The computerized critical infrastructure of the US is "severely threatened" by cyberattacks now occurring on an "unprecedented scale with extraordinary sophistication."
That's the headline Dennis Blair, director of national intelligence, offered the Senate Select Committee on Intelligence Tuesday. But it was the largely unreported details he unpacked that could provide the wake-up call for government and private industry, whose computer networks he says are now under persistent and subtle assault.
In his remarks, Mr. Blair concluded that:
• Sensitive information is “stolen daily from both government and private sector networks.”
• Investigations are finding "persistent, unauthorized, and at times unattributable presences on exploited networks, the hallmark of an unknown adversary...."
• The US cannot be certain its cyberspace infrastructure will be available and reliable in a crisis.
• The US and the world face greater vulnerability to disruption as a result of the trend toward convergence of voice, facsimile, video, computers, and controls that operate critical infrastructure on a single network: the internet. These include banking, power, and water supplies
• Cyberthreats are increasingly subtle and sophisticated. Last year saw the deployment of “self-modifying malware, which evolves to render traditional virus detection technologies less effective.”
Such attacks are already happening, confirmed Daniel Geer, chief information security officer for In-Q-Tel, a nonprofit venture capital firm funded by the Central Intelligence Agency, at a security conference for the oil and gas industry in Houston in November. Other cybersecurity experts cite a growing threat from so-called "polymorphic" spyware that can change its digital signature to millions of different combination to evade identification by anti-virus software.
In this new scenario, a single piece of malware often has multiple characteristics. Its digital signatures can morph to evade detection. At the same time, it can spin off decoys intended to be caught to make it appear as if an attack has been thwarted.
The recent sophisticated attacks on Google should be a "wake-up call,” Blair said. His remarks echoed recent reports that show the problem is not only coming from clever hackers, advanced viruses, or organized cybercrime gangs – but from “nation states,” too.
"Many [of the most sophisticated attackers] have the capabilities to target elements of the US information infrastructure for intelligence collection, intellectual property theft, or disruption," Blair said.
Countries see repeated cyberattacks
More than half of the 600 IT managers operating critical infrastructure in 14 countries reported being recently hit by "high-level" adversaries such as organized crime, terrorists or nation states, according to a new global survey of information technology executives by the Center for Strategic and International Studies in Washington late last month.
A majority of the group hit, 59 percent, said they thought their computer networks and controls systems were under "repeated cyberattack, often from high-level adversaries like foreign nation-states."
Blair's comments might be news to the Senate, but cybersecurity experts face these threats daily. The "persistent" threat he referred to, for instance, is known widely as the "Advanced Persistent Threat" or APT within the security community. It's also shorthand for state-sponsored "foreign intelligence" operations and sometimes just "China."
"These are not ‘slash-and-grab jobs’,” says Rob Lee, a director at Mandiant, a leading cyber security firm. "The goal of the intruder is to occupy the network. These are professionals, not people doing this at night. This is someone's full-time job from the initial breach to lateral movement across the network, the actual occupation, then the ex-filtration of data - there are clear lines of responsibility between different actors going on."
Is China to blame?
According to Mr. Lee and other experts, the common thread in the APT is connected to China. Among 40-45 very sophisticated attacks in the past year, about two-thirds were “China related,” he said.
Shawn Carpenter, principal forensics analyst at NetWitness Corporation, concurs. He says that in a number of cases he has traced malware code back to Chinese hacker sites and to Chinese character sets in software compilers used to create the code. "You can put together some pretty compelling links that trace their way back to China," he says.
Representatives of the Chinese Embassy regularly rebut such criticisms, as they did with a Monitor report last month on cyber attacks targeting the US oil and gas industries.
Washington: Internet domain company GoDaddy.com said it planned to stop registering domain names in China, joining Google Inc in protesting cyber attacks and censorship in that country.
"We believe that many of the current abuses of the Internet originating in China are due to a lack of enforcement against criminal activities by the Chinese government," said Go Daddy Group Inc general counsel, Christine Jones.
She said GoDaddy had repelled dozens of extremely serious attacks that appear to have originated in China in the first three months of 2010.
Jones said GoDaddy, based in Scottsdale, Arizona, would continue to manage .cn domain names of existing customers.
"Our experience has been that China is focused on using the Internet to monitor and control the legitimate activities of its citizens, rather than penalizing those who commit Internet-related crimes," Jones said.
Google said in January that it had sustained a hacking attack that it said originated in China. This week Google shut its Chinese portal over censorship and said it planned to phase out deals to provide filtered search services to other online or mobile firms in China.
Google said visitors to its China search engine, google.cn, were being redirected to Hong Kong-based google.com.hk.
"I compliment Google and I compliment GoDaddy," said Democratic Senator Byron Dorgan, chairman of the Congressional-Executive Commission on China, which focuses on human rights in China.
Republican Representative Chris Smith said GoDaddy's action was "a powerful sign that American IT companies want to do the right thing in repressive countries."
Google told the commission it was seeing intermittent censorship of some Internet queries from mainland China that had been rerouted to Hong Kong.
"We are well aware that the Chinese government can, at any time, block access to our services," said Google's director of public policy, Alan Davidson.
"Indeed we have already seen intermittent censorship of certain search queries on both google.com.hk and google.com."
Internet censorship has drawn increased attention from U.S. lawmakers since Google's spat with China began and a policy initiative by US Secretary of State Hillary Clinton to promote global Internet freedom.
"This is a foreign policy priority of the United States," said Democratic Senator Ted Kaufman, co-chair of the Senate's newly formed Global Internet Freedom Caucus.
No comments:
Post a Comment