Measuring China's Cyberwar Threat 79
An anonymous reader writes with this excerpt from Network World: "A lengthy report prepared for the U.S. government about China's high-tech buildup to prepare for cyberwar includes speculation about how a potential conflict with the U.S. would unfold — and how it might only take a few freelance Chinese civilian hackers working on behalf of China's People's Liberation Army to sow deadly disruptions in the U.S. military logistics supply chain. As told, if there's a conflict between the U.S. and China related to Taiwan, "Chinese offensive network operations targeting the U.S. logistics chain need not focus exclusively on U.S. assets, infrastructure or territory to create circumstances that could impede U.S. combat effectiveness," write the report's authors, Bryan Krekel, Patton Adams and George Bakos, all of whom are information security analysts with Northrop Grumman. The report, "Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage," focuses primarily on facts about China's cyberwar planning but also speculates on what might happen in any cyberwar."
How much damage can be done sustainably? (Score:4, Interesting)
I'm sceptical of how much damage 'cyberwar' can really do sustainably. I suspect it would be a bit like Pearl Harbor - you make enormous damage the first day with a surprise attack, but it goes downhill from there.
I mean, I'm sure that the first day a lot of computers will go offline, and even factories will stop, etc. But what happens after a month when those computers have their OS reinstalled - with Linux or a commercial UNIX, or even, zOS if need be, and the data you've deleted has been restored from backup CDs, and everywhere there are billboards on the road proclaiming that whomever isn't updating their computer is giving Hitler a drive. Would it be as easy to go on inflicting damage then?
Re:How much damage can be done sustainably? (Score:5, Interesting)
But what happens after a month when those computers have their OS reinstalled - with Linux or a commercial UNIX, or even, zOS if need be, and the data you've deleted has been restored from backup CDs
Most businesses don't have disaster recovery plans. And those that do, like mine, haven't given much thought to the timetable on a full restore of all IT resources from nothingness. The one I'm working for right now has a 4 year plan for rolling out Windows 7 that started last month. In other words, they started the rollout late, and they'll be deploying outdated tech well past the point when the next version comes out. This just loading the operating system... consider all the other IT resources that would need to be rebuilt.
On to data backup and restore functionality: All the backups are stored on NAS devices that are always connected. There is no offline backup. They don't use tapes, optical media, or any of that jazz. And most of those backups are located on-site, adding insult to injury. It's taking them 4 years to roll out an operating system remotely, the process is largely manual, riddled with errors, and each system requires, on average, 3 hours of support resources to complete the upgrade.
Without getting into details, this is a Fortune 100 company, and because of the nature of its business is required by law to have stringent backup policies as well as data protection. The state of the art encryption and data protections can all be catastrophically bypassed by design using a 4 digit PIN. the 4 digit pin... is the last 4 digits of the user's SSN. The first and last name, as well as geolocation information, is in active directory, which even the 'guest' account can access. Every person who works support, from phone to desktop, network to deployment, as local admin rights to every workstation in the company. Do the math. Then cry.
This... is typical for most large businesses.
That kind of talent's in the USA too... apk (Score:2, Interesting)
Trust me, BOTH sides have "the talent" on all levels: But, why? It's like a street-fight really - BOTH SIDES TAKE A HELL OF A BEATING, & for what??
Some stupid rich man's steering nations into wars/conflicts (face it, we KNOW that's how real wars start up too, the wealthy/war profiteer "wanting more")).
* Almost makes me sad... the media "hyping it" doesn't help either because it gets folks gander up (regular folks that don't know any better, or have never met a person from 'the other side' personally, & get led/stirred up like 'sheeple' are wont to do).
APK
P.S.=> Personally, I know a pack of very talented Chinese guys in computing (from academia in fact & work), & they're JUST GUYS, pretty much, just like any others... They don't really want shit because they're too smart to even START that kind of mess - same on 'our side' too! Normal folks that get used/abused by "the people @ the top/1%-ers". Pretty sad... apk
Oh, please ... (Score:5, Interesting)
Has anyone in the US Military stopped to notice what critical supplies are manufactured solely in China today? I do not mean just armaments, but stuff that the US military would be utterly unable to move without. Stuff like light bulbs. Fuel filters. Glass containers.
Simple little things that the last US manufacturer closed down for either recently or as far back as 1980.
Do we still make toilet paper in the US? I suspect there may only be one factory that does and it will probably close down soon. It is much cheaper to have it made over there and shipped here.
We cannot possibly win a conflict with China - they would cut off our supply of manufactured items and the military would just grind to a halt.
Sure, they could probably shut down a couple of factories making classified munitions, but who cares? They figured out that troops don't fight without toilet paper in WW I and trust me, it hasn't gotten any better. They cut off our supply of toilet paper and the US population would storm Washington and demand an end to the conflict immediately. I am not kidding here.
Re:Military using the public Internet?!? (Score:5, Interesting)
One the things TFA mentions is how many of the targets wouldn't actually be military, but rather civilian contractors which the military needs to run day-to-day operations. This isn't a computer security problem, it's a cultural problem. The contracting / privatization craze has hit the military in a big way. I know this will sound like old-soldier grumbling, but when I was in (late 80s to mid 90s) we didn't have this problem, much. We had plenty of civilian contractors around, sure, but combat-critical logistics and maintenance functions were handled by people in uniform. Now we have a situation where units engaged in active combat can't function unless civilians who are not under oath and are not trained for the situation (and who are often paid much, much more than soldiers used to be to perform the same jobs; the "privatization saves money" argument is complete bullshit) decide to show up for work that day. The military needs to be able to handle its own operations in a war zone, and right now, it can't do that.
impeding combat effectiveness (Score:4, Interesting)
Another (highly upstream) impediment to combat effectiveness is a change of attitude away from combat-based resolution. O, to have hackers so skilled, from any nation, that yang may cede to yin, at least for a few years, in our lifetimes...
(end lament)
Re:They missed one key tid bit... (Score:2, Interesting)
It's all Bogeyman BS.
1) USA has thousands of nukes including ICBMs
2) China has about two hundred nukes including ICBMs.
3) NONE of that cyberwar hacking is going to stop the nuclear missiles.
4) China will come out worse in a nuclear war against the USA (unless the rest of the world nuke the USA too)
5) Neither side appear to have suicidal leaders, and most of the leaders are enjoying their lifestyles at the top.
6) The USA owes China trillions of US dollars.
So why would China start a war on a country with way more nukes? Since it's public knowledge that China has nukes, guess what USA would do if China really starts a war with the USA? And what would China gain?
China may hack to get secrets but you don't take down massive numbers of servers when you do that. So if the USA has evidence of any real cyber attack from China they'll just tell China to "STOP IT NOW OR ELSE".
This cyberwar scenario might be applicable if China was trying to avenge an attack from the USA. China has fewer nukes than the USA, and the USA has more defenses against nukes, so to try to increase the effectiveness of its fewer nukes in revenge strikes China may have to DoS stuff. China would still lose the resulting war, but at least the USA would be more hurt - and maybe some pissed-off US citizens might kill the crazy US leaders who "pressed the button" (if they ever come out of hiding).
See the number of nukes China has: http://en.wikipedia.org/wiki/List_of_states_with_nuclear_weapons#Statistics [wikipedia.org]
From what I observe, the Chinese leaders at the top are likely to be well aware of these realities. I can't say the same about the US "Sarah Palin" leaders.
Re:Oh, please ... (Score:4, Interesting)
And Canada and the US sold hundreds of millions of bushels of grain to the USSR during the 1950's to 1980's, including the "height" of it with the Cuban Missile Crisis etc.
Don't let political posturing fool you, some decisions, such as helping your enemy feed its people is a better olive branch then any peace treaty or alliance.
Re:Pass a law, carve off a piece of the GDP (Score:4, Interesting)
Re:If there's a conflict (Score:3, Interesting)
All of this talk about China winning any kind of conflict is hocus pocus. What China could do is cause a severe amount of damage to cyber infrastructure and repel any occupational force on the mainland. What they could not do is reach beyond their own border militarly, aquire enough energy to wage war, or find access to friendly markets once the war started. China may be a big economy but without the support of the world European and Japanese powers they would have an awful hard time keeping a stable economy. Additionally large swaths of the interior of China are in fact recent acquisitions(occupations) with populations just itching for a chance to strike back at the ethnic Han Chinese. The US arming the muslims and tibetans could create hell for China at home. Compare this to the strategic position of the US with its unabated control of all oceanic routes, being surrounded by mostly friendly nations, having a solid energy supply, and no significant domestic threats leads me to think the long term strategic implications for Chinese aggression are abysmal. Cyber war could be shut down quickly with the destroying of communications networks in china with EM weapons if need be.