Pages

23 July 2015

U.S. Government Data Breach Exemplifies China's Cyber Insecurities


7/19/201

Over the past several weeks, revelations that US government databases have been penetrated have been updated with the news that the intrusion is much worse than had been previously thought. It was initially reported that a little over four million current and former US government employees had their records accessed–and that figure rose, then rose again – and again. The most recent report was that the personal information of well over 21 million current and former US government employees, family members, etc, have been compromised.

Likewise, what has been stated about the type of information that was accessed has been repeatedly revised – each time in a negative direction. At first the public was told that the hackers had gotten a limited amount of basic personal information on some US government employees, then the extent of the information that was accessed was broadened until it was admitted that a vast trove of highly personal information from security clearance applications were accessed. If you’ve ever applied for a US government security clearance, you know how intrusive the questioning is. All financial information, sexual activities, marital and other family problems, have apparently been compromised on close to 7% of the total US population. The seriousness of the data breach has been indicated by the fact that Office of Personnel Management (OPM) director Katherine Archuleta has been forced to resign.

Sylvia Burns, CIO of the Interior Department, speaks during a hearing of the House Oversight and Government Reform Committee last month. Following disclosures of devastating breaches of US government computer networks, officials told lawmakers even more intrusions may be discovered with investigations and deployment of new security tools. (BRENDAN SMIALOWSKI/AFP/Getty Images)

The Obama White House has been careful to not formally name China as the perpetrator, yet private security firms which have long experience tracking Chinese cyber activities, Members of Congress who have been briefed by intelligence officials,and even James Clapper, the Director of National Intelligence, have all pointed to China as the likely source of the hacking.

Putting the breaches in context

While the OPM intrusion has been deeply damaging to the US, particularly to its intelligence capabilities, in order to be better understood, the breaches need to be placed in the context of a deep sense of Chinese vulnerability before perceived American advantages in the realm of advanced technology, information security and cyber warfare, and Sino-American competition more broadly.

America’s overwhelming and quick victory in the First Gulf War in 1991 shocked the Chinese military and caused a revolution in Chinese strategic planning that sought to emulate the American strengths – particularly the use of advanced technology and information control. In American military engagements since, from Kosovo to Afghanistan to Iraq, the advantage held by the United States in network-centric warfare has only increased the Chinese realization of how far behind they were, as well as their determination to catch up. The development and growth of the internet and computer networking since the early 1990s has helped to reinforce the Chinese belief that information control is the “new strategic and tactical high ground,” as a 2012 report for the US-China Economic and Security Review Commission termed it.

China is developing its cyber warfare capabilities

The Chinese are, accordingly, putting massive resources into gaining ground in this area. A recent US Army War College study notes that:

The People’s Liberation Army (PLA) is preparing for total cyber warfare. They are conducting cyberspace reconnaissance; creating the ability to do economic harm and damage critical infrastructure; preparing to disrupt communications and information systems necessary to support conventional armed conflict; and readying to conduct psychological operations to influence the will of the American people.

The PLA has not directly acknowledged its offensive cyber warfare capabilities until last year, when the PLA’s Academy of Military Sciences published an updated edition (new editions tend to come out only every ten to twenty years) of its authoritativeScience of Military Strategy. Cyber warfare is the topic of a full chapter of the new edition, which states, among other things, that the PLA has offensive cyber capacity, and that the Ministries of State Security and of Public Security also have offensive cyber capabilities.

The purpose of this public revelation on the part of the PLA appears to be to act as a deterrent, in the same way that the Chinese have publicized new conventional weapons systems meant to neutralize American strengths, such as the announcement a few years ago, meant to make the United States hesitate before committing a US aircraft carrier battle groups into the area surrounding China, that China had developed a “carrier killer missile”, and the very public testing of anti-satellite weapons.

U.S. is still ahead

Despite the massive Chinese investments into control of information networks and cyber warfare, however, and despite their obvious recent successes in penetrating the systems that control the US infrastructure and economy, the theft of massive amounts of advanced industrial and military technology (including much of the technology that went into development of the F-35), etc., the Chinese are still playing catch up. The latest hack of US government personnel files which have, admittedly, done much to harm US national security in general and much to assist the Chinese in their own endeavors, do not negate the fact that the US still holds decided advantages in the cyber realm – and the Chinese recognize this fact.

Among the most important advantages is the fact that the NSA and the US Cyber Command have the world’s most advanced capabilities, and have used those capabilities to quite successfully target China for at least the past fifteen years. Classified documents released by Wikileaks as part of the release of documents from Edward Snowden reveals that the NSA has not been inactive in targeting China. A group labelled “Tailored Access Operations” (TAO) has been penetrating the information networks of the Chinese, and others, since the late 1990s, with considerable success.

Among other things, the group has made a practice, known as “fourth party collection”, of allowing other countries, including China, to do our spying for us – penetrating information networks of interest to us as well – while we looked over their shoulders and gained access to all of the information gleaned without anyone’s knowledge. The Snowden release did much to stoke Chinese paranoia. The documents revealed that the NSA had the capability “to tap into Chinese SIGINT [Signals Intelligence] collection,” and that NSA cyber spies had been able to obtain source code for Chinese malware. At one point, the NSA succeeded in penetrating the computer of a senior Chinese military official and accessed lists of Chinese hacking targets in the US government. The documents also indicated that the United States had penetrated Chinese mobile phone companies, the servers of Tsinghua University, which serves as a key internet communications hub for the whole of China, and had therefore mined data on millions of Chinese citizens (does that last one sound familiar?).

In addition, the Snowden revelations of the Prism program made the Chinese suspicious of the vulnerabilities created within China by the dominance of western IT firms in the Chinese market given suspected cooperation between many of these firms and the US government. One anonymous source within China expressed Chinese concerns well when he stated that since “many of our core information technology systems are basically dominated by foreign hardware and software firms” and since there were suspected connections between the US government and firms such as Oracle, Cisco Systems, IBM and EMC, among others, that this created a security nightmare for China, wherein its information networks were heavily compromised.

The recent Chinese government demands that Western technology firms create backdoors for the Chinese government to use, to give Beijing encryption keys, and, most importantly, to hand over their source code, is not just about stealing Western intellectual property (although gaining access to this advanced technology is certainly a key motive on the part of Beijing) therefore, but is also evidence of the Chinese belief that the US government is potentially in a dominant position in control of information networks even within China. Given that the control of information within China is considered by the Chinese government to be a key to regime survival, the Chinese Communist Party sees this threat from the United States to be very serious (a very good report written by the Center for a New American Security last December highlighted the link the Chinese regime perceives between regime stability and survival and network security). Indeed, Chinese President Xi Jinping asserted last year that “No internet security means no national security.”

The Snowden revelations of the Prism program and of the existence of a well resourced group of hackers within the NSA who have been targeting China have accentuated the Chinese sense of vulnerability and fed into the story the Chinese have told themselves for decades (and strategic reality for any nation depends as much as anything else on the stories that nation tells itself) that the goal of the United States is to target China and deny it its rightful place in global leadership. The revelations have also made China more aggressive in its attempts to use offensive cyber warfare operations against the United States – viewing it as a kind of revenge for previous US successes against China.

China’s cyber warfare strategy

In terms of the strategic competition with the United States, China has long viewed cyber warfare to be a key part of the PLA’s attempt to develop its asymmetric warfare capabilities, through which it hopes to level the playing field with the United States and its greater military strength by attempting to neutralize American command, control, communications, computer, intelligence, surveillance, and reconnaissance (C4ISR) operations. As Jen Weeden, an official with a firm that has much experience tracking Chinese activities in cyber space, testified this past spring before the US-China Economic and Security Review Commission:

Cyberspace is an asymmetrical domain, where a single attacker can generate work for hundreds, if not thousands, of defenders. . . . National-state backed groups are capable of circumventing even the best defenses, because they are well resourced and relentless in pursuit of their goals.

The benefits of a well developed cyber warfare capability, particularly for a nation facing a stronger military opponent, are potentially great.

The sensational recent news of Chinese successes have made it easy to give the Chinese too much credit for their cyber capabilities, and to believe that the United States is behind in the competition. As pointed out above, the Chinese certainly do not hold this view, despite their recent successes. Chinese successes have many times occurred not due to Chinese capabilities being particularly advanced, but due to defenses being so poor. The previously cited 2012 report by Northrop Grumman information security analysts written for the US-China Economic and Security Review Commission makes this point.

What cyber warfare means for U.S.-China relations

Perhaps the most important and troubling aspect of the growing level of tension and mistrust in Sino-American cyber relations is the fact that it symbolizes the broader fragility of the Sino-American relationship. As such, the cyber hostility is a useful prism through which to view the broader relationship and its increasingly confrontational trend line as China seeks to challenge the American-led international order, particularly in Asia.

The aggressive Chinese behavior in the cyber realm evidences Beijing’s sense of vulnerability and insecurity as much as anything else. The combination of this insecurity, which only seems to become more pronounced as China’s power grows, with the quickly increasing importance of cyberspace and information networks as a tactical and strategic high ground makes it a certainty that Chinese activity in this realm will only become increasingly aggressive, and that the struggle for control of that high ground between the United States and China is just beginning to heat up.

No comments:

Post a Comment