U.S. commission fingers China as biggest cyberthreat

A U.S. commission has confirmed what many experts already believed: China has become "the most threatening actor in cyberspace," due to a persistent bombardment of U.S. military systems and defense contractors.

The U.S.-China Economic and Security Review Commission is scheduled to release next month its annual report mandated by Congress. A draft of the report obtained by Bloomberg found the sheer number of attacks emanating from China made the country a top concern.

"Irrespective of the sophistication, the volume of exploitation attempts yielded enough successful breaches to make China the most threatening actor in cyberspace," according to the draft.

The commission's findings raise the question of how to defend against such persistent attacks. Gunter Ollman, chief technology officer for Damballa, said the best way to bolster defenses is for defense contractors and other industries to share information when breaches are discovered. Damballa sells technology for discovering successfully planted malware through anomalies in system operations.

Ollman is in favor of sharing everything that is known about the attacks, the attackers and the targeted infrastructure. "These attacks typically aren't targeted at one particular [defense] contractor," he said. "They are much broader than that. They [attackers] are testing many doors simultaneously, and sharing intelligence can be used as a stronger mechanism for detection and helping to mitigate future threats."

Sharing of information between corporations and the Department of Homeland Security has been a subject of much debate, due to privacy issues. Because of the controversy, Congress has yet to pass the proposed Cyber Security Act, which would give the government access to information on corporate networks that are under attack.

Because of Congress' failure to act, President Obama is considering issuing an Executive Order to implement some provisions of the act. Darren Hayes, an expert in computer forensics and security and a professor at Pace University, says government action is needed to better protect the intellectual property of U.S. companies, as well as military and diplomatic secrets.

"Everybody is talking about it, but no legislation has been put into practice," Hayes said. "Nothing meaningful from my perspective has been done."

Today, most Chinese attacks on military and government systems seem intended to steal technology or intelligence, the Bloomberg report said. However, the panel believes that could change and attacks could become more destructive.

A report the commission released in March said China's military, called the People's Liberation Army, has been preparing for possible cyber warfare in its modernization efforts.

"PLA leaders have embraced the idea that successful war-fighting is predicated on the ability to exert control over an adversary's information and information systems, often preemptively," the report said.

In a speech last month to business leaders in New York, Defense Secretary Leon Panetta warned that a cyberattack on the nation's critical infrastructure, such as transportation, water supply or the electric grid, could be a "cyber Pearl Harbor -- an attack that would cause physical destruction and the loss of life."

Panetta warned that the U.S. would retaliate quickly against such an attack. He also said the government would not rule out a preemptive strike, if such an attack was eminent.

[See related: Security experts push back at 'Cyber Pearl Harbor' warning]

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Tags Cybersecurity Act of 2012Data Protection | MalwareapplicationsU.S.-China Economic and Security Review CommissionlegalsoftwareDamballadata protectioncybercrimeBloomberg

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Audit Management Solutions

Manage the complete audit lifecycle from audit universe identification and risk assessment to management/board reporting and quality assurance.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.