Foreign Policy
National Security
-
The Cable
Rand Paul: You’re Arming al Qaeda’s Allies
-
War of Ideas
No, 3-D Printing Won’t End Hunger
-
Passport
Why Does the U.S. Get All the Tornadoes?
Posted By John Reed
Tuesday, May 7, 2013 - 5:02 PM
So what's new in the Defense Department's new report about Chinese military capabilities? The biggest news seems to be that the Pentagon is actually saying that Chinese-military hackers are attacking its networks. Not that this should be news to readers of Killer Apps.
The report states that numerous U.S. government computer systems around the world are being "targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military." It goes on to say that China is using cyber espionage to collect intelligence on U.S. diplomatic, economic, and "defense industrial base sectors that support U.S. national defense programs."
The same skills being used by Chinese cyberspies to steal information could easily be used in a destructive attack against U.S. networks, the report points out.
Again, nothing new. Heck, this isn't even the first time the U.S. government has called out China on hacking.
The real question is: what will it take to stop widespread cyber espionage before it leads to all-out cyber warfare: Sanctions? A military deterrent? What about a nuclear-armed military deterrent?
Preventing cyber espionage and cyber attacks is "a consequences calculation and the consequences aren't there," said one Senate staffer who works on cyber issues. For "everybody from your common hacker to your professional hacker to the nation states, the consequences aren't there" to deter these kinds of actions.
He went on to compare the current era of cyber espionage to the "Napster days" of free music downloading.
"There was nothing that was going to deter college-age students from ripping off music until there was a consequence that was associated with it and the RIAA [Recording Industry Association of America] had to go out there and start suing," said the staffer.
Richard Bejtlich, chief security officer at Mandiant, thinks that while it's important for the U.S. government to call out the Chinese government's bad behavior, it's going to take more than harsh language to deter state-backed cyber espionage. (Remember, Mandiant is the firm that published a report in February detailing the exploits of what is believed to be a PLA hacking unit against worldwide targets, including the U.S. government.)
"It's important for noncommercial, government entities like DOD to make definitive statements on Chinese cyber capabilities," Bejtlich told Killer Apps. However, "because the Chinese consider espionage a tool for economic development, and the economy is one of their top national security concerns, they will not change course if the U.S. only complains with words. They are more likely to constrain their behavior if the U.S. imposes specific sanctions and exercises all elements of national power."
Bejtlich's comments echo those of Rep. Mike Rogers, chair of the House Intelligence Committee who has repeatedly urged the State Department to impose sanctions on any foreigner found to aid cyber espionage against the United States government or businesses.
Getty Images
Posted By John Reed
Friday, May 3, 2013 - 5:44 PM
As the militaries of the United States and Britain purchase more and more of the same networked hardware, most notably the F-35 Joint Strike Fighter (above), the two nations are increasing collaboration in cyber warfare, according to a Pentagon official.
"Cybersecurity is a growing area of cooperation between the United States and the United Kingdom," the official told Killer Apps. "We're sharing more information and going deeper into threat analysis and response planning than we ever have before. Both nations firmly agree we need improved multilateral cyber coordination and we're working to do just that. Cyber will also be on the agenda for discussions at the upcoming NATO conference in June."
His comments come a day after British Defence (with a "c") Secretary Phil Hammond was in Washington meeting with U.S. Defense Secretary Chuck Hagel to discuss the situation in Syria, the war in Afghanistan, how to deal with Iran, and visit U.S. Cyber Command at Fort Meade, MD. (As is sadly the norm, a spokesman for the command could not talk about Hammond's visit to Fort Meade.)
While much of the discussion between the two officials centered current or potential conflict zones and major weapons buys like the F-35, Hagel announced that the two allies will increase their cooperation in the cyber world.
"The United Kingdom's continued commitment to [the F-35] program, and our growing cooperation in new priority areas like cyber, is helping ensure this alliance has the kind of [cutting-edge] capabilities needed for the future," Hagel said during a Pentagon press conference yesterday.
"The U.K. and the U.S. remain in lock step on these projects, and as we take them forward, we will ensure the continuity of those vital capabilities," added Hammond.
It makes sense for the two to discuss F-35 and cyber in the same breath. The F-35 relies on tens of thousands of lines of software code to function. It is perhaps, the most networked plane in history, using software to do everything from fire weapons to beam chunks of data to other aircraft or command centers. Last fall, Killer Apps reported that the jet's computerized maintenance system was found to be vulnerable to hacking -- meaning that, if penetrated by spies, they could see everything from how many pilots were available to fly the jets to the maintenance status of all the airplanes in a squadron.
This comes just after Bloomberg news reported that QinetiQ, a British defense firm (that used to be a Ministry of Defense research agency until it was privatized in 2001 suffered) a series of major cybersecurity breaches at the hands of Chinese government hackers. QinetiQ works on a host of advanced technologies from cyber to robotics with U.S. government agencies such as the DOD and the Department of Energy. In fact, the firm runs Britain's version of Area 51, a site known as MoD Boscombe Down and has been called the inspiration for the workplace of James Bond's gadget-maker, Q.
Lockheed Martin
Posted By John Reed
Thursday, March 28, 2013 - 4:14 PM
Expect to see Congress take up legislation to punish nations and people that back global intellectual property theft and industrial espionage, House intelligence committee chairman Mike Rogers said today. Such legislation could revoke visas of those involved in economic espionage or sanction countries that back such behavior.
Such actions would punish "nation-states that steal intellectual property and repurpose it for government companies to illegally compete in the market," Rogers told reporters after a breakfast in Washington, alluding to Chinese intellectual property theft. "That's something I'm working on, and we've got some great bipartisan support on this and great bicameral support, and we'll have an announcement on this soon."
He added that legislation to punish countries engaged in economic espionage will not be included latest version of CISPA, set to be voted on next month, but rather it will be "announced and ready sometime this year."
He hinted that the legislation could also punish people who knowingly do business with foreign entities that rely on intellectual property theft for their business model.
"I steal from your house, and I come to [another person's house] and try to sell it, it is both a crime for me to steal it and a crime for you to take stolen property. This should be no different. The only difference is, the value of it is exponentially bigger," said Rogers, a former FBI agent.
Early last month, Rogers said the U.S. must do more to confront China on its state-backed economic espionage campaigns.
"We need direct talks with China and it needs to be at the top of a bilateral discussion about cyber espionage," Rogers told Killer Apps on Feb. 13. "This is a problem of epic proportions here, and they need to be called on the carpet. There has been absolutely no consequences for what they have been able to steal and repurpose to date." Rogers suggested that the U.S. implement trade sanctions and identify "individuals who participate in this, go after their visas, go after family travel, all of the levers we have at the Department of State. The problem is that bad."
Last month the White House unveiled its strategy to combat the international theft of intellectual property and trade secrets. This effort is focused on international law enforcement efforts to catch IP thieves and diplomatic cooperation aimed at curbing state-backed theft of trade secrets.
Getty Images
Posted By John Reed
Monday, March 18, 2013 - 11:25 AM
Well, here's another sign of China's rise: the Asian giant has replaced Britain as the world's fifth-largest weapons supplier, according to the Stockholm International Peace Research Institute.
As SIPRI notes, this is the first time that Britain hasn't made the top five since the institute started the rankings in 1950. The amount of weapons China exported increased by 162 percent between 2003-2007 and 2008-2012, bumping its share of the global arms trade from 2 percent to 5 percent.
What's behind this spike in Chinese weapons sales? Pakistan's efforts to modernize its arsenal. Pakistan has been buying everything from JF-17 Thunder fighter jets to F-22P frigates, both of which are being jointly developed by Pakistan and China and are loaded with Chinese weapons.
"China's rise has been driven primarily by large-scale arms acquisitions by Pakistan," said Paul Holtom, Director of the SIPRI Arms Transfers Program in a press release. "However, a number of recent deals indicate that China is establishing itself as a significant arms supplier to a growing number of important recipient states."
Asia and the Pacific Rim have become the new hot spots for purveyors of heavy weapons. While European nations have dramatically reduced their weapons buys in the last 20 years, countries from the Middle East to the South China Sea are beefing up their militaries alongside their growing economies.
"In the period 2008-12 Asia and Oceania accounted for almost half (47-percent) of global imports of major conventional weapons," reads SIPRI's announcement.
The top-five weapons importers from 2008 through 2009 were all in South Asia and the Far East.
"The top five importers of major conventional weapons worldwide -- India (12-percent of global imports), China (six-percent), Pakistan (five-percent), South Korea (five- percent), and Singapore (four-percent) -- were all in Asia."
As expected, the United States and Russia take the top two exporter spots, supplying 30 percent and 26 percent of global weapons, respectively. Next up is Germany, supplying 7 percent of global weapons, followed by France, with 6 percent.
Here are some more interesting facts about the global arms trade between 2008 and 2012. Notice how arms sales to North African nations are way, way up.
§ Russia accounted for 71-percent of exports of major weapons to Syria in 2008-12 and continued to deliver arms and ammunition in 2012.
§ The Arab states of the Gulf accounted for seven-percent of world arms imports in 2008-2012. Missile defense systems were an important element in their latest arms acquisitions, with orders placed in 2011-12 for Patriot PAC-3 and THAAD systems from the USA.
§ Deliveries of weapons system to Venezuela as part of its ongoing rearmament program continued in 2012. Russia accounted for 66-percent of transfers to Venezuela, followed by Spain (12-percent) and China (12-percent).
§ Imports by North African states increased by 350-percent between 2003-2007 and 2008-12, which was almost entirely responsible for a doubling (by 104-percent) in imports by Africa as a whole.
§ Sub-Saharan imports increased by just five-percent. Most countries in sub-Saharan Africa imported only small numbers of major weapons, but many of these have been used in internal conflicts or in interventions in conflicts in neighboring states, most recently in Mali.
§ Greece's arms imports fell by 61-percent between 2003-2007 and 2008-12, pushing it from the number four importer to number 15. In 2006-10 Greece was the top recipient of German arms exports and the third largest recipient of French arms exports.
Wikimedia Commons
Posted By John Reed
Wednesday, March 13, 2013 - 6:01 PM
That's right, this is why we can't have nice things. Debris from the satellite China destroyed with an anti-satellite missile in January 2007 has finally done what everyone was afraid of: it hit another satellite, possibly causing serious damage.
According to Space.com, the debris from China's 1,600-pound FY-1C weather satellite collided with Russia's tiny "Ball Lens In The Space (BLITS) retroreflector satellite" (we have no idea what that means, either) on January 22.
Like we said, the international community has been worrying about this for a long time. Almost immediately after China shot down its relatively new satellite just to show that it could, it was condemned by the U.S. government for introducing a massive cloud of dangerous debris into the very crowded orbital highways. (The image above shows the debris stream roughly one month after the test, the lone white track represents the orbit of the International Space Station.)
China is believed to have used a modified version of its DF-21 ballistic missile (the same missile on which its DF-21D carrier-killer is based) to smash the satellite orbiting 537-miles above Earth into 2,841 pieces of "high-velocity" debris. That debris has twice passed close to the International Space Station.
To be fair, the United States destroyed an orbiting satellite for similar reasons -- to prove it could -- using a missile lobbed into space by an F-15 Eagle fighter in 1985. That test was reportedly rushed before Congress banned such activities due to the dangers posed by space debris and a desire to avoid militarizing space.
Anyway, the ever growing cloud of space debris and trash is a huge driver behind the U.S. military's push to improve its so-called Space Situational Awareness. Basically, it wants to know what's going on in the vicinity of all of its satellites so that it can steer them clear of a potential collision. Right now, the U.S. and other nations mostly rely on catalogues listing the orbits and last known locations of debris and satellites instead of real-time monitoring.
NASA
Posted By John Reed
Wednesday, February 20, 2013 - 4:48 PM
A week after releasing its cyber security executive order, the White House today unveiled its strategy to fight back against the wave of intellectual property (IP) theft facilitated by cyber espionage that has hit U.S. businesses in recent years.
The Administration Strategy on Mitigating the Theft of U.S. Trade Secrets calls for: increased diplomatic efforts to confront nations hosting IP thieves and increased collaboration between governments on combating IP theft; the promotion of voluntary best practices by businesses to protect their trade secrets; "enhanced" domestic law enforcement operations; improved domestic legislation; and increased "public awareness and stakeholder outreach."
The document also includes a number of anecdotes about China-based thieves stealing U.S. intellectual property.
One of the key elements of the strategy is the plan to increase prosecution of people caught stealing U.S. trade secrets. The administration also wants to increase information sharing between the Intelligence Community and the private sector on foreign efforts to steal trade secrets, including the type of info being sought and the techniques being used. The strategy also notes that the shift toward cloud and mobile computing will likely increase the threat of cyber espionage.
Included in the document's list of likely espionage targets are a wide range of industries from defense contractors to IT firms and clean energy companies.
The White House's 141-page strategy document was released one day after cyber security firm Mandiant published a report detailing the exploits of a Chinese military unit involved in widespread cyber theft and espionage against U.S. businesses.
Just last week, Rep. Mike Rogers (R-Mich.), chairman of the House intelligence committee, called for the U.S. do more in confronting China on its massive cyber espionage campaign against American businesses.
Here's the strategy:
Admin Strategy to Mitigate the Theft of U.S. Trade Secrets - Embargo by
Getty Images
Posted By John Reed
Tuesday, February 19, 2013 - 11:59 AM
The U.S. government has and will continue to confront senior Chinese government officials "at the highest levels" about the massive amounts of cyber theft and espionage being committed against the United States by Chinese hackers, a senior White House official said today.
"We have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials, including in the military, and we will continue to do so," said the official in a statement emailed to Killer Apps Monday morning in reaction to cyber security firm Mandiant's new report detailing the exploits of a Chinese government cyber espionage unit.
"The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information," said the official, whose comments come a week after the White House introduced its cyber security executive order aimed at protecting critical infrastructure providers -- a relatively small group of banks, transport firms, energy companies, defense contractors and communications providers -- from crippling cyber attacks that would impact large numbers of Americans. The Pentagon is famously bolstering its offensive cyber capabilities in an effort to deter destructive cyber attacks against the United States.
The news of Mandiant's findings, first reported by the New York Times, also comes a week after Rep. Mike Rogers (R-Mich.), chairman of the House intelligence committee, called on the United States to confront China on its reportedly widespread cyber theft and espionage campaign against U.S. government and businesses. (Click here to read Killer Apps's recent interview with Mandiant's chief security officer on China's massive espionage campaign.)
"We need direct talks with China, and it needs to be at the top of a bilateral discussion about cyber espionage," Rogers told Killer Apps after a speech at the Center for Strategic and International Studies Wednesday. "This is a problem of epic proportions here and they need to be called on the carpet. There has been absolutely no consequences for what they have been able to steal and repurpose to date."
Rogers suggested that the United States begin implementing trade sanctions and "identifying individuals who participate in this, go after their visas, go after family travel -- all of the levers we have at the Department of State. The problem is that bad.
White House officials have repeatedly declined to discuss the specific steps they are considering taking to counter Chinese cyber aggression.
The United States is reportedly preparing a National Intelligence Estimate detailing Chinese cyber attacks against U.S. interests.Last year, Rogers's committee urged U.S. companies not to deal with Chinese telecommunications firms Huawei and ZTE, accusing the two of spying on U.S. businesses for the Chinese government. Also last year, U.S. Army Gen. Keith Alexander, head of U.S. Cyber Command and the National Security Agency called cyber crime "the greatest transfer of wealth in history."
The White House official went on to call for the United States and China to "continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace."
The effort to establish international rules of the road, or norms of behavior, in cyberspace based on the law of armed conflict is a tricky process that may take decades to flesh out, U.S. officials have repeatedly said.
Wikimedia Commons
Posted By John Reed
Wednesday, February 13, 2013 - 7:21 PM
Rep. Mike Rogers said today that Iran may pose the highest risk of a destructive cyber attack on U.S. critical infrastructure because its leaders are irrational. Although Russia and China are conducting large-scale cyber espionage campaigns, he explained, Iran has fewer qualms about launching a destructive attack.
"You have nation-states like Iran who are developing this capability, and they're not a rational actor when it comes to trying to disrupt or cause a catastrophic attack to our U.S. economy," the chair of the House Permanent Select Committee on Intelligence said during a speech Wednesday reintroducing his Cyber Intelligence Sharing and Protection Act, better known as CISPA.
Rogers said that Iran had already displayed its willingness to wreak havoc abroad in the attacks last August against the Saudi Aramco oil company and the Qatari gas firm RasGas, which wiped the data from 30,000 computers and kept employees off email for more than a week.
The U.S. government has yet to name a culprit in those attacks, but Rogers said that, based on his conversations with private sector cyber security analysts, he is "99.9 percent sure" that Iran was behind them.
"That's a new level of capability," said Rogers. "They have obviously aggressively stepped up their campaign."
He then pointed to last fall's denial of service attacks against U.S. banks as also being the work of Iranian cyber operators, though he acknowledged those attacks were far less sophisticated and damaging.
"Most people believe that was a probing action, they're trying to find deficiencies in our systems to find a better way to come back and cause some catastrophic disruption," Rogers said. "You can imagine how devastating it would be, not just getting into that system but actually breaking that system, manipulating and changing data, and destroying data. Devastating. That could bankrupt a company."
Rogers said that Russia and China would be unlikely to attack the United States in peacetime, but that Iran is a different story.
"I think they're eager and ready to ramp up their actions against the United States," he said to reporters after his speech. "Here's a country that's feeling isolated. Sanctions are hurting badly. You saw them reach out and strike Aramco. This is the same country that tried to kill the Saudi ambassador here in Washington DC. This is not a country that's going to make a rational decision about attacks of this nature."
Wikimedia Commons
Posted By John Reed
Friday, February 1, 2013 - 7:22 PM
Chinese hackers' espionage efforts against the networks of U.S. news organizations including the New York Times and Wall Street Journal prompted several House lawmakers to call for a renewed effort to pass cyber security legislation.
"Attacks like this and the recent cyber attacks on U.S. banks, are further evidence that we must harden our networks against espionage by enacting comprehensive cybersecurity legislation to bolster our defenses against enemies who seek to steal our intelligence, intellectual property and dismantle our critical infrastructure," said Rep. Mike McCaul (R-Texas), chair of the House Homeland Security Committee in an email statement to Killer Apps.
Rep. Mike Rogers (R-Mich.), chair of the House Permanent Select Committee on Intelligence made a similar call for Congress to move ahead with cyber security legislation in the face of a "relentless and sweeping" cyber espionage effort by China.
"The attacks on the U.S. banking industry and now major media outlets who dared publish stories critical of the Chinese government prove this is not a theoretical threat," said Rogers in a statement to Killer Apps. "Foreign cyber attackers are targeting every aspect of the American economy every day and Congress needs to act with urgency to protect our national security and our economy."
Rogers tried late last year to reintroduce the Cyber Intelligence Sharing and Protection Act, or CISPA that he sponsored in early 2012.
CISPA would have allowed the government to share intelligence about online threat signatures with companies. It would have also allowed companies to quickly notify the government if they believed they were under cyber attack, without being legally liable for improperly sharing customers' private information.
That bill passed in the House last April. However, it failed in the Senate after criticism by civil liberties advocates such as the ACLU, and Internet activist groups such the Electronic Frontier Foundation and the Mozilla Foundation (the creators of Firefox).
Rogers' committee last year warned American businesses against doing business with Chinese telecomminucations giants Huawei and ZTE, claiming the two firms were spying on U.S. businesses on behalf of the Chinese government.
Rep. Jim Langevin (D-RI.), co-chair of the Congressional Cybersecurity Caucus called for the establishment of international norms of behavior for dealing with cases of cyber aggression in addition to cyber security legislation in the United States.
"I have long pushed for international cooperation on cyber that includes establishing practices for responding when a country either condones or actively participates in significant cyber crime, espionage or attacks," said Langevin in a statement to Killer Apps. "However, we must remember that one of the greatest challenges in cybersecurity is the difficulty of attribution, so it is critical for the government and for private companies to take responsibility for protecting themselves. Most importantly, I continue to implore my colleagues to recognize the urgency with which we must act on cybersecurity by passing legislation that will make information sharing easier and address the vulnerability of our critical infrastructure."
Wikimedia Commons
Posted By John Reed
Friday, February 1, 2013 - 4:21 PM
The cyber attacks by Chinese hackers against the New York Times and Wall Street Journal, and possibly Bloomberg, are just the latest episode in a long-term effort by China against the West, says one cyber security expert whose firm was hired to defend the Times networks from the attackers.
While the hacks against the Times and Journal are considered pretty low-key cyber crimes (since they didn't steal money, property, or destroy the newpapers' networks) in the United States, China may view them as part of an almost military-style campaign to secure its rise a major world power, according to Richard Bejtlich, chief security officer at Mandiant, the IT security company hired by the Times to respond to the attacks,.
"I tend to [view] war from the perspective of the East; war is an ongoing condition that involves social, political, economic [efforts], it's not strictly troops on a field," Bejtlich told Killer Apps. "So from that perspective, [the hacks are] part of the global cyber war that the East is waging more or less against the West."
The attacks against the newspapers are the latest in a long list of cyber espionage attacks against U.S. targets -- ranging from defense contractors working on the F-35 Joint Strike Fighter program to the White House and even Washington think tanks.
"There's been no slowdown" in the onslaught of cyber attacks emanating from China, despite the ever increasing amount of attention Chinese hackers have been getting in the press, said Bejtlich.
The attacks are aimed at getting intelligence that may help Chinese leaders gain insight about their U.S. counterparts decision-making, learn military secrets, and steal intellectual property than can help Chinese businesses produce military and civilian technology that is on par with products made in the West.
"Almost universally, we don't see these type of actors seeking to do destructive activities," said Bejtlich. "Though with the level of access that they have, it wouldn't be a problem, it's just not one of their goals."
The spear phishing attacks against the newspapers were "not that sophisticated," he added. "This wasn't the best stuff we'd ever seen, for sure."
In the case of the news outlets, Chinese officials appear to want to learn what stories are being written about them before they are published. This gives China's propaganda machine a head start in pushing out a pro-China narrative, according to Bejtlich. It's an approach that has backfired, in this case, making China look worse. "This was a bad day for them," said Bejtlich.
"This was reconnaissance, espionage -- this was not a disruption attempt," said Bejtlich. "They wanted to know what [the newspapers] were going to report and who their sources were."
In the Times' case, the hackers were looking for information that reporters gathered from public documents in China for a story on the wealth of China's premier, Wen Jiabao.
"The sources were very important. The Chinese were operating from a position of, ‘who is feeding you information about the Wen family so that we can handle those people,'" added Bejtlich. "They were basically leak obsessed."
The Times and Journal are not the only major media outlets that have been targeted by Chinese hackers, according to Bejtlich. He put the number at "not quite double digits but close."
Wikimedia Commons
Posted By John Reed
Thursday, January 24, 2013 - 6:53 PM
Sen. John Kerry (D-MA) mentioned the need for "cyber diplomacy" during his confirmation hearing to be the next secretary of state today. No, Kerry wasn't talking about diplomats sending Someecards to one another when he dropped the term on his fellow senators.
He was discussing the need for the international community to develop a host of new standards, or norms of behavior in cyber space.
Kerry was responding for questions from Senate Majority Whip Dick Durbin (D-IL) who called for Kerry's thoughts on the secretary of state's role "in a world where cyber security is our greatest threat."
Kerry said Durbin's description of cyber as the world's greatest threat "hit the nail on the head."
"I guess I‘d call [cyber] the 21st-century nuclear weapons equivalent," said Kerry. "We are going to have to engage in cyber diplomacy and cyber negotiations and try to establish rules of the road that help us to be able to cope with this challenge."
"There are enormous difficulties ahead in that," he added, pointing out that some nations have very different views on what norms of behavior in the cyber world should look like -- a statement echoing those made by U.S. defense officials.
"I think most diplomacy is an extension of a particular nation's interests and in some cases it's an extension of their values," said Kerry. "Sometimes, you're more weighted toward interests than values ... this is one where we're going to find a way to address the interests with other states to somehow find common ground, if that makes sense to you, we're going to have to dig a lot deeper."
Those "interests" he was referring to may have been China's alleged widespread use of cyber espionage as a tool to steal Western business and defense secrets. Russia's -- and China's -- view that it's alright for countries to monitor their citizens Internet behavior and censor what they view online, Pentagon officials have told Killer Apps in the past.
He also called cyber security bills -- legislation that has so far failed to move forward in Congress despite years of attempts -- as a "very small step in trying to deal with this issue."
"Every day while we sit here, right now, certain countries are attacking our systems, they are trying to hack in to classified information, to various agencies of our government, to banking structures -- money has been stolen from accounts and moved in large sums," said Kerry. "There's a long list of grievances with respect to what this marvel of the Internet and the technology age has brought us."
"It's threatening to our power grid, it's threatening to our communications, it's threatening therefore to our capacity to respond and there are people out there who know it," said Kerry. "There are some countries who we are engaged with -- and all the senators know who they are -- who have a very good understanding of this power and who are pursuing it."
Here's what Killer Apps reported in September about U.S effort to establish cyber norms based on the laws of armed conflict and the resistance it's met, especially from Russia and China, according to Eric Rosenbach, deputy assistant secretary of defense for cyber policy.
"There are several countries right now that are very aggressive in cyberspace and are likely trying to create norms [of cyberspace behavior] that would be unstable for the international community because they are so aggressive," Rosenbach said. "It's still not completely clear what's acceptable and what's not acceptable and several nations different than the United States have very aggressive notions of what's acceptable."
Russia and China are focused more on controlling citizens' activities on the internet rather than limiting attacks on nations' critical infrastructure, he said.
"There are other countries, the Chinese and Russians in particular, that don't think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."
Rosenbach went on to call this a "nonstarter."
"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn't something we're interested in at all," he said. "There are other areas -- in particular, the theft of intellectual property -- because that's a major problem for the United States right now, where there are very different ideas about what's acceptable and what's not."
Getty Images
Posted By John Reed
Tuesday, January 15, 2013 - 3:40 PM
Defense Secretary Leon Panetta is discussing the U.S. government's effort to establish international norms of behavior in cyberspace during his trip to Europe this week.
"That's going to be on the agenda for Secretary Panetta's trip to Europe this week, it'll probably be something that he talks about in his speech in London at the end of the week," a U.S. government official told Killer Apps over the weekend. "As we look at Secretary Panetta's tenure, this is something that remains in the front of his mind as a key priority."
The outgoing U.S. defense secretary just wrapped up a meeting today where he discussed the topic with his Spanish counterpart Defense Minister Pedro Morenes Eulate in Madrid, Spain, according to the official who just updated Killer Apps.
After seeing billions of dollars in intellectual property stolen and physical damage done to some nations via cyber attacks, the U.S. has been trying to get nations around the world to subscribe to a set of acceptable behaviors in cyberspace that are based on the law of armed conflict. However, the process of establishing universally agreed upon codes of conduct in the relatively new domain of cyber will take decades, cautions another U.S. official.
"The nature of it is very slow. It's something that will occur over the course of decades rather than months," the second U.S. official told Killer Apps. "We place a lot of emphasis on it, we have ongoing talks with the Chinese, we engage with the Russians and then on a very regular, frequent basis we're talking with our Five Eyes allies, the folks in NATO, the European Union and others."
"That's the way you do it, you come to a common understanding" as to what behaviors the international community deems acceptable.
A key sticking point so far has been that the U.S. and its allies want the norms to focus on things like international cooperation to ban intellectual property theft, while nations such as China and Russia want the norms to leave them free to censor what their citizens view online.
U.S. Department of Defense
Posted By John Reed
Thursday, October 25, 2012 - 4:46 PM
As cybersecurity grows in importance, the United States and its allies need to improve information-sharing and collaboration on cyber threats, Homeland Security Secretary Janet Napolitano said today.
While the United States does share information about cyber threats with some allies via existing mechanisms such as the Five Eyes agreement, it does so on an ad hoc basis. There is no specific structure for sharing cyber intelligence despite the fact that cyber threats and attacks crisscross international boundaries, said Napolitano after a speech on cybersecurity at the Center for Strategic and International Studies.
"Cybersecurity, first of all, it is inherently international, it respects no national boundaries," Napolitano said. "Second, there are no international protocols or frameworks on which to hang things. Thirdly, there is a wide disparity in technological capacity among different countries, so it's really an area that requires a lot of work, but the plain fact of the matter is we have to work internationally."
As Killer Apps has reported previously, Pentagon officials have argued that rapid information-sharing between allies is badly needed to defeat cyber attacks since the cyber domain transcends national borders. Hackers in one country going after networks in another can often disguise their attacks to appear as if they are emanating from servers in a third nation. As Napolitano pointed out today, not all countries have the ability to detect cyber threats and attacks quickly. This means that a country whose servers are hijacked may not even know that it is hosting an attack.
"This is one area where there will needs to be a lot of work over the next, I will say months and years, it is not well developed yet," said Napolitano.
In addition to improving information-sharing with its allies, the United States is working to establish international "norms of behavior" in the cyber arena that are based on the law of armed conflict. These norms would define acts of cyber war, espionage, and crime and would establish what constitutes an appropriate response to such acts. However, these efforts are being held up by nations such as Russia and China, Pentagon officials say.
Here's what Eric Rosenbach, deputy assistant secretary of defense for cyber policy, told Killer Apps about the matter last month:
"We look at cyber just like you would look at any other form of warfare or military operations," Rosenbach said. "So the law of armed conflict applies, and within that you can already interpret what would be acceptable in cyberspace. We don't have a lot of case history to back up the customary aspect of it in international law, but we think that the framework is already there."
Russia and China are focused more on controlling citizens' activities on the Internet rather than limiting attacks on nations' critical infrastructure, he said.
"There are other countries, the Chinese and Russians in particular, that don't think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."
Rosenbach went on to call this a "nonstarter."
"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn't something we're interested in at all," he said. "There are other areas -- in particular, the theft of intellectual property -- because that's a major problem for the United States right now, where there are very different ideas about what's acceptable and what's not."
Wikimedia Commons
Posted By John Reed
Monday, October 8, 2012 - 1:16 PM
Representatives Mike Rogers (R-Mich.) and Dutch Ruppersburger (D-Md.) unveiled their report accusing Chinese telecomm giants Huawei and ZTE of spying on American companies for the Chinese government today. Bottom line, the report recommends that U.S. businesses, especially those involved in "critical infrastructure," stop buying Huawei and ZTE products until the companies play by the rules.
Rogers, chair of the House Intelligence Committee, claimed during a press conference to unveil the report that Huawei and ZTE are likely breaking the law in the United States -- doing everything from bribing an unnamed company or official to "beaconing," or passing lots of sensitive data about U.S. companies' back to China in the middle of the night (a claim that a Huawei spokesman denied after the press conference until he was nearly red in the face).
Rogers and Ruppersburger refused to provide more details or evidence about their allegations of wrongdoing other than saying they came from a thorough investigation.
Rogers said that during the lawmakers' yearlong investigation they spoke with everyone from current American employees of the two telecoms -- who were willing to reveal some of their alleged bad behavior -- to Chinese officials from the companies who weren't exactly cooperative, if you ask Rogers.
Rogers said that these firms are not "private entities" but rather are legally bound to conduct the industrial espionage he accused them of on behalf of the Chinese government.
Apparently, the investigation collected enough dirt on Huawei that the FBI is opening an investigation into "a clear case of bribery to get a contract in the United States," according to Rogers.
Among the key recommendations:
- The U.S. government and government contractors shouldn't use anything made by the two companies and the Committee on Foreign Investments in the U.S. (CFIUS) should block any acquisitions, mergers or takeovers involving Huawei and ZTE given their "threat to U.S. national security."
- U.S. network providers and systems developers should "seek other vendors for their projects."
- The U.S. government should investigate unfair trade practices, especially illegal Chinese government subsidies to companies like Huawei and ZTE that allow Chinese businesses to undercut their competitors.
- Chinese companies should become more transparent and responsive to U.S. legal obligations.
- The U.S. Congress should consider legislation dealing with the risk posed by telecoms with "nation-state ties or otherwise not clearly trusted to build critical infrastructure." Such legislation could involve increasing private companies ability to share information on cyber threats and increasing the CFIUS' ability to review purchasing agreements.
Now, here's the unclassified version of the report.
Huawei-ZTE Investigative Report (FINAL)
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.
Read More
May/June 2013
-
Profile
-
FP Power Map
-
Think Again
Follow us on Twitter | Visit us on Facebook | Follow us on RSS | Subscribe to Foreign Policy
About FP | Meet the Staff | Foreign Editions | Reprint Permissions | Advertising | Writers’ Guidelines | Press Room | Work at FP
Services:Subscription Services | Academic Program | FP Archive | Reprint Permissions | FP Reports and Merchandise | Special Reports | Buy Back Issues
Privacy Policy | Disclaimer | Contact Us
11 DUPONT CIRCLE NW, SUITE 600 | WASHINGTON, DC 20036 | Phone: 202-728-7300 | Fax: 202-728-7342
FOREIGN POLICY is published by the FP Group, a division of The Washington Post Company
All contents ©2013 The Foreign Policy Group, LLC. All rights reserved.
