July 10, 2012

The Chinese cyber threat

Defence IQ
Contributor:  Chris Archer
Posted:  06/15/2012  12:00:00 AM EDT  |  0  

The history of Chinese cyber attacks on American networks is rooted in the history of how China views the western world. According to Lt Col Bill Hagestad, Author of ‘21st Century Chinese Warfare’, you “cannot pick up a newspaper or read a blog without hearing about the cyber threats from the People’s Republic of China regarding their use of cyber and information warfare”. In the following interview Chris Archer delves into this in detail with Hagestad and examines how the US can prepare for Chinese cyber attacks.

Mr Hagestad - earlier this year you published a book called 21st Century Chinese Cyber Warfare. Why is the book so important and contentious in the current cyber sphere.

Good question Chris. It’s important because anyone, anywhere, regardless of the industry they’re in, yet more specifically the Information Security profession, cannot pick up a newspaper or read a blog without hearing about the cyber threats from the People’s Republic of China, regarding their use of cyber and information warfare.

The combination of Chinese Communism and the unique cultural and linguistic heritage of the People’s Republic of China are driving this activity and your book delves into this in detail. Maybe you could explain how?

Yes. One has to go back no greater than 200 years to look at how the Chinese view the Western world. Perhaps further back, taking an example in history of the Mongol invasion of China. The Chinese are sick and tired of having foreign forces come and invade them and extract the natural resources of their country. They know they cannot defend themselves kinetically with the military they have, so what they have decided to do is take the high ground and take the advantage in the cyber realm, i.e. the internet, and take that fight to their foes through the use of Cyber and Information Warfare.

How can the US prepare for Chinese Cyber Attacks? What should they understand first and foremost?

Yes, that’s a good question. That gets back to the earlier question, understanding who China really is and I think that is something that’s not known. There are a lot of people who say they’re China experts, I would never claim to be a China expert. All I can tell you is I love the country of China but I also love my country and when there is a unique crossroads of understanding one’s own culture and a foreign culture, only then can you start to be able to defeat it. There are many anecdotes from SunTsu, the Chinese war God from 500 B.C. His writings can give us some proper guidance in those regards, but how can the U.S. government defend itself? I think the most important thing is to start to develop a concrete offensive and perhaps establish some political dialogue to go along with that but when the political dialogue erodes, dissolves, or becomes useless they can go forward with offensive cyber capabilities and combine it with kinetic farms.

So in your current role as a cyber security strategist, where have you seen the most common mistakes within the security of government networks and what are the most common challenges at present?

That’s easy. Take a look at all of the discoveries of Chinese attacks on corporate networks, military networks, and intelligence organizations. Typically they have been on a network for years, months, before they’re discovered. Typically information security professionals will use an intrusion prevention system to detect those so they can mitigate them in terms of isolating where that problem or breach is. Most current commercial intrusion prevention systems do guard against zero day traps but those are all English based. What I’ve discovered is that no one’s looking at attacks that are based in China in Chinese. The ultimate form of cryptography is the Chinese language; if you want to defeat any English based intrusion prevention system.

What impact is China’s use of cyber espionage having on the military and suppliers of military equipment?

The most distinct one is it’s a threat that’s not understood and for anyone in the military, if you don’t know or understand who your foe is you can’t possibly defeat them. I recall in January hearing from U.S. cyber command that they have not defined what cyber space is. As someone who has been to war a couple of times, I always brief my Marines and always prepare for success in going to combat by understanding what is the area of operations that I’m going to operate in.
In military, whether it’s the U.S. or the British or the Indonesian, or the Chinese, if you don’t understand where your foe is operating it’s hard to understand and limit their action and defeat them ultimately.

What is the possibility of China’s use of information warfare or cyber espionage escalating into something else? Cyber warfare for example.

Yes, that’s already happening actually. If you look at the most recent developments in the South China Sea between the Republic of the Philippines and the People’s Republic of China, initially the Chinese view of the world is that they don’t have to abide by any international rules of the sea, and the particular HuangYan Islands they are claiming sovereign control over. The Filipino people are saying, ‘no that’s our territory’. In this case it started in the physical world where the Chinese were sending small Naval frigates down to do a little push and shove with the Philippine Navy and Fisherman are caught in the middle on both sides. The HuangYan Island situation has escalated into the cyber realm where the Chinese are taking down Filipino sites and vice versa. In fact, ‘anonymous’ has come to the aid of the Republic of the Philippines and is taking the Chinese to task in the Cyber realm, so it’s gone from physical to cyber and hopefully the escalation of force will not go beyond the cyber where the Filipinos say we need the aid of a government like the U.S. who is building a presence in Australia and the Philippines and saying ‘help us defeat or mitigate the physical threat by the Chinese Navy’. That would be the worst thing that could possibly happen as a result of the cyber activity.

How is the rising cyber threat from China likely to impact military supply chains and procurements? For example: an increasing number of components for military equipment are being sourced outside NATO countries. How can the military and suppliers of this equipment ensure no killer switches or malware has been imbedded into manufacturing components?

It’s back to my earlier comment. Now when it’s written in a language other than English, granted it’s zeros and ones and the basic prose of electronic information and language, but if those ones and zeros are not recognized by reverse engineering or a scientific engineering lab that has been designed to detect malware or hit and kill switches, those hit and kill switches and malware may be baked in without being detected until after they’re given the ability to turn on in a critical system such as a weapons guidance or a satellite of some sort. It’s difficult. If the material’s going to be sourced outside of NATO counties it will need to be examined much more closely through the lens of a foreign language such as Chinese. Now remember, as a culture and a country, China had over 20,000 separate dialects that are possible combinations for writing use in malware. Granted, 1949 Mandarin standardized, but in terms of Mandarin Chinese there’s simple or ‘Pu Tong Hua’, there’s complex characters, and literary Chinese. You can imagine the cryptological combinations would be almost impossible to dictate or recognize even if you did know Chinese as a native speaker.

When do you think defense will catch up with the offense in terms of the military being able to fend off or deter electronic or information warfare?

I think that the militaries are predisposed to go on the offensive. Right now they’re all in a defensive mode, meaning they’re protecting networks and critical pieces of information, but at some point it’s going to transition to the point where they’re going to use offensive cyber capability to defeat an enemy. The problem with attacking an enemy is attribution of where and who are bringing those attacks on the U.S. That’s the critical piece that’s missing right now is there’s no attribution from offensive weapons capability in the cyber realm cannot be used with any efficiency or effectiveness.

No comments: