Instead of rehashing the Commission on the Theft of American Intellectual Property's account of the billions in IP stolen by Chinese hackers every year -- something you've read about ad nauseum -- we'll cut straight to the chase and give you its recommendations.
(The private commission -- loosely affiliated with the National Bureau of Asian Research -- was led by Dennis Blair, who served as President Barack Obama's first director of national intelligence, and former Utah Governor Jon Huntsman, who served as U.S. ambassador to China from 2009 through 2011.)
Basically, it recommends that U.S. businesses invest in cyber defenses that allow them to monitor their networks in real-time, buy technology that could freeze someone's computer if they access stolen documents with it. The commission stops short of recommending that private businesses hack back against cyber thieves but warns such actions may be necessary in the future.
Here are those suggestions in greater detail.
First up, it recommends corporations hire what amount to full-time IT security guards who patrol their networks -- assisted by automated systems that scan for software behaving strangely, a telltale sign of malware -- looking for intruders. This is pretty much the only way to deal with advanced hackers, who will find their way through any firewall or cyber Maginot Line.
Despite their limited utility against skilled and persistent targeted hackers, computer security systems still need to maintain not only the most up-to-date vulnerability-mitigation measures, such as firewalls, password-protection systems, and other passive measures. They should also install active systems that monitor activity on the network, detect anomalous behavior, and trigger intrusion alarms that initiate both network and physical actions immediately. This is a full-time effort.
Organizations need network operators "standing watch" who are prepared to take actions based on the indications provided by their systems, and who keep a "man in the loop" to ensure that machine responses cannot be manipulated. Organizations need to have systems-software, hardware, and staff-to take real-time action to shut down free movement around the house, lock inside doors, and immobilize attackers once the alarms indicate that an intrusion has started.
The report also recommends that companies purchase software capable of quickly analyzing email attachments and links to malicious websites to weed out well-crafted spear-phishing emails before a human is tricked into opening them.
Next, the report encourages businesses to tag their data, allowing them to be tracked if stolen -- kind of like Find My iPhone for intellectual property -- or even loading data with self-destruct devices or software that locks the computer of an unauthorized user.
"Companies should consider marking their electronic files through techniques such as ‘meta-tagging,' ‘beaconing,' and ‘watermarking'," reads the report. "Such tools allow for awareness of whether protected information has left an authorized network and can potentially identify the location of files in the event that they are stolen."
It goes on to say that a "file could be rendered inaccessible and the unauthorized user's computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved."
Significantly, the report does not recommend that companies hack back against their cyber adversaries, despite calls from some in the private sector who want to be allowed to do just that (yours truly has been in the room for plenty of conversations with private IT security types who have called for this). While it may be nice to punch back at a hacker and take down his or her networks or even computers, there's a big potential for collateral damage, especially if the hackers are using hijacked computers belonging to innocent bystanders.
"The de facto sanctioning of corporate cyber retribution is not supported by established legal precedents and norms," states the report. "Part of the basis for this bias against ‘offensive cyber' in the law includes the potential for collateral damage on the Internet. An action against a hacker designed to recover a stolen information file or to degrade or damage the computer system of a hacker might degrade or damage the computer or network systems of an innocent third party. The challenges are compounded if the hacker is in one country and the victim in another. For these reasons and others, the Commission does not recommend specific revised laws under present circumstances."
That last sentence echoes numerous U.S. government officials, including House Intelligence Committee Chair Rep. Mike Rogers, who warn against companies hitting back at their enemies in cyberspace.
Still, the document states that while it doesn't recommend hacking back, U.S. law may need to be changed in the future to allow such actions if Chinese theft of American IP continues unabated.
The Commission considered three additional ideas for protecting the intellectual property of American companies that it does not recommend at this time. In the future, if the loss of IP continues at current levels, these measures ought to be considered.
Recommend that Congress and the administration authorize aggressive cyber actions against cyber IP thieves.
Currently, Internet attacks against hackers for purposes of self-defense are as illegal under U.S. law as the attacks by hackers themselvee. As discussed in the cyber recommendations above, if counterattacks against hackers were legal, there are many techniques that companies could employ that would cause severe damage to the capability of those conducting IP theft. These attacks would raise the cost to IP thieves of their actions, potentially deterring them from undertaking theses activities in the first place.
The Commission is not ready to endorse this recommendation because of the larger questions of collateral damage caused by computer attacks, the dangers of misuse of legal hacking authorities, and the potential for nondestructive countermeasures such as beaconing, tagging, and self-destructing that are currently in development to stymie hackers without the potential for destructive collateral damage.
It goes on to urge lawmakers to clarify exactly what aggressive steps businesses can take to defend their intellectual property while defending against full-on cyber vigilantism. It also calls on Congress to pass legislation, such as the Cyber Information Security Protection Act, allowing businesses to rapidly share intelligence on cyber threats with each other and the government without fear of lawsuits. It also calls on the government to ensure that the Pentagon, the Department of Homeland Security, and other law enforcement agencies have the legal authority to use very aggressive cyber deterrence systems to protect national security and critical infrastructure networks from attack.
Here's the whole report:
Not only is APT1, the Chinese-government hacking group made famous by Mandiant last February back at its old tricks, but other Chinese espionage outfits have been hacking away undeterred by the public naming and shaming of their colleagues.
Even as APT1 (formally known as Unit 61398 of the People's Liberation Army) took a break after Mandiant publicized its exploits, the rest of China's advanced hackers stayed on the offensive, stealing data any way they could.
"A lot of the press reporting has been saying that China took a break for three months and now they're back, [but] that was just one group ... the rest of them just kept up the regular pace of operations; no discernable change from our point of view," Richard Bejtlich, Mandiant's chief security officer told Killer Apps yesterday, regarding APT1's actions in the wake of his firm's February report detailing their activities. "It's not like they received any sort of tasking that said, ‘hey, the U.S. is onto us, we'd better take it easy.' It was more like, ‘we don't care, let's just keep on conducting operations.'"
As for APT1, they did some "cleanup activities and then they took a break from, for the most part from breaking into targets that we had seen them going after," said Bejtlich. "In the last four weeks or so, they seem to be making a push back to their normal levels of activity, it's not all the way back there in terms of the numbers of victims we see them in but they are coming back."
"We've seen them attempting to get access to some of the previous victims as well as trying their hand with some new victims," said Bejtlich of APT1's renewed cyber activities.
These advanced Chinese hacking groups are among the roughly 24 highly skilled cyber espionage outfits around the world -- sometimes collectively called Advanced Persistent Threats (the APT in the moniker, APT1) -- that Mandiant tracks, according to Bejtlich. (Most of the APT groups Mandiant tracks are Chinese but some are Russian.)
In the meantime, Mandiant has also seen a rise in Middle Eastern hackers, suspected of being Iranian, who appear to be honing their abilities to penetrate and stay in the networks of both governments and businesses.
"We may have eyes on some Iranians as well," said Bejtlich. "I don't know if they're necessarily at the APT level, but they're distinct enough that we can track them and have a decent idea of where they're coming from."
The Middle Eastern hackers aren't "in any way" as sophisticated as groups like APT1, according to Bejtlich. "The limited activity that we've seen seems to be almost educational on their part, it seems like they're trying to determine what it's like to operate on a live network."
While Chinese hackers know what antivirus software to expect, how the network will be built, and even how its defenders will react to their presence, "the Iranians don't tend to have that, from what we see but we think they're taking steps now to develop those skills," said Bejtlich.
He went on to say this activity may be a "leading indicator" that Iranian espionage operatives may be gearing up to conduct more advanced online operations.
"We typically haven't seen digital work done on the theft side, but that's starting to change," said Bejtlich. "We think we've seen them on networks, which is new for us."
He acknowledged that while this is the first time Mandiant has tracked suspected Iranian hackers inside a corporate network, other cybersecurity researchers may have come across Iranian operatives in cyberspace. (Last summer's famous cyber attacks that wiped hard drives on 30,000 of oil giant Saudi Aramco's computers have been blamed by some on Iranian-backed hackers. Then there's last fall's denial of service attacks that were pinned on Iran.)
"We're not a lock that these guys are Iranians but there are some indications that they are so we're trying to devote some time and figure out who they are," he added. "The case we have is not a destructive case, somebody didn't go in an destroy a bunch of computers."
Rep. Mike Rogers, chair of the House Intelligence Committee has said that Iranian hackers may pose the biggest threat of a destructive cyber attack to the United States.
Here's what Killer Apps reported on Rogers saying last February:
Rogers said that Iran had already displayed its willingness to wreak havoc abroad in the attacks last August against the Saudi Aramco oil company and the Qatari gas firm RasGas, which wiped the data from 30,000 computers and kept employees off email for more than a week.
The U.S. government has yet to name a culprit in those attacks, but Rogers said that, based on his conversations with private sector cyber security analysts, he is "99.9 percent sure" that Iran was behind them.
"That's a new level of capability," said Rogers. "They have obviously aggressively stepped up their campaign."
He then pointed to last fall's denial of service attacks against U.S. banks as also being the work of Iranian cyber operators, though he acknowledged those attacks were far less sophisticated and damaging.
"Most people believe that was a probing action, they're trying to find deficiencies in our systems to find a better way to come back and cause some catastrophic disruption," Rogers said.
View Untitled in a larger map"
We focused on naval aviation a lot last week, from the news about the U.S. Navy launching its X-47B stealth drone off an aircraft carrier to talking about China and India's commissioning of brand new carrier-borne fighter squadrons.
To wrap things up, we thought we'd show you (above) what's likely China's major training facility for its new carrier-aviation force.
As you can see in the Google Maps image above, the airfield (located about 300 miles from Qingdao, the homeport of China's first aircraft carrier, the Liaoning) is freshly built and the northern end of the runway features a fake carrier flight deck that appears to be used to practice carrier landings (there are clear skid marks on the landing area). The southern end of the runway features two "ski-jump" ramps that are likely used by pilots to rehearse taking off from Liaoning's bow-mounted ramp. (Notice how only one of these ramps is complete in the imagery above while the southernmost ramp appears is shown being built in an older satellite image of the base.)
As OSIMINT notes, the field has 24 fighter-sized aircraft shelters, indicating that China's first carrier aviation units will be equipped with 24 J-15 carrier fighter jets.
This is likely the location where some of China's reportedly best pilots will learn the skills and develop the doctrine that allows them to master the art of taking off, landing and flying combat missions from a tiny airfield that's bobbing in the sea. Once this initial group of pilots has this down, it will teach future generations of Chinese naval fighter pilots
And you thought this week's news about the Navy's fancy stealth drone was good. Not to be outdone by the sea service, the Army this week revealed that it's looking to develop autonomous robo-backhoes and robot versions the military's famous armored trucks, known as MRAPs.
That's right, the Army wants to have robot trucks prowling battlefields for hidden explosives, finding and disabling or destroying the devices before they can harm people, according to this May 3 request for information that was spotted by a flying Blackberry with a drinking problem.
I have to say, this mission fits many people's job description for drones perfectly: dirty, dull and dangerous. If ever there was a dirty, dull and dangerous job for a drone, it's driving slowly down war-torn roads or paths while hunting for something buried in dirt or debris that could blow a person to smithereens.
So, the Army is interested in talking to contractors who can come up with kits allowing them to convert some of its High Mobility Engineer Excavators (backhoes on steroids, they're armored and can drive way faster than their civilian counterparts) and RG-31 MRAPs into remote-controlled bomb finders -- officially dubbed the Route Clearance and Interrogation System (RCIS).
Click here to see why they want these things to be unmanned.
Specifically, the kits must allow the vehicles to be operated by a soldier in another vehicle or for them to automatically follow a "pathfinder" vehicle or be programmed to drive along a preplanned route using GPS coordinates. However, the trucks must maintain their ability to be driven by a human the old fashioned way.
The Army envisions the trucks operating in nearly every environment, from urban rubble to open desert. The RCIS "will operate in terrain varying from open rolling to complex terrain; in confined areas; with mobility on primary and secondary roads and trails, and during limited cross-country movements," reads the RfI. "Operations will take place during daylight and during night, in limited visibility, and in inclement weather."
The two vehicles that comprise the RCIS system will have tools that allow for slightly different, complimentary missions. The backhoe will allow troops to remotely dig up, identify, and "neutralize" deeply buried explosives "in confined/urban areas" and prevent enemies from planting bombs in routes that have already been cleared by U.S. troops, according to the document.
The robo-MRAP will allow the troops to find and "neutralize" bombs with equipment such as "an explosive hazard roller, debris blower, electronic countermeasures device, infrared neutralizing device [to disable laser tripwires], and trip/command wire detonating device."
The trucks will be equipped with a variety of cameras and diagnostic systems allowing the operator to monitor its progress, the world around the vehicle and its health as if he or she were sitting behind the wheel, according to the RfI. Still, the beasts should be able to automatically recognize and warn the operator to the presence of any vehicle the size of a "Toyota Tacoma" pickup truck or larger and any people "standing upright wearing an Army Combat Uniform" who happen to be in front of or around the vehicles. (I guess you're out of luck if you're stranded in a Mini Cooper that's in the path of one of these things.)
These are hardly the U.S. military's first ground-based drones. The military has fielded thousands of small bomb-disposal robots, and the Army has tested a six-wheeled robot-jeep that serves as a pack mule in Afghanistan.
That's nothing compared to Israel, which has wholeheartedly embraced ground robots to conduct dull, dirty, and dangerous missions for at least a decade. The Israel Defense Force has used robot bulldozers since late 2003 to "knock down buildings, flatten olive groves and clear paths for advancing soldiers," according to this BBC News article. Then there's what might be the world's first killer ground robot, the IDF's Guardium.
As China commissioned its first-ever aircraft carrier aviation unit, Asia's other rising power, India, gave its carrier aviators a serious equipment upgrade with the introduction of 16 brand-new Russian-made MiG-29K and four MiG-29KUB carrier-borne fighters earlier this week.
India has operated old British aircraft carriers for decades. Right now it flies aging Sea Harrier jump jets from INS Viraat, formerly the Royal Navy carrier Hermes. These Sea Harriers are subsonic attack planes with limited payloads operating from a carrier that was built in the 1950s.
The supersonic MiG-29K is an updated, naval version of the Soviet Union's 1980s-vintage MiG-29, which was designed to counter U.S. Air Force F-15s and F-16s in the skies over Europe should the Cold War ever turn hot. The planes are way faster than the 1980s-vintage Sea Harriers and can carry more weapons capable of shooting down enemy planes and hitting enemy ships.
The Indian navy's new MiGs are going to be flown off of India's newest carrier, the former Soviet navy "aircraft-carrying cruiser" Admiral Gorshkov. That vessel has been massively refurbished at a Russian shipyard into the soon-to-be delivered INS Vikramaditya, a full-on carrier that, after much work, looks remarkably similar to China's first carrier, the Liaoning -- herself an old Soviet carrier. (Vikramaditya is supposed to be delivered to the Indian navy sometime this year.)
(China is also reportedly building at least two aircraft carriers of its own, set to enter service in the next decade.)
India will get a second squadron's worth of MiG-29Ks to fly off its first locally made carrier, the INS Vikrant, which is slated for delivery in 2015. (Click here to see great images of her under construction and get a primer on the delays that have troubled India's carrier program.)
So yeah, China isn't the only Asian nation that's building up its carrier force.
And keep in mind that India has one distinct advantage over China when it comes to carrier operations: it has been operating fighter jets from aircraft carriers for more than 50 years. It can take decades to master the art of flying fast jets off of the relatively tiny, floating airfields. Still MiG-29s are much bigger airplanes than the Sea Harriers and they can't just land vertically on a flight deck, as a Harrier can. This means that Indian navy pilots will have to relearn one of the toughest skills in aviation; landing on a pitching, rolling flight-deck and snagging an arrestor cable to come to a stop in a couple of hundred feet.
The same day that the U.S. Navy's X-47B stealth drone took off from an aircraft carrier, photos emerged on Chinese Internet forums that seemingly confirm that China is developing a stealthy unmanned jet, dubbed the Li Jian or Sharp Sword.
These jets are meant to replace the current crop of slow, low-flying, propeller-driven UAVs that military planners assume will be highly vulnerable in a modern conflict where one nation doesn't have absolute control over airspace.
For example, the U.S. Navy envisions these planes doing everything from aerial refueling missions to penetrating advanced air defenses to perform strike and surveillance sorties.
The only stealth drone designs we saw coming out of China were subscale models that basically amounted to remote-control airplanes. It appears that we can now add stealth drones to the military technology that China is developing to catch up with the West.
Hat tip to Alert 5.
History was made this morning when the U.S. Navy's stealthy X-47B Unmanned Combat Air System demonstrator (UCAS-D) drone became the first unmanned stealth jet to take off from an aircraft carrier's catapults.
The jet launched off the USS George H.W. Bush in the Atlantic Ocean at 11:18 this morning and landed at Naval Air Station Patuxent River in Maryland at 12:24 p.m., according to Navy public affairs tweets:
(To be fair, The Wall Street Journal's Julian Barnes may have beat the Navy in announcing the flight on Twitter)
The plane was supposed to conduct several simulated carrier landing approaches before flying inland and accross the Chesapeak Bay to Patuxent River, according to this Navy press release.
The plane followed taxiid onto one of the ship's bow catapults and then lauched into the air where it was controlled by an operator aboard the ship, as the jet made its way closer to shore, control was passed to an operator stationed at Patuxent River who controlled the jet on its flight home through mainland airspace.
Remember, the X-47B is meant to prove that a fighter-size stealth jet can operated from the crowded deck of an aircraft carrier. The Northrop Grumman-made drone is meant to test technology that will allow unmanned stealth jets capable of performing spy and strike missions to safely taxi on a flight deck and execute missions autonomously -- with a human supervising them but not flying them, even as the plane makes carrier landings, one of the toughest feats in aviation. (Click here to read about the technology the Navy will use for this.)
The X-47B program is set to continue until 2015, paving the way for the Navy's Unmanned Carrier Launched Surveillance and Strike program, which aims to have a fleet of stealth unmanned spy and strike jets operating from carriers by the start of the next decade.
Stealthy, unmanned jets capable of operating from carriers and doing everything from aerial refueling to spy and strike missions will play a role in the Navy's strategy for dealing with the great distances involved in operations in the Pacific region. Such craft could take off from a carrier far aways from an enemy's shores -- and hopefully out of the range of anti-ship missiles -- refuel each other and penetrate an enemy's advanced air defenses to perform strike or spy missions.
The U.S. isn't the only nation developing such UAVs. Britain, France, Russia and possibly China are also working stealthy, jet powered drones capable of performing combat missions in the face of modern air defenses.
Click here to read more about the X-47B.
Here's some Monday news: China has apparently commissioned its first aircraft carrier-based aviation unit.
We've known for years that a small cadre of Chinese pilots has been practicing landings and takeoffs on landlocked mock-ups of an aircraft carrier flight deck. Last fall, these pilots conducted their first-ever carrier flight operations when they took off and landed aboard China's first carrier, the Liaoning.
It appears these pilots are set to start training the next crop of Chinese naval aviators, according to a report from Xinhua that came out over the weekend.
The forming of the force, approved by the Central Military Commission (CMC), demonstrates that the development of China's aircraft carriers has entered a new phase, the sources said.
The force comprises carrier-borne fighter jets, jet trainers and ship-borne helicopters that operate anti-submarine, rescue and vigilance tasks.
Pilots of this unit must have at least 1,000 flight hours and have flown five different types of aircraft, according to Xinhua.
Liaoning is meant to serve as China's "starter carrier." It will give this first class of pilots and sailors experience operating a floating airport -- one of the toughest things in aviation. It took decades for the U.S. Navy to master the art of flying fast jets off of 4.5-acre flight decks (they were even smaller 60 years ago) that are bobbing in the ocean.
The carrier started life as the Soviet ship Varyag. However, she sat unfinished in a Ukrainian shipyard for a decade or so after the breakup of the USSR. In 1998, Chinese investors bought the hulk without engines, electrical equipment, or weapons with the stated intention or turning it into a casino. However, toward the end of the last decade, photos emerged of the ship being refitted for naval service.
At the same time, China began developing its own carrier-based fighter jet, called the J-15, based on the Russian Su-27 -- a carrier-borne fighter developed by the Soviets in the 1980s to fly off Varyag's sister ship, the Admiral Kuznetsov. The Su-33 is a navalized version of the Sukhoi Su-27 land-based fighter.
China apparently bought a Su-27 from Ukraine and reverse-engineered it to develop its J-11 fighter after Russian officials refused to sell the type to China. Once they had a J-11, Chinese engineers developed their own navalized version, the J-15.
China is apparently at work building at least two more aircraft carriers that are reported to enter service sometime in the next decade or so. Some say these ships will be based on the Liaoning's design, meaning they can carry about 30 fighters, while others say they may be based on the Soviets' larger, unfinished follow-on to the Admiral Kuznetsov, the Ulanovsk, meant to carry almost 50 planes plus helicopters.
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.