There it is, buried deep in a seemingly routine annual report the Pentagon has just released: The Chinese government has been carrying out cyber-raids on the U.S. government.
They aren’t actual cyber-attacks – attempts to destroy, disable or take over enemy information systems. They sound like sophisticated attempts to scrape this nation’s security secrets. According to the Defense Department’s May 6 update on Chinese military capacity:
“China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic and defense industrial base sectors that support U.S. national defense programs.”
The purpose, the Pentagon believes, is to get “a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis.” What’s more, the techniques used in these penetrations “are similar to those necessary to conduct computer network attacks.”
For reasons of his own, President Barack Obama kept this finding at arm’s length by trickling it out through a Pentagon brief. Still, his administration has crossed a threshold, officially accusing its third-largest trade partner of operating as an enemy in cyberspace.
The important takeaway may be as much about cyberwarfare in general than about China in particular.
Malware attacks on networks are increasingly common and increasingly the work of governments — such as North Korea and Iran — as opposed to criminal syndicates.
Perhaps the most successful strikes to date have been carried out by the United States, and apparently Israel, against Iran.
Four years ago, American intelligence succeeded in slipping a powerful virus into Iran’s ultra-secure uranium-enrichment plant. Stuxnet, as it is called, wrought havoc with the delicate centrifuges that have been turning reactor fuel into potential nuclear explosives; 1,000 of them were reportedly shut down
More recently, Iranians discovered that a virus with Israeli fingerprints, Flame, had been extracting information from computers at the highest levels of the Iranian government.
But as the Chinese threat demonstrates, the United States is a fat target itself.
Like terrorism, computer attacks lend themselves to asymmetrical warfare — a tactic used by the weak against the strong. Malware would do the most damage to nations with the most data-dependent systems: financial institutions, high-tech industry, telecommunications, advanced military hardware, etc. The United States ranks No. 1 on that list.
Two months ago, Gen. Keith Alexander, who runs the U.S. Cyber Command, announced the creation of permanent units ready to carry out strategic attacks on countries that attack American networks. Imagine teams of American supergeeks facing off against teams of foreign supergeeks, all poised to crash each others’ economies. It’s not a reassuring picture.