E-mail updates
Follow on Twitter
Subscribe to RSS
Rick Wilking / Reuters file
First Lt Michael Newman examines a server rack that is isolated from the Internet at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colo., in July 2010.
The United States is locked in a tight race with China and Russia to build destructive cyberweapons capable of seriously damaging other nations’ critical infrastructure, according to a leading expert on hostilities waged via the Internet.
Scott Borg, CEO of the U.S. Cyber Consequences Unit, a nonprofit institute that advises the U.S. government and businesses on cybersecurity, said all three nations have built arsenals of sophisticated computer viruses, worms, Trojan horses and other tools that place them atop the rest of the world in the ability to inflict serious damage on one another, or lesser powers.
Ranked just below the Big Three, he said, are four U.S. allies: Great Britain, Germany, Israel and perhaps Taiwan.
But in testament to the uncertain risk/reward ratio in cyberwarfare, Iran has used attacks on its nuclear program to bolster its offensive capabilities and is now developing its own "cyberarmy," Borg said.
Borg offered his assessment of the current state of cyberwar capabilities Tuesday in the wake of a report by the American computer security company Mandiant linking hacking attacks and cyber espionage against the U.S. to a sophisticated Chinese group known as “Peoples Liberation Army Unit 61398.
According to a new White House report released today, cyber spying and other forms of economic espionage are a growing national security threat – especially from China, where hackers are able to quietly and discreetly acquire source code from U.S. companies. NBC's Andrea Mitchell reports.
In today’s brave new interconnected world, hackers who can defeat security defenses are capable of disrupting an array of critical services, including delivery of water, electricity and heat, or bringing transportation to a grinding halt. U.S. senators last year received a closed-door briefing at which experts demonstrated how a power company employee could take down the New York City electrical grid by clicking on a single email attachment, the New York Times reported.
U.S. officials rarely discuss offensive capability when discussing cyberwar, though several privately told NBC News recently that the U.S. could "shut down" the electrical grid of a smaller nation -- Iran, for example – if it chose to do so.
Borg echoed that assessment, saying the U.S. cyberwarriors, who work within the National Security Agency, are “very good across the board. … There is a formidable capability.”
“Stuxnet and Flame (malware used to disrupt and gather intelligence on Iran's nuclear program) are demonstrations of that,” he said. “… (The U.S.) could shut down most critical infrastructure in potential adversaries relatively quickly.”
China, Russia have different priorities
Borg said China and Russia have similar capacity to cause mayhem, but have different priorities and skill sets.
usccu.us
Scott Borg says the U.S. possesses a 'formidable capability' to wage cyberwar.
“Russia is best at military espionage and operations,” he said. “That's what they have focused on for a long time. China is looking for crucial business information and technology. China's main focus is stealing technology. These things quite separate. You use different tools on critical infrastructure than you use for military espionage and different tools again on stealing technology."
Borg said that each has its strong suit. "The Russians are technically advanced. The Chinese just have more people dedicated to the effort, by a wide margin,” he said. “They are not as innovative or creative as the U.S. and Russia. China has the greatest quantity, if not quality."
Borg said the group featured in Mandiant’s report, the People’s Liberation Army Unit 61398, may be one of the most important groups working in China, but not necessarily the most important.
"There are at least two dozen groups carrying out aggressive operations against the U.S.,” he said. “They get in each other’s way and trip over one another, but they are all operating with the tacit approval of the Chinese government.
"They're not cooperating with each other because they don’t share capabilities," he added. "One group has good programming, but is bad at access or targeting."
The Chinese hacking efforts are so broad, Borg said, that the highest-ranking Chinese officials “almost certainly do not know what all the groups are doing,” or the consequences. As a result, he added, they have been embarrassed by reports like the one in Tuesday’s New York Times, which first reported on the Mandiant assessment.
China is the most likely of the superpowers to leave a calling card, making their work the easiest to track. "China is very arrogant in its authorship of cyberweapons,” Borg said. “It does little to conceal its identity."
That’s in sharp contrast to the Russians, who he noted are not above writing code in Chinese to throw off investigators.
While the U.S. could respond to ongoing cyberattacks from China and Russia by shutting down the power grid of "any of its adversaries” and causing severe physical damage, Borg said it is encumbered by several factors.
One is its vulnerability to cyberwarfare as the world’s most networked nation, he said.
And from a geopolitical standpoint, Borg said, the U.S. would not want to badly damage the economy of either China or Russia. In fact, he said, the U.S. would almost certainly have to incorporate protections for critical systems like the power grid in any cyberattack.
Also, detecting the source of hostilities is not always easy, Borg said, as cybertracks are not as easy to follow as missile tracks. That means “mutually assured destruction,” the main strategic tenet of the Cold War, is problematic at best when talking about cyberwar, he said.
"It might be difficult to determine proportionate response,” he said. “It might not be simple to attack the attacker.”
For example, policymakers may think an attack has been carried out by the Chinese, when it was actually the work of the Russians or a rising power in the cyber world, like Iran. That is why intelligence -- getting insight into these operations -- is more important in a crisis than cyberforensics, which can take longer and not be as certain.
"There is no MAD in the Cold War sense," he said, "You can’t be 'assured' of attribution. The attack can be anonymous. It can be spoofed," or disguised as coming from another source.
Iran developing 'serious capability'
The U.S. first began to develop its own offensive capabilities 20 years ago when several strategic thinkers, particularly at the Naval Post-Graduate School, began to see the possibilities. It was not so much a strategic priority, but more "people familiar with electronics and hackers exercising their imagination." (Borg says one of those thinkers, Winn Schwartau, used fiction to discuss the threat and the possibilities, in a 1991 book, "Terminal Compromise.")
While the U.S. has the means to respond and to defend itself, Borg notes that some countries have no recourse. He cited the Russian invasion of the Republic of Georgia in August 2008, when the Georgian government and media infrastructure was quickly compromised.
What was particularly interesting, Borg said, was that the Russian military and intelligence services weren’t directly involved.
"The first wave was carried by organized crime," he noted. "The second wave was carried out by a (hacker) group organized though social media.” He said Russian hackers could download the attack software from a variety of popular sites, including dating and gun-collecting websites.
In both cases, Borg concluded, the organizers apparently were tipped off early about the timing of Russian military operations, he said.
The attack on Georgia also illustrated another aspect of cyberwarfare, Borg said, noting that Georgia, Estonia and Lithuania afterward formed a cyberalliance, leaving them in a better position to deal with future assaults.
That also appears to be the case with Iran, which recently announced that it decided to establish cyber army and claimed to have 4,000 to 5,000 military personnel involved in defensive and offensive operations. That isn’t all bluster, Borg said, noting that when the U.S. leveled new sanctions on Iranian banks last year, U.S. banks suddenly came under attack.
"Iran is developing a serious capability," said Borg. “It's exaggerating the present capabilities, but it’s working toward the future."
That’s especially troubling because the risk of smaller nations waging cyberwar against one other may be higher than with the online superpowers, he said.
He cited reports indicating that Iran may have been behind what he called one of the more serious cyberattacks to date -- an assault last August on the Saudi Aramco computer network that disabled more than 30,000 computers used to control the flow of Saudi oil. The Saudi Interior Ministry blamed "foreign countries" for the attack.
Borg said he believes the attack was an "Iranian fundamentalist attack ... at some point loosely the under auspices of Iran, and blessed by Iran. The fundamentalist group made a claim of responsibility. ... “Based on technical analysis, the claim has credibility."
For that reason, Borg says he is less worried about the possibility of China or Russia launching a catastrophic attack against the U.S. than he is about the emerging cyberpowers.
“What I’m really concerned about isn’t Russia or China, but attacks from Iran or terrorist groups working with state actors,” he said.
More from Open Channel:
Lights, cameras, reaction: Resistance builds to red-light cameras
Suburban Chicago cops allowed to work 'half drunk,' investigation shows
GAO: Climate change poses big financial risk to federal government
Follow Open Channel from NBCNews.com on Twitter and Facebook
Leave a Comment:
Like the atomic bomb in the 1940's, the US had a monopoly on cyber warfare since the internet began up to the point where other countries developed their own people's software capabilities. I sincerely doubt that the US government and all those US software develoers have just sat on their laurels over the past few years. The offensive capabilities of the US in cyber warfare are extremely classified but I have no doubt that it could undermine any computer based infrastructure in any country. As for defensive capabilities the problem with defending is the US is its antiquated and fractured public and private control of basic infrastructure like the electric grid, water, pipelines and transportation. The decentralized control, however, may also be its saving grace as a cyber attacker cannot just break in to one source to exercize full control and if it got into one system hopefully the other unaffected parts can cover while the attack is netralized. Redundancy, cross purposing software and human ingenuity in face of a cyber attack is the key to defense.
OBAMACARE Now PROVIDES..
FREE..LOBOTOMIES..as Evidenced by All the Liberal recipients on This Site..
and For ALL you seniors..,
who were worried about Social Security Benefits....fear Not..
OBAMACARE Provides..FREE..Euthenesia..for you..
Yes and Obama Care can help you with you addiction to Troll Aid.
OH NO NOT THE BORG, now we are in trouble, resisance is futile, oooooh nnooooooooo!.
Today it's industrial espionage. Tomorrow it will be our banking system and the day after that the power grid. I would suggest that Civil Defence , local authorities and individuals take prudent precautions about what to do when it happens.
Many mature people have know along since back around 1993 when the Internet came into the public sector, that this kind of thing will probably be inevitable.
Tonight..on NBC..
Chinese Acrobats..How do they do that..?
OBAMA Guest appearence..
Will Sing,"Somewhere..Over The Rainbow." Accompanied..by The Red Army Chorus
BIG BROTHER
BIG OBAMA....
little...you..people
china, russia, iran, korea, muslim brotherhood;
a bankrupt America,
Fore warn our enemies of our every military move,
comrade obama has emboldened all of our enemies!!!
Time to impeach comrade obama for treason!!!
ONCE again it proves AMERICA GOVERMENT don,t think ahead not like years before . NOW they have their heads in the sand and don,t think ahead at all . SORRY they do think about their personal interest & what good for their party &how much money they will get $$$$$ in the meantime AMERICA goe,s to hell .
Remember..
By March 1st..
You need to Have Your Social Security...Micro-Chip..Implants.
It's Painless..It's easy..Local Health providers ...will assist you
So you can have access to the Internet link..
so the government..can keep us ALL...safe..
OBAMA
A
BRAVE
MAN
IN
A
" BRAVE
NEW
WORLD "
We are weak right now, vulnerable, for a reason.
People need to separate what they consider real change in the human machine and any progress we have made with great struggle over the last two thousand years, it simply has not been long enough with regards to evolving for any change at all to have been imparted on our bodies or brains. Millions of years are required for an animal to improve with regard to it's genetic function, any differences we see now from two thousand years are simply the result of breeding, the "survival of the fittest" short term (generational) change, small changes like being taller or having a somewhat longer lifespan. So the argument I make here is that our basic machine is the same machine the Pharaoh's ruled Egypt with, the same biological machine Ghengis Khan had. We can attribute all of our advances to technology, a more sophisticated society, and better education. We are wrong when we think we can no longer have tyrants like Stalin because we have "evolved." The only difference between a homicidal racially prejudiced misanthrope dictator like Adolf Hitler and any one of us is perhaps our quality of mental health and beliefs. Each one of us with improper education and possibly mental issues could be Hitler. The only real way to maintain our grip on what we have accomplished since the time of Christ is to never become complacent and never assume that leaders are always acting with the interest of the country in mind, to always think about what the issues are and regard the facts in proper perspective each on our own. Do not assume that people in government don't do their job and obstruct the country's progress because they are patriotic. Consider they may be obstructing things deliberately and are in fact like Benedict Arnold, a general during the revolutionary war that defected to the British. Yes I believe the possibility of a traitor and treason in our midst still exists today, to deny it is to be naive. Know that America's real enemies (not just terrorism), the other world powers that oppose our way of life like Russia and China, have been quiet for decades, but have not been idle. Evidence is surfacing they have been hard at work all along, facilitating a cyber attack on the U.S.A. that will cripple it long enough to invade. Do you think the Russians thank Reagan for the sanctions and grand speeches leading to the fall of the Berlin wall and the political and economic collapse of U.S.S.R. that followed? Russia was the origin of nearly all new viruses after Microsoft caused the collapse of their bootleg computer industry as well. The greatest mistake we make is to think we are safer than ever, running our government like we drive, on cruise control while using a smart phone, drinking coffee. We are about to have a fatal accident, wise up! No more obstruction, it's treason when it makes us weak enough for our enemies to step in and and take over, and steel your resolve, we as a nation execute our traitors. By the way I hear Boehner is teaching Mandarin Chinese classes in his spare time.
Nice, time to increase the rates of my contracts...
This is all such a load of malarkey... You cant hack what isn't connected to the internet. In a time of war, the connections between countries will be severed. Especially if cyber warfare is a real threat. None of these systems should be connected to the internet, and should all be on closed networks. They become unhackable then. Unless they get a person inside to use a terminal.
This is nothing but BS to suck money out of taxpayers for some pet project. Using the usual fear mongering to do it.
the us would be most affected by a cyber attack because overall we are so cushy and weak on an individual level. my neighbors go crazy after 6 hours of a power outage.
We should have some power outage right now as these Troll s are like flies on BS.
America will lose in any serious cyberwar. Why? Because the American people, or the majority at least, don't take it seriously and don't have the strength to see it through. We've seen the same thing in previous, conventional wars and a cyberwar will be no exception to our lack of collective strength.
It's probably much easier to shut down the electrical grid of a nation than it is to build one up or make it secure.
China better launch the attack soon then, because we are going off the electric grid and gasoline supply with photovoltaic panels on our roofs, along with electric only cars. Panels are even sold on Amazon now, about $160 each (145w), you will need batteries as well and a charging set up.
Every country is Evil except the good ole U.S. of A.. The entire world knows that the U.S. only does good things and is always looking out for the welfare of others.
Why is it that it seems like the U.S. always seems to get it shoved up the old ass by our enemies. We should be doing to China, Russia, North Korea and Iran....even more of what they do to us. Why we don't you ask.....because they do not fear us for any retaliation because we have a wimp in the White House. All Barry ever wants to do is...TALK and more TALK. Well, TALK has made us the laughing stock of the world. They all say America won't do anything.....all they do is TALK about it, but will never really do anything. Thanks Mr Obama. Harry Truman's corps could do a better job than the Obama man.
Because the ol' Bush hoax, that was that Iraq had weapons of mass destruction, was not a war so much as the 12th grade bully quarterback of the football team picking on a five year old picking his nose. It was a lie and Bush did it to have a war so a lot of his pals could get richer in the process, nevermind he borrowind billions from China and lost over 4000 military men and women's lives as well. Basically, Iraq war is a joke, they were not even capable of defending themselves against a nation like the U.S. and we knew it, Bush saw the glory and military $$$ contracts and his eyes glazed over, lie, lie, and lie some more, go to war!
You play with the big boys you don't go to war, you go MAD. That's Mutually Assured Destruction, for the youg people, the boys, the noobs. We nuke till we can't nuke no more, and when the dust settles there's nothing but glass and poison for millions of years. But I guess for people that don't know about the "cold war" and other important things they teach in places like "school" we won't mention there's no facebook on a dead planet, no smart phones either.
What can we expect when our commander in chief is a muslim
Name, "Borg" and he deals with electronic espionage and cyber warfare! He also looks, in his photo, like a cold well groomed alien or an android!
Are these guys for real...or just making up stories to keep more Americans connected to Israel's war on Iran? Are these guys treating Americans and global citizens as mental sheep and macho soldiers following instructions from these guys, built on their perpetual paranoia, prejudice and power, to satisfy their fears and war addictions?
Are these complaints and concerns real...or made up and exaggerated for the purpose of "another military funding and war"?
Are these complaints and concerns another deflection for what they themselves are doing?
Sending spyware into our computers and then blaming Russia, China, Iran or Ireland...maybe Vanuatu (a tiny island somewhere in the South Pacific).
Name "Borg"...father "Android" ; Mother "Security Aficionado" and Brother "Perpetually Paranoid Peter"....from the super duper ancestors of "Military Minds" with suspicion, deception, power, control, conflicts and wars as the sole identity, purpose in life and the world.
"Borg"'s Son: "More" Funding for ""More" Wars!
People's Response: No more funding for your war boy toys and get a real job...in "Olive Garden" or "White Castle" or something.
What the fu&*^ ! When did espionage, spying on citizens and legal immigrants, manipulating their computers and lives become a full time job for Americans who cannot invent anything intelligent for people...including a decent ironing possibilities in your house (without the old board and hot iron)?
"Borg"...get a real "boring" job! Okaiiiye?