Are U.S. and China Engaged in a Cyber Cold War?
Last month, Chinese Vice Foreign Minister Cui Tiankai issued statements to the press in an effort to dispel the notion that China and the United States are engaged in cyber warfare activities aimed at undermining the other's security posture.
"I want to clear something up: there are no contradictions between China and the United States. Though hackers attack the US Internet and China's Internet, I believe they do not represent any country," said Cui.
But Cui's assertions run counter to an analysis published in China's leading military newspaper and re-posted on the website of China's Ministry of Defense.
"The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak. Their actions remind us that to protect the nation's Internet security, we must accelerate Internet defence development and accelerate steps to make a strong Internet army. Although our country has developed into an Internet great power, our Internet security defences are still very weak. So we must accelerate development of Internet battle technology and armament," the report stated.
Cui's statements also are in direct opposition to accusations levied by former national security advisor Richard Clarke in a Wall Street Journal opinion piece recently.
"Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America's advantage," wrote Clarke.
And western security experts have been openly speculating that China may be behind the recent unauthorized network access events at several U.S. defense contractors, and that they may also be responsible for the RSA SecurID breach as well.
Some believe we are witnessing the dawn of a new 'cold war', but this time the race is on to obtain dominance in the virtual world of cyberspace.
According to a report by ABC affiliate KITV, the U.S and China are already heavily engaged in a cyber cold war:
- "It's like the Cold War. We have the ability to bring you down, you have the ability to bring us down, so no one is doing anything," said Larry Ponemon, chairman of the Ponemon Institute.
- "It's no secret that government agencies are under attack from China. It's a significant problem, and the government has been aware of it for the past 10 to 15 years," said Prescott Winter, former CTO for the National Security Agency and currently the public sector chief technology officer of ArcSight.
- "A review of the scale, focus, and complexity of the overall campaign directed against the United States ... strongly suggest that these operations are state-sponsored or supported," a Northrop Grumman white paper suggested. "China is likely using its maturing computer network exploitation capability to support intelligence collection against the U.S. government and industry by conducting a long term, sophisticated, computer network exploitation campaign."
Recent reports link Chinese hackers to a multitude of operations directed at government and private enterprise targets, including:
The largest and perhaps most damaging operation in recent years were the Aurora attacks which targeted an unknown number of large firms, including Adobe, Northrop Grumman, Dow Chemical, Morgan Stanley, and most famously Google
"Corporations can't protect themselves against that. It's the equivalent of breaking in and installing bugs. Companies are now realizing the true cost of outsourcing. That's why Google left: Google said you can't do trusted business and run a company there," said former NSA computer scientist Dave Aitel, president of the security firm Immunity Inc.
Western corporations need to be wary of the risks posed by doing business with China, especially where the sharing of sensitive technology and proprietary information is concerned.
"I don't want to tell businesses not to go to China because it's unsafe. At the same time, risk management is necessary. It's important to operate with your eyes wide open there. China isn't Iowa" said Ernst & Young's Jose Granado.