U.S. commission fingers China as biggest cyberthreat

Annual report, mandated by Congress, raises the question of how best to defend against such cyberattacks

A U.S. commission has confirmed what many experts already believed: China has become "the most threatening actor in cyberspace," due to a persistent bombardment of U.S. military systems and defense contractors.

The U.S.-China Economic and Security Review Commission is scheduled to release next month its annual report mandated by Congress. A draft of the report obtained by Bloomberg found the sheer number of attacks emanating from China made the country a top concern.

"Irrespective of the sophistication, the volume of exploitation attempts yielded enough successful breaches to make China the most threatening actor in cyberspace," according to the draft.

The commission's findings raise the question of how to defend against such persistent attacks. Gunter Ollman, chief technology officer for Damballa, said the best way to bolster defenses is for defense contractors and other industries to share information when breaches are discovered. Damballa sells technology for discovering successfully planted malware through anomalies in system operations.

Ollman is in favor of sharing everything that is known about the attacks, the attackers and the targeted infrastructure. "These attacks typically aren't targeted at one particular [defense] contractor," he said. "They are much broader than that. They [attackers] are testing many doors simultaneously, and sharing intelligence can be used as a stronger mechanism for detection and helping to mitigate future threats."

Sharing of information between corporations and the Department of Homeland Security has been a subject of much debate, due to privacy issues. Because of the controversy, Congress has yet to pass the proposed Cyber Security Act, which would give the government access to information on corporate networks that are under attack. 

Because of Congress' failure to act, President Obama is considering issuing an Executive Order to implement some provisions of the act. Darren Hayes, an expert in computer forensics and security and a professor at Pace University, says government action is needed to better protect the intellectual property of U.S. companies, as well as military and diplomatic secrets.

"Everybody is talking about it, but no legislation has been put into practice," Hayes said. "Nothing meaningful from my perspective has been done."

Today, most Chinese attacks on military and government systems seem intended to steal technology or intelligence, the Bloomberg report said. However, the panel believes that could change and attacks could become more destructive.

A report the commission released in March said  China's military, called the People's Liberation Army, has been preparing for possible cyber warfare in its modernization efforts.

"PLA leaders have embraced the idea that successful war-fighting is predicated on the ability to exert control over an adversary's information and information systems, often preemptively," the report said.

In a speech last month to business leaders in New York, Defense Secretary Leon Panetta warned that a cyberattack on the nation's critical infrastructure, such as transportation, water supply or the electric grid, could be a "cyber Pearl Harbor -- an attack that would cause physical destruction and the loss of life." 

Panetta warned that the U.S. would retaliate quickly against such an attack. He also said the government would not rule out a preemptive strike, if such an attack was eminent.

[See related: Security experts push back at 'Cyber Pearl Harbor' warning]

Copyright © 2012 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022