Stone, R. March 1, 2013. A Call to Cyber Arms. Science, Vol. 339 no. 6123 pp. 1026-1027
China’s extensive cyber research activities and allegations over cyber espionage have put the United States on high alert.
XI’AN, CHINA—The leaflet posted in the school of information engineering here at Xi’an Jiaotong University was brief but enticing, offering computer-savvy graduates a hefty stipend and the chance to serve their motherland. “I was curious,” says Liu, who asked that only his surname be used in this article. It was the spring of 2007, and Liu, then 24 years old, was wrapping up a master’s degree in computer algorithms. Encouraged by his supervisor, Liu called the number on the leaflet; that summer, he joined an elite corps of the People’s Liberation Army (PLA) that writes code designed to cripple command-and-control systems of enemy naval vessels.
PLA writings call the electromagnetic spectrum “the fifth domain of battle space,” putting cyberspace on an equal footing with ground, air, sea, and space. Cyber conflicts “threaten national security and the very existence of the state,” two scholars with the Academy of Military Sciences wrote in China Youth Daily in 2011. State media regularly tout PLA activities in cyber defense, a catchall term encompassing everything from surveillance and espionage to weapons such as electromagnetic pulse generators that disable computer networks and malware designed to take down power grids or contaminate water supplies. Augmenting PLA efforts is a legion of civilian researchers and hackers whose efforts ostensibly are directed at repelling electronic intruders. In 2011, more than 8.5 million computers in China “were attacked by rogue programs every day,” a 48% increase over the previous year, says Li Yuxiao, a cyber law expert at Beijing University of Posts and Telecommunications.
But evidence is accumulating that China can dish it out, too. In a report issued last week, the U.S. computer security firm Mandiant tracked one especially adept group of hackers, sometimes called the Comment Crew or Comment Group, to a neighborhood in Shanghai housing Unit 61398, a bureau of the PLA General Staff Department’s Third Department. According to Mandiant, other computer security analysts, and U.S. State Department sources, hackers in China have gathered gigabytes of data on industrial secrets, military hardware, and government strategy for political negotiations.
This is not a unilateral arms buildup. Another heavyweight in the cyber arena is Russia; hackers took down Georgian government servers in advance of Russia’s invasion of that former Soviet republic in August 2008. The United States, too, has gone all-in on cyber warfare. In 2009, it established the U.S. Cyber Command in Fort Meade, Maryland, to conduct “full-spectrum military cyberspace operations.” The Defense Department’s operational needs “will require the integration of cyber and electronic warfare at unprecedented levels,” said Regina Dugan, then-director of the U.S. Defense Advanced Research Projects Agency, in a statement released by DARPA before the Senate took up the 2013 defense authorization. According to U.S. Defense Secretary Leon Panetta, the Pentagon spends about $3 billion a year on cyber security.
Now that Pandora’s box is open, the United States fears that it, too, may someday be on the receiving end of an effective attack. In his State of the Union speech on 12 February, U.S. President Barack Obama declared that unidentified enemies are “seeking the ability to sabotage our power grid, our financial institutions, [and] our air traffic control systems.” That day, he signed an executive order to strengthen cyber defenses and called on Congress to pass legislation that would “give our government a greater capacity to secure our networks and deter attacks.” Last week, the U.S. Department of Energy announced $20 million in funding for the development of technologies to strengthen the cyber security of delivery systems for electricity, oil, and gas.
A one-two punch featuring a cyber attack on critical infrastructure and a physical strike against U.S. targets could leave the country reeling from a “cyber Pearl Harbor,” Panetta warned in a speech last October. “It would paralyze and shock the nation and create a new, profound sense of vulnerability,” he said.
Raising an army
In a conflict in the Pacific, the USS Blue Ridge, the U.S. Navy’s command ship in the region, would be a ripe target for a cyber strike.
At Dalian University of Technology in northeast China, a pair of researchers funded by the science ministry and the National Natural Science Foundation of China published a report in Safety Science in July 2011 on vulnerabilities in the western U.S. power grid.
China so far has shown only some of its cards. Chinese hackers have allegedly used computer network exploitation techniques such as spearphishing, in which malware is embedded in target computers, to harvest data from a long list of Fortune 500 companies, think tanks, and government agencies. Since 2006, the Mandiant report documents, the Shanghai-based hacking group it tracked has pilfered hundreds of terabytes of data from 141 organizations, including 115 in the United States. Information technology and aerospace firms were targeted most frequently. Mandiant said it believes the activity it observed “represents only a small fraction of the cyber espionage” committed by the Shanghai outfit.
Delays and cost overruns in the U.S. F-35 fighter jet program “may be the result of cyber espionage, as could the rapid development of China’s J-20 stealth fighter,” Lewis testified before the U.S. Congress last April. “Cyber espionage is the most pressing threat we face,” he asserted.
Related articles
- Cyber Attacks an unprecedented threat to U.S. National Security, a review of U.S. House of representatives March 21, 2013 session on Cyber attacks
- Will we go out with a whimper instead of a bang? Cyberwar more likely than nuclear war
- It’s only a matter of time before Cyber Terrorists launch attacks
- Military Threats: Peak oil, population, climate change, pandemics, economic crises, cyberattacks, failed states, nuclear war.
- China is working on cyber attacks of our infrastructure and stealing secrets
- Emergency drill: Cyberattack on electric grid. Wald, Matthew L. August 16, 2013. As Worries Over the Power Grid Rise, a Drill Will Simulate a Knockout Blow. New York Times.
- Cyber Attack Methods. Who are the cyber attackers?
- Energy infrastructure cyberattack targets
- Actual cyber attacks
- House hearing: protecting small businesses against cyber-attacks 2013
- S. House: Iranian cyber threat to the United States
Electric Grid
- Electric grid large power transformers take up to 2 years to build. Excerpts from Department of Energy “Large Power transformers and the U.S. electric grid”.
- EMP effect on electrical transformers. A review of Dr. Jeff Masters 2009 “A future Space Weather catastrophe: a disturbing possibility”.
- The EMP Commission estimates a nationwide blackout lasting one year could kill up to 9 of 10 Americans through starvation, disease, and societal collapse
- Electromagnetic pulse threat to infrastructure (U.S. House hearings) from the transcripts of the 2012 and 2014 hearings
- Chip Fab Plants need electricity 24 x 7. The electric grid needs chips. The Financial system needs both.
- Electric Grid Overview
- Terrorism and the Electric Power Delivery System. National Academy of Sciences. Excerpts from the National Academy of Science 2012 “Terrorism and the Electric Power Delivery System” & 2013 “The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters”
- What would happen if the electric grid was cyberattacked?