recommended reading

Pentagon: Cyberattacks appear to come from China

The Defense Department said Monday that cyberattacks in 2007 against computer networks operated by governments and commercial institutions around the world "appear" to have originated within China -- marking the first time the Pentagon has so visibly pinned the blame against China for cyberattacks.

Comment on this article in the forum.Defense made its cyber warfare charge against China in its annual report to Congress on China's military power.

"In the past year," the report concluded, "numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within the [People's Republic of China]. These intrusions require many of the skills and capabilities that would also be required for computer network attack. Although it is unclear if these intrusions were conducted by, or with the endorsement of, the [People's Liberation Army] or other elements of the PRC government, developing capabilities for cyber warfare is consistent with authoritative PLA writings on this subject."

The report said that in 2007, networks operated by Defense, other federal agencies, defense-related think tanks and contractors experienced "multiple computer network intrusions, many of which appeared to have originated in the PRC."

The report also highlighted public statements by top intelligence and defense officials in France, Germany and the United Kingdom that pinned the blame for cyberattacks against networks in those countries on China.

The report quoted Hans Elmar Remberg, vice president of Germany's Office for the Protection of the Constitution (the country's domestic intelligence agency), who accused China of sponsoring computer network intrusions "almost daily."

The report also cited an alert in November issued to 300 financial institutions by Jonathan Evans, director general of MI5, the United Kingdom's intelligence service, saying that it was the target of state-sponsored computer network exploitation from China. France also has experienced Chinese cyberattacks, the report said, quoting French Secretary-General of National Defense Francis Delon.

China's use of cyber warfare stems from a doctrine designed to provide the country's military with advantages over technologically superior adversaries, the report said. It quoted a Chinese publication, which said:

"[The] application of non-nuclear high technologies can bring about strategic effects similar to that of nuclear weapons, and at the same time, it can avoid the great political risk possibly to be caused by transgressing the nuclear threshold... Among other things, following the advent of cyber information age, information warfare and information warfare strategy are widely drawing attention."

The report issued Monday does not go as far as a little noticed report sent to Congress in late 2007 by the U.S.-China Economic and Security Review. It said Marine Gen. James Cartwright, the vice chairman of the Joint Chiefs of Staff, viewed Chinese cyberattacks as potentially having an effect equal to "the magnitude of a weapon of mass destruction."

Cartwright told the commission that China has a larger capability to conduct denial-of-service attacks against computer systems than any other country, and such attacks have "the potential to cause cataclysmic harm if conducted against the United States on a large scale."

China also is developing a multidimensional program to limit or prevent the use of space-based assets by its potential adversaries, the report issued Monday said, as part of a process of extending battle space from traditional land and sea domains into outer space and cyberspace.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.