Cyber Terror Response

Title: Pentagon To Consider Cyberattacks Acts Of War
Date: May 31, 2011
Source: New York Times 

AbstractThe Pentagon, trying to create a formal strategy to deter cyberattacks on the United States, plans to issue a new strategy soon declaring that a computer attack from a foreign nation can be considered an act of war that may result in a military response. 

Several administration officials, in comments over the past two years, have suggested publicly that any American president could  consider a variety of responses — economic sanctions, retaliatory cyberattacks or a military strike — if critical American computer systems were ever attacked.

The new military strategy, which emerged from several years of debate modeled on the 1950s effort in Washington to come up with a plan for deterring nuclear attacks, makes explicit that a cyberattack could be considered equivalent to a more traditional act of war. The Pentagon is declaring that any computer attack that threatens widespread civilian casualties — for example, by cutting off power supplies or bringing down hospitals and emergency-responder networks — could be treated as an act of aggression.

In response to questions about the policy, first reported Tuesday in The Wall Street Journal, administration and military officials acknowledged that the new strategy was so deliberately ambiguous that it was not clear how much deterrent effect it might have. One administration official described it as “an element of a strategy,” and added, “It will only work if we have many more credible elements.”

The policy also says nothing about how the United States might respond to a cyberattack from a terrorist group or other nonstate actor. Nor does it establish a threshold for what level of cyberattack merits a military response, according to a military official.

In May 2009, four months after President Obama took office, the head of the United States Strategic Command, Gen. Kevin P. Chilton, told reporters that in the event of a cyberattack “the law of armed conflict will apply,” and warned that “I don’t think you take anything off the table” in considering a response. “Why would we constrain ourselves?” he asked, according to an article about his comments that appeared in Stars and Stripes.

During the cold war, deterrence worked because there was little doubt the Pentagon could quickly determine where an attack was coming from — and could counterattack a specific missile site or city. In the case of a cyberattack, the origin of the attack is almost always unclear, as it was in 2010 when a sophisticated attack was made on Google and its computer servers. Eventually Google concluded that the attack came from China. But American officials never publicly identified the country where it originated, much less whether it was state sanctioned or the action of a group of hackers.

“One of the questions we have to ask is, How do we know we’re at war?” one former Pentagon official said. “How do we know when it’s a hacker and when it’s the People’s Liberation Army?”

A participant in the debate over the administration’s broader cyberstrategy added, “Almost everything we learned about deterrence during the nuclear standoffs with the Soviets in the ’60s, ’70s and ’80s doesn’t apply.”

White House officials, responding to the article that appeared in The Journal, argued that any consideration of using the military to respond to a cyberattack would constitute a “last resort,” after other efforts to deter an attack failed.

They pointed to a new international cyberstrategy, released by the White House two weeks ago, that called for international cooperation on halting potential attacks, improving computer security and, if necessary, neutralizing cyberattacks in the making. General Chilton and the vice chairman of the Joint Chiefs of Staff, Gen. James E. Cartwright, have long urged that the United States think broadly about other forms of deterrence, including threatening a country’s economic well-being, or its reputation.

The Pentagon strategy is coming out at a moment when billions of dollars are up for grabs among federal agencies working on cyber-related issues, including the National Security Agency, the Central Intelligence Agency and the Department of Homeland Security. Each has been told by the White House to come up with approaches that fit the international cyberstrategy that the White House published in May (New York Times, 2011)

Title: Pentagon Classifies Cyber-Attack As Act Of War
Date: June 2, 2011

Abstract: Having already been the victim of hackers of foreign origin, the 
Department of Defense has prepared a new doctrine declaring cyber-attacks an act of war that can warrant a conventional military response.

The development of the new cyber strategy has been likened to the effort of the early 1950s when military planners and administration officials grappled with how to respond to threats of nuclear attack. What eventually became known as a policy of deterrence involved varying levels of response to discourage adversaries, namely the former Soviet Union, from ever striking the U.S. or its allies with warheads.

The Obama administration is crafting its own multiple-choice options for handling future cyber-attacks that could range from economic sanctions to full-on military assault. Hacking attempts would not have to be solely directed at the Pentagon to warrant the engagement of air or ground forces by the U.S. For instance, a crippling cyber-attack on the nation’s energy supply system could produce a violent response.

“If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” a military official told The Wall Street Journal.

One stumbling block to engaging military forces would be assurance of knowing just where a cyber assault originated from. In an world where hacking utilizes servers around the world to obscure the identity of hackers, officials could find themselves lacking the smoking gun to pin blame on a foreign government or organization.

Whatever U.S. government officials are or aren’t saying publically, it is clear that the United States is already fully engaged in cyber-warfare. China is a nation where all computer activity is monitored by the government. Hackers of Chinese origin have attacked the computers of government agencies and defense contractors. Although it has attracted less media coverage, there is an unspoken acknowledgement that the U.S. cooperated with Israel in a sophisticated attack on Iran’s nuclear program (AllGov, 2011)

Title: We Are Prepared To Take Military Action Against Cyber Attackers, Warn U.S. Defence Chiefs
 November 16, 2011
Daily Mail

Abstract: Defence chiefs have warned that the U.S. is prepared to retaliate with military force if it came under cyber attack.

In the most explicit statement about cyber security to date, Pentagon officials said that they reserved the right to use ‘all necessary means to defend our allies, our partners and our interests.’

‘When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country,’ the 12-page report to Congress noted.

Hostile acts, it said, could include ‘significant cyber attacks directed against the U.S. economy, government or military’ and the response could use electronic means or more conventional military options.

The report, mandated by the 2011 Defence Authorisation Act, was made public yesterday.

Cyberspace is a particularly challenging domain for the Pentagon.

Defence Department employees operate more than 15,000 computer networks with seven million computers at hundreds of locations around the world.

The networks are probed millions of times a day and penetrations have caused the loss of thousands of files.

Their vulnerability was highlighted by the case of Bradley Manning, who is accused of stealing hundreds of thousands of documents and passing them to the anti-secrecy website WikiLeaks.

Private companies also face relentless cyber attacks, including an increasing number linked to countries like China and Russia, and they have grown increasingly frustrated about the U.S. government's lack of response.

‘There is a massive amount of frustration on the part of the private sector,’ Dmitri Alperovitch, the former vice president of threat research at McAfee, told an event hosted by the George C. Marshall Institute.

U.S. companies are losing billions of dollars to cyber theft each year, he said.

‘Nothing is being done,’ Alperovitch said. ‘Something has to be done from a policy perspective to address the threat ...

‘The fact that it is China, the fact that it is Russia. What are we going to do to face those countries and get them to stop?’

The report said the Defence Department was attempting to deter aggression in cyberspace by developing effective defences that prevent adversaries from achieving their objectives and by finding ways to make attackers pay a price for their actions.

‘Should the “deny objectives” element of deterrence not prove adequate,’ the report said, ‘DoD (Department of Defence) maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains.’

Key to a military response is being able to quickly identify the source of an attack, particularly challenging due to the anonymous nature of the Internet, the report said.

In an effort to crack that problem, the Pentagon is supporting research focusing on tracing the physical source of an attack and using behavior-based algorithms to assess the likely identity of an attacker, the report said.

U.S. security agencies also are grooming a cadre of highly skilled cyber forensics experts and are working with international partners to share information in a timely manner about cyber threats, including malicious code and the people behind it, it said.

Attacks on U.S. computer networks have become more frequent and more damaging in recent years, costing U.S. companies an estimated $1 trillion in lost intellectual property, competitiveness and damage. One defence company lost some 24,000 files in an intrusion in March.

Lani Kass, who recently retired as a senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said enemies of the United States were becoming more savvy every day.

‘You have got to assume that what we do in cyberspace can be done to us quicker, cheaper and with fewer restrictions," she told Reuters after the Marshall Institute event.

Before moving to offensive action, the United States would exhaust all other options, weigh the risk of action against the cost of inaction and ‘act in a way that reflects our values and strengthens our legitimacy, seeking broad international support wherever possible,’ the report said.

‘If directed by the president, DoD will conduct offensive cyber operations in a manner consistent with the policy principles and legal regimes that the department follows for kinetic capabilities, including the law of armed conflict,’ the report said.

The report followed the release in mid-July of the Pentagon's cybersecurity policy, which designated cyberspace as an ‘operational domain’ like land, sea and air where U.S. forces would be trained to conduct offensive and defensive operations (Daily Mail, 2011)

Title: Department Of Defense Cyberspace Policy Report
Date: November 21, 2011
Source: Department of Defense (PDF)

Abstract: What constitutes use of force in cyberspace for the purpose of complying with the War Powers Act (Public Law 93-148).

The requirements of the War Powers Resolution apply to “the introduction of United States Armed Forces into hostilities or into situations where imminent involvement in hostilities is clearly indicated by the circumstances, and to the continued use of such forces in hostilities or in such situations.”

Cyber operations might not include the introduction of armed forces personnel into the area of hostilities. Cyber operations may, however, be a component of larger operations that could trigger notification and reporting in accordance with the War Powers Resolution. The Department will continue to assess each of its actions in cyberspace to determine when the requirements of the War Powers Resolution may apply to those actions (Department of Defense, 2011)

Title: Pentagon Confirms Military Action Is An Acceptable Response To Cyber-Attack
Date: November 22, 2011
Source: eWeek

Abstract: It is official. The United States military has explicitly stated that it has the right to retaliate with military force against a cyber-attack.

In a 12-page report sent to Congress and made public Nov. 21, the Department of Defense said the military can launch a physical attack in the case of a cyber-attack against its systems. The threat of military action would act as deterrence on people who think they can carry out "significant cyber-attacks directed against the U.S. economy, government or military," the Pentagon wrote in the report, which appears to be an update to the cyber-strategy plan released over the summer.

The president would be in charge of authorizing these attacks, which are approved only to defend computer networks in "areas of hostilities" or actual battle zones, such as Afghanistan. While the report talked about the necessity of securing critical infrastructure, the report said the Pentagon would work with the Department of Homeland Security, which has oversight of this sector. It does not appear from the report that attacks on critical infrastructure by themselves could automatically lead to military action.

"When warranted, we will respond to hostile attacks in cyber-space as we would do to any other threat to our country," according to the report, which the Pentagon is mandated to complete under the 2011 Defense Authorization Act.

The Defense Department operates a massive network environment, with more than 15,000 computer networks consisting of seven million computers scattered around the world, Army Gen. Keith Alexander, head of the National Security Agency (NSA) and commander of U.S. Cyber Command, told eWEEK recently. Defense officials have stated in the past that the networks are probed millions of times a day trying to find and extract data. One defense company lost more than 24,000 files as part of a network breach in March.

The report "reserves the right to defend, not just the nation, but various other related interests as well," said Cameron Camp, a security researcher at ESET, noting that the policy would cover the use of proxy force so long as it can be considered as being in "our interests."

The United States will conduct a military strike only when all other options have been exhausted and only when the risks of not doing anything outweigh the risks of acting, the report said. The cyber-operations will still follow the same rules of armed conflict the defense department follows for "kinetic" warfare on the ground, according to the Pentagon.

The Pentagon's team of cyber-security experts are developing defenses that would block adversaries from breaching networks and make attackers pay a price for attacking the network, the report said. In addition to these "deny objectives," the DoD will maintain, and further develop, "the ability to respond militarily in cyber-space and other domains" if the defenses are not adequate, the report said.

The report said "all necessary means" could include various electronic attacks or more conventional military tactics. However, the report did not provide any details about the kind of attacks that would qualify for physical retaliation.

The challenge facing the United States military is to be able to definitely identify the perpetrators. Before launching a military strike, the army needs to improve its identification capabilities, the report said. The Pentagon is supporting research focused on tracing the physical source of an attack and developing behavior-based algorithms that can identify potential individuals as the attacker, according to the report.

The use of network proxies and chaining them together would allow attackers to hide their tracks and lead investigators on "wild goose chases that could span the globe," ESET's Camp said. Being able to assign attribution with the "degree of certainty" necessary to support military action would be a "tough test," he said. Improving the attribution capability is "easier said than done," according to Camp.

"If a bad actor is bent on causing larger nations to clobber each other (regardless of reason), this would seem to be a low-hanging fruit of the network underworld," Camp wrote.

China is often blamed for cyber-attacks. While some of the attacks are launched by Chinese criminals, there are also accusations that the Chinese government or military is backing some of the attacks on the United States. Richard Clarke, former cyber-security czar for President George W. Bush, pulled no punches in a recent speech in Washington, D.C., where he explicitly called out China for conducting cyber-espionage against U.S. companies to benefit its own economic interests.

The Office of the National Counterintelligence Executive, a U.S. intelligence arm, said in a report to Congress last month that China and Russia are using cyber-espionage to steal U.S. trade and technology secrets and that they will remain "aggressive" in these efforts.

This kind of an aggressive stance may have a "me-too" effect on other nations, Camp said. "One can only wonder if this will usher in a fresh new arms race, this time not governed by the amount of missiles, tanks, ships and planes, but by networks, hackers, bandwidth and street smart young kids to run the whole thing," he wrote (eWeek, 2011).

Title: Cyberattacks On U.S. Banks An Excuse For War?
October 28, 2012
American Free Press

Who’s really responsible for a recent series of cyberattacks on American banks? If United States officials and politicians are to be believed, the  government of Iran and its so-called “terrorist” proxies are to blame. However, some information security experts have cast doubt on this allegation, while others insist that the attacks are an obvious false-flag operation whose perpetrators have multiple, far-reaching objectives.

Word of compromised computer banking systems first surfaced in late September, when Wells Fargo, Bank of America, JP Morgan Chase and other financial institutions reported falling victim to computer network attacks that temporarily blocked many of their customers from engaging in online banking. Since then, Capital One, BB&T, HSBC and Regions banks have also reported experiencing similar disruptions to their websites.

An obscure group—identifying itself as the Izz ad-din al-Qassam Cyber Fighters—claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.

However, almost immediately following this announcement, unidentified U.S. national security officials allegedly told NBC News that this claim was just “a cover” story for the Iranian government’s cyberterrorism operations. Similarly, on October 12, another unnamed U.S. official told The Wall Street Journal that the recent attacks against U.S. banks bore “signatures” traced to “a network of fewer than 100 Iranian computer-security specialists at universities and network security companies in Iran.”

The alleged source went on to say “These are not ordinary Iranians,” and added that the “hackers don’t have the resources to mount major attacks without the support and technical expertise of the government.”

Despite the government’s claims, tracing a computer hack to its original source is far from conclusive. “In most cases, if the attacker is highly skilled, it is nearly impossible to clearly determine the origin of an event, and even more difficult to ascertain if the attack was state-sponsored or instigated by individual actors,” writes Anthony M. Freed at Security Bistro. “The use of multiple proxies, Internet routing tricks, employing compromised systems belonging to a third party and the use of spoofed [Internet computer] addresses can all be easily coordinated to give the appearance that an attack is originating far from the actual source.”

Cesar Cerrudo, an information security specialist and chief technology officer for IO/Active Labs, is also at odds with the government’s allegations.

“It’s very easy to attack some group of people or some country and make it look like it came from another country,” Cerrudo said in a recent post for network security magazine Dark Reading. “You can engage them into cyberwar via a third party.”

As an example, Cerrudo cites a 2010 hack that targeted China’s Baidu search engine by a group claiming to be the Iranian Cyber Army. “The Chinese were surprised that Iranians had attacked them,” said Cerrudo. “After that, the Chinese attacked Iran. But it turns out it wasn’t actually Iran behind the Baidu attack. Someone else attacked the Chinese to get them to attack the Iranians.” (Some say the so-called Iranian Cyber Army is or was a group of Russian hackers based outside Iran.)

Although no one can be sure who perpetrated the recent hacks on U.S. banks, many are asking the obvious question: Cui bono? (Who benefits?)

“With President Obama ready to sign an executive order to control the Internet in the name of cybersecurity, could it be more obvious that this ‘cyberattack’ is a total setup?” asked Eric Blair on the popular website Activist Post. “Especially since all versions of Internet control legislation have failed to pass in normal government channels both domestically and internationally,” he added.

Susanne Posel of another popular website, Occupy Corporatism, wrote: “Framing Iran for the American banking system’s computer failure kills two birds with one stone. Not only would the banking cartels be able to shut down all banking computers (and simultaneously siphon the remaining money in their customers’ accounts) but also use this fake cyberattack to engage the American public against Iran and justify their highly anticipated military strike.”

In a recent edition of the computer magazine Information Security, other theories were explored that have received little attention in the media. Among the possible culprits considered are hacktivist groups like Anonymous and Russian crime syndicates.

But in terms of motive and capability, Israelis top the list. Not only do they consider Iran to be the greatest threat to their existence, but they’ve also demonstrated a proficiency in cyberwarfare through the creation of sophisticated viruses that have been successfully used against Iran’s infrastructure. Recently, a new virus dubbed “mini-Flame” has targeted banks in Lebanon and Iran.

Mike Rivero, a former NASA employee and webmaster of the website What Really Happened, suspects that Israel is behind the recent attacks, and believes Israel will likely follow it up with a complete take-down of U.S. financial computers that will falsely be blamed on Iran.

“This also gets Wall Street and Washington, D.C. off the hook,” he said, “because now the financial meltdown is an act of war, rather than the result of decades of Wall Street crime and corruption and the predations of private central banks” (American Free Press, 2012).

Title: Federal Officials Take Down 132 Websites In 'Cyber Monday' Crackdown
November 26, 2012
The Hill

U.S. Immigration and Customs Enforcement and European officials seized 132 websites on Monday for allegedly selling counterfeit merchandise in a coordinated crackdown timed to coincide with the holiday shopping season.

It is the third straight year that the government has seized websites on "Cyber Monday" — the marketing term for the Monday after Thanksgiving, when many online retailers offer steep discounts and promotions.

ICE's Homeland Security Investigations unit coordinated with officials from Belgium, Denmark, France, Romania, the United Kingdom and the European Police Office to take down the sites.

"This operation is a great example of the tremendous cooperation between ICE and our international partners at the [Intellectual Property Rights Coordination Center]," ICE Director John Morton said in a statement. "Our partnerships enable us to go after criminals who are duping unsuspecting shoppers all over the world. This is not an American problem, it is a global one and it is a fight we must win."

As part of the operation, federal law enforcement officers made undercover purchases of products such as sports jerseys, DVD players, clothing and jewelry from websites suspected of selling counterfeit products.

If the copyright holders confirmed that the products were unauthorized, ICE obtained a court order to shut down the sites.

Visitors to the websites will now see only a banner informing them of the seizure and warning them that copyright infringement is a federal crime. ICE did not name the targeted sites.

The crackdown, named "Cyber Monday 3," is part of ICE's Operation In Our Sites, a program that has now seized a total of 1,630 alleged pirate sites.

Some lawmakers have expressed concern that Operation In Our Sites violates the due process rights of website owners. 

Reps. Zoe Lofgren (D-Calif.), Jared Polis (D-Colo.) and Jason Chaffetz (R-Utah) wrote a letter in August to the administration questioning whether overzealous enforcement has stifled legitimate speech.

Under the current system, the authorities confiscate the websites as asset forfeiture, much like police might seize a drug dealer's car after arresting him. But some advocates argue the website owners should have a chance to defend themselves before the site is shut down (The Hill, 2012).

Title: US Mulls Action Against China Cyberattacks
Date: January 31, 2013
Fox News

Abstract: The Obama administration is considering more assertive action against Beijing to combat a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies.

As The New York Times and Wall Street Journal reported Thursday that their computer systems had been infiltrated by China-based hackers, cybersecurity experts said the U.S. government is eyeing more pointed diplomatic and trade measures.

Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem. One official said it also will cite more directly a role by the Chinese government in such espionage.

The official said the NIE, an assessment prepared by the National Intelligence Council, will underscore the administration's concerns about the threat, and will put greater weight on plans for more aggressive action against the Chinese government. The official was not authorized to discuss the classified report and spoke only on condition of anonymity.

Secretary of State Hillary Rodham Clinton, in an interview with reporters as she wound up her tenure, said the U.S. needs to send a strong message that it will respond to such incidents.

'This is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China.'

- James Lewis, a cybersecurity expert at the Center for Strategic and International Studies

"We have to begin making it clear to the Chinese -- they're not the only people hacking us or attempting to hack us -- that the United States is going to have to take action to protect not only our government, but our private sector, from this kind of illegal intrusions. There's a lot that we are working on that will be deployed in the event that we don't get some kind of international effort under way," she said.

"Obviously this can become a very unwelcome and even dangerous tit-for-tat that could be a crescendo of consequences, here at home and around the world, that no one wants to see happen," she said.

Although the administration hasn't yet decided what steps it may take, actions could include threats to cancel certain visas or put major purchases of Chinese goods through national security reviews.

"The U.S. government has started to look seriously at more assertive measures and begun to engage the Chinese on senior levels," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. "They realize that this is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China."

To date, extensive discussions between Chinese officials and top U.S. leaders -- including President Barack Obama and Defense Secretary Leon Panetta -- have had little impact on what government and cybersecurity experts say is escalating and technologically evolving espionage. The Chinese deny such espionage efforts.

Internet search leader Google focused attention on the China threat three years ago by alleging that it had traced a series of hacking attacks to that country. The company said the breaches, which became known as "Operation Aurora," appeared aimed at heisting some of its business secrets, as well as spying on Chinese human rights activists who relied on Google's Gmail service. As many as 20 other U.S. companies were also said to be targeted.

A four-month long cyberattack against The New York Times is the latest in a long string of breaches said to be by China-based hackers into corporate and government computer systems across the United States. The Times attacks, routed through computers at U.S. universities, targeted staff members' email accounts, the Times said, and were likely in retribution for the newspaper's investigation into the wealth amassed by the family of a top Chinese leader.

The Wall Street Journal on Thursday said that its computer systems, too, had been breached by China-based hackers in an effort to monitor the newspaper's coverage of China issues.

Media organizations with bureaus in China have believed for years that their computers, phones and conversations were likely monitored on a fairly regular basis by the Chinese. The Gmail account of an Associated Press staffer was broken into in China in 2010.

Richard Bejtlich, the chief security officer at Mandiant, the firm hired by the Times to investigate the cyberattack, said the breach is consistent with what he routinely sees China-based hacking groups do. But, he said it had a personal aspect to it that became apparent: The hackers got into 53 computers but largely looked at the emails of the reporters working on a particular story. The newspaper's investigation delved into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion.

"We're starting to see more cases where there is a personal element," Bejtlich said, adding that it gives companies another factor to consider. "It may not just be the institution, but, is there some aspect of your company that would cause someone on the other side to take personal interest in you?"

Journalists are popular targets, particularly in efforts to determine what information reporters have and who may be talking to them.

The Chinese foreign and defense ministries called the Times' allegations baseless, and the Defense Ministry denied any involvement by the military.

"Chinese law forbids hacking and any other actions that damage Internet security," the Defense Ministry said. "The Chinese military has never supported any hacking activities. Cyberattacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyberattacks without firm evidence is not professional and also groundless."

In a report in November 2011, U.S. intelligence officials for the first time publicly accused China and Russia of systematically stealing American high-tech data for economic gain. And over the past several years, cybersecurity has been one of the key issues raised with allies as part of a broader U.S. effort to strengthen America's defenses and encourage an international policy on accepted practices in cyberspace.

U.S. cybersecurity worries are not about China alone. Administration officials and cybersecurity experts also routinely point to widespread cyberthreats from Iran and Russia, as well as hacker networks across Eastern Europe and South America

The U.S. itself has been named in one of the most prominent cyberattacks -- Stuxnet -- the computer worm that infiltrated an Iranian nuclear facility, shutting down thousands of centrifuges there in 2010. Reports suggest that Stuxnet was a secret U.S.-Israeli program aimed at destabilizing Iran's atomic energy program, which many Western countries believe is a cover for the development of nuclear weapons.

The White House declined comment on whether it will pursue aggressive action on China.

"The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information," said spokesman Caitlin Hayden. "We have repeatedly raised our concerns with senior Chinese officials, including in the military, and we will continue to do so."

Cybersecurity experts have been urging tougher action, suggesting that talking with China has had no effect.

"We need to find new approaches if we want to dissuade this type of activity," said Stewart Baker, former assistant secretary at the Homeland Security Department and now in private law practice with Steptoe and Johnson in Washington. He said the U.S. must do a better job of attributing the cyberattacks to particular groups or nations and "see if we can sanction the people who are actually benefiting from them."

The Obama administration has slowly been ratcheting up its rhetoric. In an unusually strong speech last October, Panetta warned that the U.S. would strike back against cyberattacks, even raising the specter of military action. And the White House has been urging Congress to authorize greater government action to protect infrastructure such as the nation's electric grid and power plants.

Alan Paller, director of research at SANS Institute, a computer-security organization, said that the level of cyberattacks, including against power companies and critical infrastructure, has shot up in the last seven or eight months. And the U.S. is getting more serious about blocking the attacks, including an initiative by the Defense Department to hire thousands of high-tech experts.

Just talking about it, he said, is having no effect.

Lewis, who has met and worked with Chinese officials on the issue, said their response has been consistent denial that China is involved in the hacking and counter-accusations that the U.S. is guilty of the same things.

"In the next year there will be an effort to figure out a way to engage the Chinese more energetically," he said. "The issue now is how do we get the Chinese to take this more seriously as a potentially major disruption to the relationship."

The answer, he said, is, "You have to back up words with actions, and that's the phase I think we're approaching" (Fox News, 2013).

Title: US Ready To Strike Back Against China Cyberattacks
Date: February 19, 2013
AP My Way

Abstract: As public evidence mounts that the Chinese military is responsible for stealing massive amounts of U.S. government data and corporate trade secrets, the Obama administration is eyeing fines and other trade actions it may take against Beijing or any other country guilty of cyberespionage.

According to officials familiar with the plans, the White House will lay out a new report Wednesday that suggests initial, more-aggressive steps the U.S. would take in response to what top authorities say has been an unrelenting campaign of cyberstealing linked to the Chinese government. The officials spoke on condition of anonymity because they were not authorized to speak publicly about the threatened action.

The White House plans come after a Virginia-based cybersecurity firm released a torrent of details Monday that tied a secret Chinese military unit in Shanghai to years of cyberattacks against U.S. companies. After analyzing breaches that compromised more than 140 companies, Mandiant has concluded that they can be linked to the People's Liberation Army's Unit 61398.

Military experts believe the unit is part of the People's Liberation Army's cyber-command, which is under the direct authority of the General Staff Department, China's version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China's military.

The release of Mandiant's report, complete with details on three of the alleged hackers and photographs of one of the military unit's buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage.

"If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation," said former FBI executive assistant director Shawn Henry. "This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be."

Henry, now president of the security firm CrowdStrike, said that rather than tell companies to increase their cybersecurity the government needs to focus more on how to deter the hackers and the nations that are backing them.

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that in the past year the White House has been taking a serious look at responding to China, adding that "this will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There's not an on-off switch."

The Chinese government, meanwhile, has denied involvement in the cyber-attacks tracked by Mandiant. Instead, the Foreign Ministry said that China, too, is a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.

"Among the above attacks, those from the U.S. numbered the most," Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking.

Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies, but acknowledge that intelligence agencies routinely spy on other countries.

China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing's military policies, such as any plans for action against Taiwan or Japan.

In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the PLA's Unit 61398.

Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks or they are being done by a secret organization of Chinese speakers with direct access to the Shanghai telecommunications infrastructure who are engaged in a multi-year espionage campaign being run right outside the military unit's gates.

"In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai," the Mandiant report said, concluding that the only way the group could function is with the "full knowledge and cooperation" of the Beijing government.

The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. A terabyte is 1,000 gigabytes. The most popular version of the new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress' 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.

"At some point we do have to call the Chinese out on this," said Michael Chertoff, Homeland Security secretary under President George W. Bush and now chairman of the Chertoff Group, a global security firm. "Simply rolling over and averting our eyes, I don't think is a long-term strategy."

Richard Bejtlich, the chief security officer at Mandiant, said the company decided to make its report public in part to help send a message to both the Chinese and U.S. governments.

"At the government level, I see this as a tool that they can use to have discussions with the Chinese, with allies, with others who are concerned about this problem and have an open dialogue without having to worry about sensitivities around disclosing classified information," Bejtlich said. "This problem is overclassified."

He said the release of an unclassified report that provides detailed evidence will allow authorities to have an open discussion about what to do.

Mandiant's report is filled with high-tech details and juicy nuggets that led to its conclusion, including the code names of some of the hackers, like Ugly Gorilla, Dota and SuperHard, and that Dota appears to be a fan of Harry Potter because references to the book and movie character appear as answers to his computer security questions.

The White House would not comment on the report expected Wednesday.

"We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so," said Caitlin Hayden, spokeswoman for the National Security Council. "The United States and China are among the world's largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace."

Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee, said the report reinforces the need for international agreements that prohibit cybercrimes and have a workable enforcement mechanism (AP My Way, 2013).

Title: Security Leader Says U.S. Would Retaliate Against Cyberattacks
Date: March 12, 2013
Source: New York Times

Abstract: The chief of the military’s newly created Cyber Command told Congress on Tuesday that he is establishing 13 teams of programmers and computer experts who could carry out offensive cyberattacks on foreign nations if the United States were hit with a major attack on its own networks, the first time the Obama administration has publicly admitted to developing such weapons for use in wartime. 

“I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Gen. Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.”

General Alexander’s testimony came on the same day the nation’s top intelligence official, James R. Clapper Jr., warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy, and suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.

On Monday, Thomas E. Donilon, the national security adviser, demanded that Chinese authorities investigate such attacks and enter talks about new rules governing behavior in cyberspace.

General Alexander has been a major architect of the American strategy on this issue, but until Tuesday he almost always talked about it in defensive terms. He has usually deflected questions about America’s offensive capability, and turned them into discussions of how to defend against mounting computer espionage from China and Russia, and the possibility of crippling attacks on utilities, cellphone networks and other infrastructure. He was also a crucial player in the one major computer attack the United States is known to have sponsored in recent years, aimed at Iran’s nuclear enrichment plants. He did not discuss that highly classified operation during his open testimony.

Mr. Clapper, the director of national intelligence, told the Senate Intelligence Committee that American spy agencies saw only a “remote chance” in the next two years of a major computer attack on the United States, which he defined as an operation that “would result in long-term, wide-scale disruption of services, such as a regional power outage.”

Mr. Clapper appeared with the heads of several other intelligence agencies, including Lt. Gen. Michael T. Flynn of the Defense Intelligence Agency, the F.B.I. director Robert S. Mueller III, and the C.I.A. director John O. Brennan, to present their annual assessment of the threats facing the nation. It was the first time that Mr. Clapper listed cyberattacks first in his presentation to Congress, and the rare occasion since the Sept. 11, 2001, attacks that intelligence officials did not list international terrorism first in the catalog of dangers facing the United States.

“In some cases,” Mr. Clapper said in his testimony, “the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” He said it was unlikely that Russia and China would launch “devastating” cyberattacks against the United States in the near future, but he said foreign spy services had already hacked the computer networks of government agencies, businesses and private companies.

Two specific attacks Mr. Clapper listed, an August 2012 attack against the Saudi oil company Aramco and attacks on American banks and stock exchanges last year, are believed by American intelligence officials to have been the work of Iran.

General Alexander picked up on the same themes in his testimony, saying that he was adding 40 cyber teams, 13 focused on offense and 27 on training and surveillance. When pressed, he said that the best defense hinged on being able to monitor incoming traffic to the United States through private “Internet service providers,” which could alert the government, in the milliseconds that electronic messages move, about potentially dangerous attacks. Such surveillance is bound to raise more debate with privacy advocates, who fear government monitoring of the origin and the addressing data on most e-mail messages and other computer exchanges.

Traditional threats occupied much of Mr. Clapper’s testimony. American intelligence officials are giving new emphasis to the danger posed by North Korea’s nuclear weapons and missile programs, which are said for the first time to “pose a serious threat to the United States” as well as to its East Asian neighbors. North Korea, which recently made a series of belligerent statements after its third nuclear test, has displayed an intercontinental missile that can be moved by road and in December launched a satellite atop a Taepodong-2 launch vehicle, Mr. Clapper’s prepared statement noted.

Recently, several companies have experienced cybersecurity breaches. What are the rules of engagement in this new frontier?

“The rhetoric, while it is propaganda laced, is also an indicator of their attitude and perhaps their intent,” Mr. Clapper said during one exchange with a lawmaker, adding that he was concerned that North Korea “could initiate a provocative action against the South.”

In his discussion of terrorism, Mr. Clapper noted that while Al Qaeda’s core in Pakistan “is probably unable to carry out complex, large-scale attacks in the West,” spinoffs still posed a threat. Listed first is the affiliate in Yemen, Al Qaeda in the Arabian Peninsula, which Mr. Clapper said had retained its goal of attacks on United States soil, but he also noted militant groups in six other countries that still threaten local violence.

Mr. Clapper began his remarks by criticizing policy makers for the current budget impasse, saying that the budget cuts known as sequestration will force American spy agencies to make sharp reductions in classified programs and to furlough employees. The classified intelligence budget has ballooned over the past decade, and Mr. Clapper compared the current round of cuts to the period during the 1990s when the end of the cold war led to drastic reductions in the C.I.A.’s budget.

“Unlike more directly observable sequestration impacts, like shorter hours at public parks or longer security lines at airports, the degradation of intelligence will be insidious,” Mr. Clapper said. “It will be gradual and almost invisible unless and until, of course, we have an intelligence failure.”

The threat hearing is the only scheduled occasion each year when the spy chiefs present open testimony to Congress about the dangers facing the United States, and Mr. Clapper did not hide the fact that he is opposed to the annual ritual. President Obama devoted part of his State of the Union address to a pledge of greater transparency with the Congress and the American public, but Mr. Clapper, a 71-year-old retired Air Force general, made it clear that he saw few benefits of more public disclosure.

“An open hearing on intelligence matters is something of a contradiction in terms,” he said (New York Times, 2013).