13 December 2018

The coming cyberwar: China may already be monitoring your electronic communications

BY MORGAN WRIGHT

“Sometime they’ll give a war and nobody will come.”

In Carl Sandburg’s epic book-length poem “The People, Yes” from 1936, one of the best-known antiwar slogans was born. It highlighted the isolationist stance the United States kept prior to World War II.

Then we were at war. From Pearl Harbor and the Battle of Guadalcanal in the Pacific, to D-Day and Operation Market Garden in Europe, America’s soldiers, sailors, and airmen battled for freedom around the world, supported by the ferocious war machine back home.

But, today, what if China and Russia declared war upon us and we forgot to show up?

If we don’t make the right choices now, our future might look more like ‘Man in the High Castle’ – waking up one day to find dystopia instead of utopia. And if that happens it will be of our own rush to globalism, having forgot who the good guys actually are.


The next war isn’t being fought with bombs and bullets. It’s being fought with policy, subsidies, influence operations, technology transfers and globalism. It’s being fought economically as China begins to dominate the delivery of commuter trains in the United States.

A recent DefenseOne article highlighted the goals of the ‘Made in China 2025’ industrial strategy. Since 2014 two U.S. subsidiaries of the China Railway Rolling Stock Corporation, CRRC MA in Massachusetts and CRRC Sifang Americas in Chicago have won four contracts valued at $2.5 billion. These contracts were won with massive subsidies from the Chinese government that allowed CRRC to underbid their competitors by 20 to 50 percent.

Their first win was the Massachusetts Bay Transportation Authority (MBTA) in Boston for $566 million and 284 cars. What’s on these cars? Wi-Fi. Surveillance cameras. Automatic passenger counters. Internet-of-things (IoT) technology. And Chinese software and hardware. This matters because of the freely-given intelligence our city, state and federal governments are giving the communist party. Make no mistake — the long arm of the PRC is embedded in every rail car that will be delivered.

What was the MBTA’s response? Was it to recognize the obvious ploy of ‘buying’ the bid with massive subsidies? No. MBTA’s response was to award the contract for half the amount of the next highest bid was. One could argue that saves the taxpayers of Massachusetts lots of money. Low bid doesn’t always mean best bid, and in this case, we sold out our national security to China for pennies on the dollar.

David Senty and Mark Sparkman put a finer point on this railway debacle back in August: “Independent of any economic interests, the long-term security and privacy consequences of integrating Chinese smart technologies into our transportation infrastructure are ominous. In the worst-case scenario, passenger electronic communications could be intercepted, archived and used for a variety of nefarious purposes. For example, China could track the digital identities of individual riders and match them with information China has from its previous attacks on U.S. networks. This would allow China to significantly enhance its dossiers on high-ranking U.S. officials and executives.”

On the other front, Russia has been engaged in a massive reconnaissance and targeting operation against U.S. critical infrastructure. In March, the Department of Homeland Security and FBI released a joint Technical Alert(TA) describing Russian government actions targeting “U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

These weren’t targets of opportunity. The Russian threat actors identified third-party, and usually less-secure, organizations and used them to stage the attacks. In some cases, the third parties provided the ammunition used to attack. In one case, according to the joint TA, “the threat actors downloaded a small photo from a publicly accessible human resources page. The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.”

Russia launched the first successful BlackEnergy attack against Ukraine in December of 2015. BlackEnergy was originally developed in 2007 as a distributed denial-of-service tool (DDoS). It evolved in 2014 to a full package that targeted Industrial Control Systems (ICS), embedded espionage modules, the ability to address multiple types of operating systems and KillDisk, which erases files and destroys the ability to boot up computers.

The techniques and tradecraft were honed over a six-month period. This has given Russia and its intelligence agencies the blueprint for how to map out our power grid (among other things) and prepare for an attack. According to Phil Neray, VP of Industrial Cybersecurity at CyberX, a critical infrastructure and industrial cybersecurity firm based in Boston, “Adversaries don't usually install footholds in enemy territory unless they plan to eventually launch an attack.”

Would Russia attack? They already have globally. According to Neray, “Energetic Bear has been active in our critical infrastructure since at least 2014, when they injected Havex malware into software downloads from industrial automation vendors…Infecting software downloads is also the same technique that Russian threat actors used to spread NotPetya, which caused billions of dollars in damage to industrial firms worldwide – so it's clear they aren't afraid of causing massive chaos when they decide it's time to make it happen."

Unlike the real ‘Man in the High Castle,’ we’re not going to wake up one morning and find that the eastern half of the country is under Russian control, and the western half under Chinese rule. If that were the case, we’d realize we were under attack and – just as in World War II – respond with awesome military force.

The question isn’t would we show up for a war: The question is do we recognize we’re already in a war.

Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. He’s currently a Senior Fellow at the Center for Digital Government. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.

No comments: