Most of the national and international TV news is taken up with the “war on terror” or the “war in Iraq.” In our area (metro Detroit), these stories have their own logos and intense theme music. Depending upon the political bent of the news source, these “wars” either are the right or wrong thing to do. We are either winning or we are not.
For information security professionals, there is a bigger, more long-term and much more important story: the engaging by China in information warfare against the United States. That story, one of quiet economic and cyberwarfare, is of such importance that every information assurance practitioner needs to be aware of its potential impact on his or her organization.
I first became aware of the problem when I read an excellent but disturbing paper from the [U.S. Army] Foreign Military Studies Office at Ft. Leavenworth called Like Adding Wings to the Tiger. Then, one of my students wrote a paper on Titan Rain, the code name for an information operation allegedly being carried out by the Chinese against U.S. government computer systems. Finally, I saw a history of probes against a client from none other than the same Chinese ISPs that turned up in my research on Titan Rain and other related activities.
While one may argue that there are a limited number of ISPs in China and seeing probes from one of them could mean little more than some Chinese script kiddy getting his or her kicks poking at a U.S. target, I would submit that such an argument is inconsistent with our mission of protecting our information infrastructures. Given the public record, these probes want, at least, to be looked at and monitored (or filtered).
Since China certainly is not the only country where hackers launch attacks against U.S. organizations, we cannot ignore the obvious fact that the “bad guys” are no longer just script kiddies, our competitors and the occasional fraudster. A wide variety of attackers is using a wide variety of cyberwarfare weapons. Our defenses must be equally broad and our appreciation of the nature of the attackers and their motives is critical to our success in defending our infrastructures.
I have never espoused the “sky is falling” approach to information security. However, today, we all have a role to play in understanding and responding to information conflict as it begins to affect our own organizations.