UPDATED: ManTech Cyber Expert Comment Added
WASHINGTON: One day after reports that China has launched powerful and persistent cyber espionage attacks on a wide array of US and allied weapons systems, including stealing blueprints for a new building to house Australia’s top counterintelligence organization, the Pentagon spokesman says this has not led to an “erosion of our capabilities.”
The Australian news may well be the most serious since the United States and Britain work very closely with Australia on intelligence matters, including some counter-intelligence issues, raising the possibility of a wider breach than just Australian counter-spy efforts.
Here’s what the Australia Broadcasting Corporation (a former employer of mine when I was in East Africa) reported:
Someone has stolen the blueprints, not just of the overall building but also of the communications cabling and server locations, of the floor plans, and the security systems. It was more than theft. It reeked of a espionage operation, someone had mounted a cyber hit on a contractor involved in the site. The plans were traced to a server in China.
The Australian Greens party — a key coalition partner to the current Labour government — described the hacking as a “security blunder of epic proportions.” On the other hand, wire services reported that Australian Prime Minister Julia Gillard said the ABC’s news reports about the security breach were “inaccurate,” but she did not say how or why they were inaccurate. Who is more accurate on this issue remains to be seen, but I’ll put my money on the ABC being more accurate than the prime minister. If the story is true, you can bet our experience dealing with the Soviet’s penetration of our new embassy in Moscow in the late 1980s will help inform the Aussie’s response.
“Among more than two dozen major weapons systems whose designs were breached were programs critical to U.S. missile defenses and combat aircraft and ships, according to a previously undisclosed section of a confidential report prepared for Pentagon leaders by the Defense Science Board.
“The systems named in a report by the Defense Science Board includes some critical to U.S. missile defense…..Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the U.S. military advantage in a future conflict.”
But the Pentagon’s top spokesman, George Little, issued a statement today expressing confidence in the weapons systems that were hacked:
“We maintain confidence in our weapons platforms. The Department of Defense takes the threat of cyber espionage and cyber security very seriously, which is why we have taken a number of steps to increase funding to strengthen our capabilities, harden our networks, and work with the defense industrial base to achieve greater visibility into the threats our industrial partners are facing. Suggestions that cyber intrusions have somehow led to the erosion of our capabilities or technological edge are incorrect.”
An independent expert, Ken Silva, senior vice president for cyber strategy at ManTech, said Little was probably close to the mark.
The extent of the information obtained in these most recent attacks is probably exaggerated by quite a bit. Although possible, it is doubtful that the most sensitive elements of these programs was exposed.
China, meanwhile, issued its usual claim that they don’t like hackers and don’t do stuff like this. If the Chinese government isn’t responsible for most of the hacker attacks launched from its soil, then the country has a bigger problem than any sensible person might want to think about. But the NSA and DISA folks I’ve spoken with over the last five years about this issue say there is little doubt that the Chinese military is behind these hacks. Given China’s opaque system, the Foreign Ministry probably has no idea what is happening. They didn’t know about the PLA’s anti-satellite test in 2007 and coordination between the military, the Foreign Ministry and the senior civilian leadership is ad hoc and often absent.