Guest column // Daniel ZubairiChina rising: the increasing threat of Chinese cyber-warfare
The only way to stop the proliferating cyber-attacks against the United States and Western powers is to raise the political and economic cost to China in order to make it in the interests of the government of China to stop such attacks
Everyday we receive news about the scope of the threat posed by China to the security of U.S. government-based information systems and, more broadly, to the critical infrastructure of the United States and global computer systems. Whether orchestrated or sponsored by the Chinese government, China-based cyber attacks are real and are on the rise, successfully compromising significant U.S. and Western systems and networks.
Increased investment in both technical and human cyber intelligence gathering have led to the diction of these attacks. Quite often, though, they were detected long after the penetration and data piracy had occurred. These attacks received but scant coverage or public notice.
One of the more dangerous Chinese attacks was the successful hacking of the U.S. power grid’s infrastructure. We do not know the effect of the malware programs injected in the attack and the severity of the attack has yet to be fully assessed. It is possible that other utility infrastructure systems have been compromised as well, but the compromise has not been identified.
These attacks, while demonstrably of significant magnitude, are only the ones that we have discovered. The bigger threats may well be the ones about which we do not yet know.
The question we should ask is: Why are we not doing more to prevent these attacks? One answer is that hackers are becoming better and more resourceful — but hackers have always been resourceful and committed. What is needed is a long term risk aversion and attack prevention methodology to replace the current reacting-and-respond approach.
The standard security remediation technologies have been employed — firewalls, intrusion prevention and detection systems (IPS/IDS), enterprise malware remediation, and regular security auditing — but we have failed to see any progress toward implementing real security.
For example, with the recent Chinese attacks on the U.S. power grid, no national notice has been given to segmenting the messaging systems from the control systems — there are states and grip operators which do this. This means that there is complete segmentation and autonomy between the systems that send controls to the power grid and the systems that receive messages. There is absolutely no need to have anything but stand-alone restricted terminal-only access to SCADA control systems. This also should go beyond the power sector and apply to water, pipelines, and any other key critical infrastructure service.
With regards to information systems, this is a bit more complicated. One argument is to just block the whole of China
