For China, U.S. government secrecy has been a boon. Cyber-warfare directed against American companies is reducing the gross domestic product by as much as $100 billion per year, according to a recent National Intelligence Estimate. Because companies are generally reluctant to admit they've been breached and because the National Security Agency, which works with these companies to assess Chinese cyber techniques, is surrounded by a cocoon of secrecy, China has been able to operate with impunity.
That soon will change.
In the coming weeks, the NSA, working with a Department of Homeland Security joint task force and the FBI, will release to select American telecommunication companies a wealth of information about China's cyber-espionage program, according to a U.S. intelligence official and two government consultants who work on cyber projects. Included: sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks.
Press reports have indicated that the Obama administration plans to give certain companies a list of domain names China is known to use for network exploitation. But the coming effort is of an entirely different scope. These are American state secrets.
Very little that China does escapes the notice of the NSA, and virtually every technique it uses has been tracked and reverse-engineered. For years, and in secret, the NSA has also used the cover of some American companies -- with their permission -- to poke and prod at the hackers, leading them to respond in ways that reveal patterns and allow the United States to figure out, or "attribute," the precise origin of attacks. The NSA has even designed creative ways to allow subsequent attacks but prevent them from doing any damage. Watching these provoked exploits in real time lets the agency learn how China works.
Now, though, the cumulative effect of Chinese economic warfare -- American companies' proprietary secrets are essentially an open book to them -- has changed the secrecy calculus. An American official who has been read into the classified program -- conducted by cyber-warfare technicians from the Air Force's 315th Network Warfare Squadron and the CIA's secret Technology Management Office -- said that China has become the "Curtis LeMay" of the post-Cold War era: "It is not abiding by the rules of statecraft anymore, and that must change."
"The Cold War enforced norms, and the Soviets and the U.S. didn't go outside a set of boundaries. But China is going outside those boundaries now. Homeostasis is being upset," the official said.
In essence, the NSA will give American companies the ability to fight back. The idea is two-fold. One: Behavior modification by exposing Chinese tactics, which, in theory, would embarrass the Chinese. Two: This will force China will develop new hacking avenues, but this will take time, giving U.S. companies the chance to catch up.
The NSA could do even more than this. It has some pretty nifty tools to use in terms of protecting cyberspace. In theory, it could probe devices at critical Internet hubs and inspect the patterns of data packets coming into the United States for signs of coordinated attacks. The recently declassified Comprehensive National Cyberspace Initiative describes the government's plan, informally known as Einstein 3, to address the threats to government data that run through private computer networks -- an admission that the NSA will have to perform deep packet inspection on private networks at some point. But, currently, the NSA only does this for a select group of companies that work with the Department of Defense. It is legally prohibited from setting up filters around all of the traffic entry points.
Government agencies, however, are a different matter. To protect the feds, the NSA provides the Department of Homeland Security with the equipment and personnel to do to the packet inspection. DHS (using NSA personnel) analyzes the patterns, sanitizes the data, and sends the information back to Fort Meade, where the NSA can figure out how to respond to threats discovered. DHS's jurisdiction does not include the military and U.S. intelligence agencies. That's the NSA's province.
No comments:
Post a Comment