CircleID

The Associated Press published an article today that the Pentagon revealed that earlier this year, they suffered one of its largest ever loss of sensitive data to a foreign government by a cyberattack. From the article:

The Pentagon on Thursday revealed that in the spring it suffered one of its largest losses ever of sensitive data in a cyberattack by a foreign government. It's a dramatic example of why the military is pursuing a new strategy emphasizing deeper defenses of its computer networks, collaboration with private industry and new steps to stop "malicious insiders."

William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but said the Pentagon believes the attacker was a foreign government. He didn't say which nation.

"We have a pretty good idea" who did it, Lynn said in an interview before the speech. He would not elaborate.

Okay, then I'll speculate. It was China.

The Pentagon has long worried about the vulnerability of its computer systems. The concern has grown as the military becomes more dependent not only on its own computers but also on those of its defense contractors, including providers of the fuel, electricity and other resources that keep the military operating globally.

At his Senate confirmation hearing last month, new Defense Secretary Leon Panetta cited "a strong likelihood that the next Pearl Harbor" could well be a cyberattack that cripples the U.S. power grid and financial and government systems. He said last weekend that cybersecurity will be one of the main focuses of his tenure at the Pentagon.

It's hard to say what's right and what's wrong. On the one hand, the Secretary of Defense says that the cyberwar is very real. On the other hand, the cyberczar Howard Schmidt said that there is no cyberwar and instead government needs to focus its efforts to fight online crime and espionage (read my post about this here).

Is Panetta right? Are we headed for a future electronic Pearl Harbor? Or is this an incoming government bureaucrat who is trying to secure funding for his department and therefore overplaying his hand?

In [vice-Chairman of the Joint Chiefs of Staff, Marine General James]Cartwright's view, a largely defensive approach to the problem is inadequate. He said the Pentagon currently is focused 90 per cent on defensive measures and 10 per cent on offence; the balance should be the reverse, he said. For the federal government as a whole, a 50-50 split would be about right, Cartwright argued.

"If it's OK to attack me and I'm not going to do anything other than improve my defenses every time you attack me, it's difficult" to stop that cycle, Cartwright said.

Hmm, so the military believes that they must shift to an offensive strategy, eh? Just like football, the best defense is a good offense? If you're a boxer and all you are doing is taking punches and absorbing hits, eventually you are going to get tired and bruised and fall over. To weaken your enemy, you need punch back and hurt your opponent so he stops hurting you, and spends more time defending your blows rather than landing his own.

Of course, this assumes that the United States is spending no time of its own doing their own military espionage. I was reading an article somewhere that the US was complaining about being probed by China's cyber spies. The interviewer then asked the security expert "Doesn't the US do any snooping of its own into China's network?" The expert then said (and I paraphrase very loosely) "Probably."

I'm pretty sure that the Chinese aren't doing anything that probably every other government is doing in some shape or fashion. Western governments for years have launched covert operations against enemy countries to gather intelligence. Why wouldn't they do the same thing now and do it high tech? And then claim that they are being hit all the time by the Chinese? It's a great way to misdirect from your own subterfuge while drumming up support for a motive to do it to the other guys. And then, even if you get caught doing it, you already have public support on your side!

That's what I'd do if I were in charge.

By Terry Zink, Program Manager. Visit the blog maintained by Terry Zink here.

Related topics: Cyberattack, Cybercrime, Security