoc in cyberspace

THE West's military and government computers are attacked every millisecond. America's State Department, for one, says its networks are probed about 2m times a day. The culprits may be computer geeks, vandals or bored teenagers. Of late, though, some of the most bold, even brazen, attacks are being blamed on the Chinese authorities.

Last May Chinese spy software was discovered in computers in the office of the German chancellor, Angela Merkel, and other ministries. According to one report the so-called Trojan Horse programme (attached to a seemingly innocuous electronic file) was siphoning off 160 gigabytes of information when it was stopped. German officials suspect that China's People's Liberation Army (PLA) was responsible.

This week it emerged that a similar Trojan Horse penetrated computers in the office of America's defence secretary, Robert Gates, in June. The Pentagon says only an "unclassified" e-mail system was breached, and has not identified the suspects. Pentagon officials, though, are convinced the PLA was behind the attack.

In response to German criticism, the Chinese authorities last month promised, unusually, to fight the common scourge of hackers. This week, however, China's foreign ministry denied any involvement in the cyberattack on the Pentagon. Any claim to the contrary, it said, was the product of "a cold war mentality".

America's military planners worry that China is using cyberspace not just for espionage but to prepare a future hot war, say over Taiwan. A recent Pentagon report said Chinese military exercises include launching a "first strike" attack on enemy computers, presumably to cripple America's highly networked military operations or, worse, disrupt civilian life there.

Achieving "electromagnetic dominance" early in a conflict, says the report, is seen by the PLA as an important means by which the weaker Chinese forces could defeat the stronger American ones. Other "asymmetric" means would include trying to cripple America's military and communications satellites, as demonstrated last January with a missile test that blasted an old Chinese weather satellite.

General James Cartwright, recently promoted from head of Strategic Command to vice-chairman of the joint chiefs of staff, said in June that China was carrying out widespread "reconnaissance" of America's networks. This allowed China to steal advanced know-how, so as to skip generations in military and civil technology. A cyberspy can potentially steal much more information than a human one. Others argue that China wants to send a signal to America that a future war would be costly, and would not be limited to the Straits of Taiwan.

The Pentagon is probably better able to protect itself against cyberattacks than most. But in an increasingly internet-connected world, civilian life has become more vulnerable. Earlier this year suspected Russian hackers attacked the websites of ministries, banks and other bodies in Estonia, the tiny but highly-wired Baltic state that had offended the Kremlin by removing a Soviet war monument from the centre of the capital, Tallinn, to a military cemetery. The "denial of service" attack was crude, but disruptive.

Past American exercises to test the computer defences of critical services (such as electricity grids) have found that, without detailed inside information, an external cyberattack would be more disruptive than catastrophic. That assessment may be changing. The psychological effect of a cyberattack on America, in General Cartwright's view, could be as severe as the use of weapons of mass destruction.