Measuring China's Cyberwar Threat

An anonymous reader writes with this excerpt from Network World: "A lengthy report prepared for the U.S. government about China's high-tech buildup to prepare for cyberwar includes speculation about how a potential conflict with the U.S. would unfold — and how it might only take a few freelance Chinese civilian hackers working on behalf of China's People's Liberation Army to sow deadly disruptions in the U.S. military logistics supply chain. As told, if there's a conflict between the U.S. and China related to Taiwan, "Chinese offensive network operations targeting the U.S. logistics chain need not focus exclusively on U.S. assets, infrastructure or territory to create circumstances that could impede U.S. combat effectiveness," write the report's authors, Bryan Krekel, Patton Adams and George Bakos, all of whom are information security analysts with Northrop Grumman. The report, "Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage," focuses primarily on facts about China's cyberwar planning but also speculates on what might happen in any cyberwar."

For those of us who've lived thorugh it.

[Anonymous Coward]

Because the Chinese government has sponsored research on "attack-induced cascading power failures" related to the U.S. power grid, ...

For those of who have lived through power shut downs for days and weeks on end because of snow and hurricanes, BFD. Ooooo, I won't be able to surf the internet or watch TV or pop my microwave popcorn. Oh noes!

And for the folks that really need the power, like hospitals, they have on site generation equipment that will last as long as they can get the diesel or the natural gas flows. AND some are even putting solar on their roofs - made in China, btw.

Re:Military using the public Internet?!?

[daveschroeder]

There are many different tasks and functions for which the military and government agencies use the public/commodity internet. There are also various levels of private [wikipedia.org] networks [wikipedia.org] for more sensitive requirements.

None of that, however stops the NSA from operating under the assumption that its networks are compromised [democracyarsenal.org].

Brookings just put out a great paper on a related topic, Cybersecurity and U.S.-China Relations [brookings.edu] (PDF). It's worth a read.

Just read TFA

[vikingpower]

"may" employed about 100 times ( order of magnitude, I lost count ). "would" exactly 59 times, in 109 pages of text ( not counting the appendix and refs/bibliography part).

Re:Oh, please ...

[fuzzyfuzzyfungus]

This is somewhat orthogonal to your overall point; but the US actually does a substantial percentage of pulp and paper production domestically. We've got plenty of land suitable for growing paper-grade timber, plenty of riverfront space for siting mills, and the economics of shipping low end lumber and mundane paper products long distances aren't all that thrilling compared to the relatively modest premium you pay for domestic employees.

Re:How much damage can be done sustainably?

[Sarten-X]

Oh, how true that is.

I've described my current employer's systems as a very large "what's wrong with this picture?" puzzle. This past week I found out that our remote offices aren't even logging on to our domain controller (located in the main office), because DNS requests weren't routed properly. Rather, the users there logged into their workstations with local accounts, then used RDP to access a workstation in the main office where they did all the actual work. For speed, they'd occasionally email themselves a file to be modified in a local copy of Office.

Effectively, this means that our confidential corporate data was being stored on machines with no password protection, despite the corporate password policy.

Never assume that being a big company implies any kind of decent security or sane practices. The disconnect between the ones who know and the ones who manage is just too great.