Congress Cyber Report Tilts At China

2009 November 20
tags: , ,
by Tim Stevens

Computer World reports the following:

Cyberattacks on the U.S. Department of Defense – many of them coming from China – have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That’s a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will jump 60% this year.

I’d be interested to know what definition of ‘attack’ is being used across DoD. Reason being that it wasn’t so long ago that DoD were claiming millions of daily ‘probes’ and ’scans’, which were often referred to as ‘attacks’. The commission report [pdf] defines ‘computer network attacks’ as:

Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (p.170)

That’s a broad definition but since concerns expressed in the report seem mainly to be about data exfiltration rather than attempts to subvert command-and-control, these would fall under the heading of ‘computer network exploitation’:

Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks. (p.170)

Not ‘attacks’ as defined at all, and selectively quoted in the media. Not entirely unreasonable, as the commission figures don’t differentiate between attacks and exploitation. The commission concedes that attribution is difficult, and the figures quoted above appear to be total numbers of ‘malicious cyber operations’ against DoD networks, implying that China alone is not responsible.

Does this matter? No, if all DoD want to do is prevent network compromises, but yes, if they want to develop strategies for evaluating and ultimately deterring state-sponsored incidents originating from China. The latter obviously applies, so DoD would do well to make their case backed by more careful presentation of the evidence. Their statement that ‘a thorough description of the [forensic] techniques used is not publicly available’ (p.169) is nearly irrelevant as it’s the results of those investigations that matter for policy purposes. They don’t seem to be properly presented here but I’m quite willing to be proven wrong if anyone else can point out the errors in my reasoning.

from → ubiwar

One Response leave one →

Trackbacks & Pingbacks

  1. Blogs of War: Need to Know Weekend Edition: 11/21/2009

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS