The Foreign Service Journal, December 2005

As State works to shore up cybersecurity in anticipation of next year’s congressional report card, the cyberthreats it confronts are growing more complex. Chief among them is the danger posed by foreign government hackers. Unlike terrorists or criminals, hackers trained and aided by a for- eign government have the techni- cal and institutional resources offered by a formal and estab- lished host, typically the foreign nation’s military. In tes- timony before the Senate Select Committee on Intelligence in February 2005, FBI Director Robert Mueller warned of state-sponsored hackers. Director Mueller told the panel that “state actors continue to be a threat to both our national security as well as our eco- nomic security because they have the technical and financial resources to support advanced network exploitation and attack. The greatest cyberthreat is posed by countries that continue to openly conduct com- puter network attacks and exploitations on American systems.” Information Warfare Units There is little doubt that real or potential adversaries — likely including Russia, Iran, North Korea and China — consider hacking a part of their arsenal. These nations may have formal “information warfare” pro- grams that train and equip hackers to conduct activities far beyond cyber-espionage and data mining: state-spon- sored information warfare includes the development of offensive capabilities to disrupt an enemy’s civilian and defense critical infrastructure, such as electric power grids, communications networks, and military command and control. Reflecting the significance of this threat, the National Strategy to Secure Cyberspace — released by the Bush administration in 2003 as a national blueprint for cyber- security — included an implicit recognition that future attacks against the United States could include a cyber- space component. A section tucked into the appendix warns that “when a nation, terrorist group or other adversary attacks the United States through cyberspace, the U.S. response need not be limited to criminal prose- cution. The United States reserves the right to respond in an appropriate manner.” While an “appropriate manner” could include a commensurate cyber- offensive initiated by the Depart- ment of Defense, the ambiguities of the language suggest that the U.S. response to a virtual attack need not be limited to cyberspace. Arguably, bombs and bullets could constitute part or even all of an American counterattack. Given the growing threat posed by state-sponsored cyber-operations against the United States, this is far from insignificant or purely theoretical. In this context, China stands out among potential cyber- adversaries. As the Chinese government continues to modernize its military forces, the development of a robust cyberspace component is emerging as part of Beijing’s strategic vision. The Department of Defense’s annual report to Congress on the People’s Liberation Army for 2005 — aptly titled “The Military Power of the People’s Republic of China” — asserts that “the PLA has likely established information-warfare units to develop viruses to attack enemy computer systems and net- works, and tactics to protect friendly computer systems and networks.” Focusing increasingly on offensive cyber-operations rather than purely defensive ones, the report further posits that “… recent [cyber] exercises have incorpo- rated offensive operations, primarily as first strikes against enemy networks.” The implications of such a statement are clear: the PLA views cyberwarfare capa- bilities as a critical component of a modern military force that is prepared to fight on both traditional and virtual battlefields. Titan Rain China’s cyberspace ambitions may already be mov- ing from planning to practice. Some U.S. government officials believe the Chinese government is behind a series of sophisticated hacking incidents targeting sen- sitive U.S. computer systems, including those operated by federal departments and defense contractors. Dubbed “Titan Rain” by U.S. authorities, the investiga- tion has been the subject of recent public inquiry at the State Department. When asked specifically whether it had been “targeted or successfully penetrated by the F O C U S 46 F O R E I G N S E R V I C E J O U R N A L / D E C E M B E R 2 0 0 5 The Bureau of Diplomatic Security recognizes that terrorists are now using many of the same techniques as hackers.