China rising: the increasing threat of Chinese cyber-warfare
from accessing certain networks at the firewall or upstream provider. In this case, all a hacker has to do is jump to different networks enough times so they are eventually hacking and attacking a device with a finger print that appears as though it is based in the United States, Canada, or European based. This is a common technique which has been used by hackers for decades to cover their tracks.
What is to be done?
First, identify what systems are most vulnerable and likely to be attacked. Note the systems which contain confidential business information, personally identifiable information (PII), and manage critical infrastructure. The U.S. Department of Defense, White House, Homeland Security, and other agencies need also to segment their secure networks from their insecure networks.
Now that you have begun to think as a hacker, and know what type of systems to target and what damage a hacker might do or what information they would like to steal, assess the damage if the attack is successful. If a hacker steals your full database of subscriber credit card information, we all know the result. If your uninvited guest user compromises your gas pipeline pressure control system, the consequences will be severe. You need to ask yourself one basic question. If a Chinese hacker, or anyone else, wanted to hack into your utility control system, where would they enter? Where are the interconnections in your systems? Find them and lock them out. Segmentation is the key. Do you still have dial-up modems which connect to your control systems, war dial them, just like the hackers would, and pull them off-line. This is no longer an issue of convenience; it is an issue of security. The same methodology applies to network-based systems. This also assumes you have taken standard preventative measures like malware detection and updates, etc. If you have not, then you are nowhere even near a basic level of protection.
One key solution is to establish a National Alert System specific to the utility sector. If one utility detects an attack, then the National Alert Network distributes an alert, based on significance, which notifies all operators of a potential threat and the action to be taken. DHS has something of a Cyber Alert System through their U.S. Computer Emergency Readiness Team (CERT) unit, but this system is inadequate and inconsistent. A significant revamp needs to be done with CERT, particularly regarding their information sharing and interoperability. Additionally, fund immediate development of National Intrusion Prevention Systems (IPS) for very high bandwidth Tier-1 network providers quickly to detect and isolate attack patterns on a national level. They will not necessarily be as robust as enterprise IPS , but they can be scaled down to detect certain attack patterns and reported to a central collection point; where similar attack patterns and sources and quickly be identified and mitigated. This approach may spawn concerns of privacy and liberty advocates, but it is merely the same as an electronic missile detection system and will and should only be used for attack detection, not user pattern monitoring.
Another key approach to China is political: there is a need to treat China-based cyber attacks upon Western governmental and private computer systems more seriously, as political and military attacks. If Chinese warships or privateers were launching piracy attacks on U.S. and Western shipping, with the sponsorship or connivance of the government of the Peoples Republic of China, then a Western military response would be in order. Yet the economic damage done to Western commerce by Chinese cyber-attacks and piracy vastly exceeds the cost of any old fashioned high-seas piracy.
China is a major world power. It controls more than one trillion in Western hard currency, and has a dominant presence in technology manufacturing, global logistics, and shipping. The only way to stop the proliferating cyber-attacks against the United States and Western powers is to raise the political and economic cost to China in order to make it in the interests of the government of China to stop such attacks.
An attack on the U.S. critical infrastructure is an attack — whether it is launched with missiles, grenades, or by a brigade government hackers using a phalanx of government computers armed with malware. Any attack that can compromise the integrity of U.S. cyber and physical infrastructure should be treated as a hostile action, and the response needs to be raised to that of a political and policy level. Otherwise, our computer networks will become ever more vulnerable to infiltration and hijacking, our personal data and secrets will become ever more subject to capture, our political and business leaders will become ever more vulnerable to being discredited or blackmailed, and our national security will become ever more compromised.
Daniel Zubairi (CISSP/PMP), is managing director and chief consultant at SYDANtech MISSION-SECURE.
