Aug. 15, 2011
By Jennifer Martinez, POLITICO Pro

Rampant economic espionage in the cyberworld was a recurring theme throughout the GFIRST conference in Nashville, Tenn., the US-CERT-sponsored event last week that brought together a smattering of local, state and federal officials with executives from the security community.

And China’s cyberprowess, in particular, was often the 800-pound gorilla in the room.

“Our IP is being stolen at a pace that nobody wants to confess to,” Robert Dix, vice president of government affairs for Juniper Networks, said at a panel discussion.

Alarm over China’s alleged cyberespionage has already prompted one lawmaker to call for a congressional investigation.

Rep. Mary Bono Mack (R-Calif.), who leads a House subcommittee with jurisdiction over data security issues, sent a letter to computer security firm McAfee last week requesting additional information about a recent report the company released detailing a wide-scale cyberattack. The McAfee report looked at how more than 70 networks of government agencies, international organizations and media companies had their networks infiltrated by another country – with the most likely culprit being China.

Bono Mack also wants to know if the wide-ranging spying operation changed the threat landscape and, if so, how Congress should respond.

The U.S.’s response to cyberattacks stemming from China is “schizophrenic,” according to Alan Paller, director of research at the SANS Institute.

“We run around screaming about how they do it, but we don’t do anything about it and I’m not sure we can,” Paller said. “I don’t think diplomacy would work with China and these other nations – it’s like stopping spying with diplomacy.”

But computer security officials speculated that it would be difficult for U.S. diplomats to publicly rap the knuckles of a country that’s not only a key trading partner, but is also a major holder of U.S. Treasury securities.

“A U.S. official would not want to diplomatically embarrass or challenge the Chinese because they are our banker,” said Tom Kellermann, chief technology officer at AirPatrol Corp. and a former cybersecurity official at the World Bank. “It sucks. The options [are] tremendously limited.”
But cybersecurity expert James Lewis believes Uncle Sam’s debt problem isn’t a factor in the cyber relationship between the U.S. and China. Instead of publicly lambasting the Chinese, the U.S. has been working to build a more stable relationship with Beijing.

“Our approach with China is we’re hoping that we can get them to cooperate,” said Lewis, who works at the Center for Strategic and International Studies.

Dealing with China poses as many technical challenges as it does diplomatic ones.

A trademark Chinese cyberspying strategy is called “one thousand grains of sand,” which is a slow and staged infiltration of systems. A hacker will infiltrate one system and then move onto another one it is closely connected with, eventually spreading to a range of computer systems.

“They’re so deeply embedded that for us to lash back, we’d essentially be burning down our own house to kill our neighbor’s cockroaches,” Kellermann said. “The only way to get you out of the system is to set it on fire and rebuild it.”

Pinpointing where an attack originated is another issue the U.S. must wrangle with. Oftentimes, it’s hard to distinguish whether an attack is directly sponsored by the government or is the machination of an independent actor within the country’s borders.

Unlike “hacktivist” groups like Anonymous, which plot their attacks based on social causes and aim simply to disrupt access to websites, China has a targeted mission: to access as much information and data as it can.

Chinese hackers have allegedly stolen research and development work from American tech companies and defense contractors to help them develop new weapons and technology, according to SANS Institute’s Paller. They’ve also tapped into computer documents to access information that would give them a leg up in future business or diplomatic negotiations.

Cyber is the new strategic landscape that each country operates on, with a number of other countries actively engaged in cyberespionage as well. Those counties include Russia and several smaller Eastern European countries. However, China is still hacking into U.S. systems most often and has also been the most successful at it, according to Kellermann.

“That’s why you keep hearing about them,” he said. “It’s really people paying homage to their tactical acumen for information.”