Cybersecurity threat evolving, but Chinese hacking remains ‘industrial scale’
More than a dozen cyber and national security experts, including several lawmakers, ventured onto the Washington, D.C., speaking circuit last week, warning the government and private industry are unprepared for the skyrocketing number of cyber-threats that continue to increase in complexity, sophistication and destructive capability.
But while they often differed on what the government should do to enhance the cybersecurity posture of the nation, many seemed to agree on one point: State-sponsored cyber-espionage, particularly from China, remains one of the gravest threats to national security and the U.S. economy.
“This is the next major military issue we’re going to be facing,” said Sen. Saxby Chambliss, R-Ga., the senior Republican on the Senate Intelligence Committee, referring specifically to China. But the prolonged government shutdown, furloughs of federal cybersecurity professionals and the inability of Congress to pass cybersecurity legislation to bolster information sharing between the government and the nation’s critical infrastructure owners, have placed the U.S. in a very dangerous position in cyberspace, he said.
“The Chinese are watching,” Chambliss said, speaking Oct. 8 at the Cyber7 conference, sponsored by Politico. “The Russians are watching.”
“This is an asymmetric threat on steroids,” said Tim Sample, vice president of national security programs at Battelle. Cyber-crime groups and nations are “moving from alliances to accomplices” in some cases, he said. “This is a more insidious threat.”
Richard Bejtlich, chief security officer at Mandiant, an Alexandria, Va.-based cybersecurity firm that in February released an explosive report detailing Chinese cyber-espionage activities and organization, said although Iran has gained experience and notoriety as a cyber-espionage threat, it has not yet reached the level of sophistication seen in China or Russia.
“They want to learn how to stay in a network [undetected] for year, as the Russians and Chinese have learned how to do,” Bejtlich said. But the Chinese threat remains the primary source of concern for U.S. government agencies, as well as the defense and technology industries. There are currently 24 hacker groups in China that are state-sponsored, Bejtlich said. And “they don’t have the funding problems that we have,” he said.
Joel Brenner, a former senior counsel at NSA and former head of counterintelligence at the Office of the Director of National Intelligence, characterized the Chinese cyber-espionage threat as highly resourced and organized, during a keynote presentation at the Akamai Edge conference Oct. 9.
The 24 hacker organizations in China have “an attack infrastructure with more than a 1,000 servers and maintains access [to hacked networks] on average for about a year,” Brenner said. And in at least one case, they went undetected for four years and 10 months, he said.
So far, there have been “141 companies across 20 major industries targeted by China,” Brenner said. “This is what we’re up against. This is industrial-scale intellectual thievery.”
Brenner pointed to the massive Chinese hacker intrusion into the Pentagon known as “Titan Rain,” which began in 2003 and during which Chinese hackers managed to download nearly 20 terabytes of classified documents. Those documents were the equivalent of 20 percent of all data in the Library of Congress, he said. And had they been printed in paper form, the heist would have required “miles and miles of moving vans” to cart the documents away.