In an interview with Thinq.com, HBGary CEO Greg Hoglund joins the growing list of security experts who are pointing the finger at China as being the number one threat to our nation's cybersecurity efforts.
Western security experts have been openly speculating that China may be behind the recent unauthorized network access events at several U.S. defense contractors, and that they may also be responsible for the RSA SecurID breach as well.
Some, like Hoglund, believe we are witnessing the dawn of a new 'cold war', but this time the race is on to obtain dominance in the virtual world of cyberspace.
When asked where the single biggest threat resides, Hoglund responded,"China. There's a kind of cyber Cold War going on right now. I see it every day. The trouble, he says, is that few are willing to admit it. Most security companies won't come out and say it. The [US] government won't seem to out them for what they're doing either."
Espionage operations tied to China include the routine theft of corporate trade secrets and technology through the use of sophisticated attacks which suggest that the Chinese government is orchestrating and coordinating the wholesale theft of information that could ultimately undermine U.S. companies' ability to compete economically.
On state sponsored infiltration operation based out of China, Hoglund says, "they're everywhere. Malware that looks like kids have written it is being used to steal weapons plans... The only way it to find them and root them out... Enterprises shouldn't expect governments to save them. They need to protect themselves."
Hoglund believes the biggest threat is to systems that govern critical infrastructure, such as communications, transportation, the nation's power supply, and the financial sector.
"I predict there will be at least one major attack on an infrastructure target by a terrorist group between 2010 and 2020. And it's really scary," Hoglund stated.
In the interview, Hoglund also addressed the headline-making breach at sister-company HBGary Federal earlier this year which forced the company to withdraw from participating in the RSA Conference and other events.
"Computer security is a human problem," Hoglund said referring to former HBGary Federal CEO Aaron Barr's mistake of reusing weak passwords for multiple account logins.
Barr had resigned from HBGary Federal in the wake of a devastating breach and subsequent criticism regarding some of the company's business practices.
In January of this year, HBGary Federal's systems were breached in an operation conducted by the rogue movement Anonymous, and the subsequent release of tens-of-thousands of company emails revealed multiple instances of ethically questionable covert operations involving the security company.
The leaked emails showed that HBGary Federal, Palantir Technologies and Berico Technologies were involved in developing WikiLeaks counter-operations strategies for Bank of America and proposed disinformation campaigns, cyber attacks against network systems, and strong-arming journalists.
Other information released in the breach show the companies were engaged in developing strategies to infiltrate other civil activist groups, and plans to use social media for distributing government propaganda. There was also evidence that HBGary Federal was involved in developing an undetectable, full command and control cyber offensive weapon called Magenta.
Hoglund maintains that no critical data was stolen from the company, including proprietary source code, as some reports had suggested, that the infiltration was not as sophisticated as has been portrayed in the media, and that the company suffered no long term detrimental impact to their business operations.
"There was no hacking involved. They had all the access they needed. [But] they were a million miles from the goodies, though... We've still got all our customers, and the second quarter this year was our best yet," Hoglund said.