Page 1 of 2 China cyber-war: don't believe the hype
By Peter Lee
The United States has made the interesting and perhaps significant decision to generate a crisis around Chinese cyber-intrusions as the Obama administration enters its second term. With its typical careful, methodical preparation, the Obama administration has been gradually rolling out the Chinese cyber-threat product since November 2011 with escalating evidentiary indictments of Chinese hacking, but without overtly linking these activities to the Chinese government or military. 
The most recent shoes to drop were the detailed brief drawn up by Mandiant Corp against the PLA's Unit 61398, allegedly the PLA
outfit in the white office building in Shanghai's Pudong District that phished, lurked, and drained information from the New York Times and many other US businesses, and the subsequent calling out of the PRC by name for its cyber-sins by National Security Advisor Tom Donilon. 
People hoping for a reset in US-Chinese relations - including the PRC - may feel a twinge of disappointment that the United States has decided to hype another point of US-PRC friction.
Then again, there is the interesting question of whether the White House is trying to conduct a measured escalation, but is getting stampeded by the threat inflation/budget boosting priorities of the US national security apparatus and its eager handmaiden, the Western media.
Donilon came up with a nuanced approach to Chinese cyber-mischief during his speech to the Asia Society, which deserves to be quoted at length.
Bypassing the issue of cyber-spying against military and government targets that probably falls into the grey area of "everybody does it and why shouldn't they", and defining and limiting the issue to a specific and remediable problem - the massive state-sponsored PRC program of industrial and commercial espionage against Western targets - Donilon's framing placed "cyber-theft" in a category similar to the intellectual property gripe, also know as systematic piracy of US software, as an info strategy condoned by the Chinese government:
Another such issue is cyber-security, which has become a growing challenge to our economic relationship as well. Economies as large as the United States and China have a tremendous shared stake in ensuring that the Internet remains open, interoperable, secure, reliable, and stable. Both countries face risks when it comes to protecting personal data and communications, financial transactions, critical infrastructure, or the intellectual property and trade secrets that are so vital to innovation and economic growth.
It is in this last category that our concerns have moved to the forefront of our agenda. I am not talking about ordinary cybercrime or hacking. And, this is not solely a national security concern or a concern of the US government. Increasingly, US businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale. The international community cannot afford to tolerate such activity from any country. As the President said in the State of the Union, we will take action to protect our economy against cyber-threats.
From the President on down, this has become a key point of concern and discussion with China at all levels of our governments. And it will continue to be. The United States will do all it must to protect our national networks, critical infrastructure, and our valuable public and private sector property. But, specifically with respect to the issue of cyber-enabled theft, we seek three things from the Chinese side. First, we need a recognition of the urgency and scope of this problem and the risk it poses - to international trade, to the reputation of Chinese industry and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace.
We have worked hard to build a constructive bilateral relationship that allows us to engage forthrightly on priority issues of concern. And the United States and China, the world's two largest economies, both dependent on the Internet, must lead the way in addressing this problem. 
This rather unexceptionable and reasonable demand that the PRC reign in its gigantic program of economic/commercial hacking, ie cyber-enabled theft as Donilon put it, and give US businesses a break, was not good enough for the Christian Science Monitor, which has apparently shed, together with its print edition, the sober inhibitions that once characterized its news operations.
The CSM's headline:
US tells China to halt cyberattacks, and in a first, lays out demands
Obama's national security adviser, Thomas Donilon, spelled out a more aggressive US stance on the cyberattacks, saying China must recognize the problem, investigate it, and join in a dialogue. 
Note in the CSM story the effortless slide down the slippery slope from cyber-theft to cyber-espionage to cyber-attacks (and for that matter, "should" and "needs" to "demands"). Well, fish gotta swim, birds gotta fly, and eyeballs have to be wrenched from their accustomed paths and turned into click-fodder.
And don't get me started on the Pentagon:
A new report for the Pentagon concludes that the US military is unprepared for a full-scale cyber-conflict with a top-tier adversary. The report says the United States must increase its offensive cyberwarfare capabilities. The report also calls on the US intelligence agencies to invest more resources in obtaining information about other countries' cyberwar capabilities and plans.
The Washington Post reports that the report says that the United States must maintain the threat of a nuclear strike as a deterrent to a major cyberattack by other countries. The report notes that very few countries, for example, China and Russia, have the skills and capabilities to create vulnerabilities in protected systems by interfering with components.
The report emphasizes that defensive cyber capabilities are not enough, and that the United States must have offensive cyber capabilities which, when needed, could be used either preemptively or in retaliation for a cyber attack by an adversary. 
Security consultant Bruce Schneier addressed the threat inflation issue (and the dangers of trying to design and justify retaliation in the murky realm of cyberspace) in a blog post on February 21:
Wow, is this a crazy media frenzy. We should know better. These attacks happen all the time, and just because the media is reporting about them with greater frequency doesn't mean that they're happening with greater frequency.
But this is not cyberwar. This is not war of any kind. This is espionage, and the difference is important. Calling it war just feeds our fears and fuels the cyberwar arms race.
In a private e-mail, Gary McGraw made an important point about attribution that matters a lot in this debate.
Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy.)
Those of us who work on security engineering and software security can help educate policymakers and others so that we don't end up pursuing the folly of active defense.
This media frenzy is going to be used by the US military to grab more power in cyberspace. They're already ramping up the US Cyber Command. President Obama is issuing vague executive orders that will result in we-don't-know what. I don't see any good coming of this. 
Not to worry, is the US attitude.
The United States apparently feels that it can "win the Internet" by harnessing the power of the invincible American technological knowhow to the anti-Chinese cyber-crusade.
In another of the seemingly endless series of self-congratulatory backgrounders given by US government insiders, the godlike powers of the National Security Agency were invoked to Foreign Policy magazine in an article titled Inside the Black Box: How the NSA is helping US companies fight back against Chinese hackers:
In the coming weeks, the NSA, working with a Department of Homeland Security joint task force and the FBI, will release to select American telecommunication companies a wealth of information about China's cyber-espionage program, according to a US intelligence official and two government consultants who work on cyber projects. Included: sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks.
Very little that China does escapes the notice of the NSA, and virtually every technique it uses has been tracked and reverse-engineered. For years, and in secret, the NSA has also used the cover of some American companies - with their permission - to poke and prod at the hackers, leading them to respond in ways that reveal patterns and allow the United States to figure out, or "attribute," the precise origin of attacks. The NSA has even designed creative ways to allow subsequent attacks but prevent them from doing any damage. Watching these provoked exploits in real time lets the agency learn how China works.
And amid the bluster, a generous serving of bullshit:
Now, though, the cumulative effect of Chinese economic warfare - American companies' proprietary secrets are essentially an open book to them - has changed the secrecy calculus. An American official who has been read into the classified program - conducted by cyber-warfare technicians from the Air Force's 315th Network Warfare Squadron and the CIA's secret Technology Management Office - said that China has become the "Curtis LeMay" of the post-Cold War era: "It is not abiding by the rules of statecraft anymore, and that must change."
"The Cold War enforced norms, and the Soviets and the US didn't go outside a set of boundaries. But China is going outside those boundaries now. Homeostasis is being upset," the official said. 
A more impressive and evocative term than "upset homeostasis" to describe the US cyber-war conundrum is "Stuxnet".
The Obama administration's cyber-maneuverings have been complicated and, it appears, intensified, by the problem that the United States "did not abide by the rules of statecraft" and "went outside the boundaries" and, indeed, became the "Curtis LeMay of the post Cold War era" when it cooperated with Israel to release the Stuxnet exploit against Iran's nuclear program.
That was a genuine piece of cyber-warfare, the effort to sabotage a critical military facility in a pre-emptive attack.
The Obama administration admitted the central role of the United States and President Obama personally in the Stuxnet attack, apparently in a desire to demonstrate his genuine, Iran-hating credentials to skeptical conservatives and national security types prior to the November 2012 presidential election.