« Our Congratulations to President-Elect Obama | Main | Army News on My Visit to Pentagon with WAC »

November 21, 2008

Blogbat Called it: BIG DOD Hardware Cyber Attack

 

 

 

UPDATE: A correction has been posted in the first paragraph, where I had incorrectly stated my previous post had quoted the Secretary of Defense as among those publicly expressing concern for the role of certain types of hardware as a security risk; however, my previous post actually cited the Secretary of Homeland Security, Michael Chertoff. My apologies for any confusion.

 

I would rather be wrong here, but I wasn’t.

 

Fox News is now reporting that the Pentagon has been “hit by an unprecedented cyber attack” and says the open door which allowed it was rogue hardware.  “As a result of the cyber attack”, Fox News says, “the Defense Department has banned the use of external hardware devices throughout a vast network of military computers.”

 

I hate to be the one to say this, but I warned about this explicitly, among other rogue hardware security risks, right here on this blog last month.  On 10 October, I pointed to the chorus of voices from the Secretary of Homeland Security to the private sector calling on the DOD to only allow hardware devices that were manufactured in the U.S. and to tightly control their use in light of China's interest in creating chips and other hardware with "built-in" malware capabilities, to say nothing of their aggressive HUMINT (human intelligence) information gathering on our soil. Maybe now someone will listen and take the threat seriously. We'll need to wait and see. I have to say it is extremely frustrating to see among elected officials, members of the Cabinet, and throughout our braintrusts the lack of common sense and serious availability of resources that weaken the very core of our defense infrastructure. More worrisome: the Obama administration likely promises to do little to make things any better, if not entirely the opposite, although we can always hope – I think that was a slogan once.

 

 

From a recent visit to the Pentagon with World Affairs Council (Photo courtesy U.S. Army)

 

The problem is that there is so much that is not right and quite dysfunctional in the area of information security these days, not only in our defense apparatus, but literally everywhere: our private sector – banks, shops, online retailers, the medical industry, corporate CEOs (who may be blackmailed); our public sector – DMV and other records, public officials (who may be blackmailed), and so forth; yet, we don’t seem too anxious about doing a thing to change it. As disappearing laptops with the information for thousands of clients, citizens, and bank records become a daily drone in the headlines, identity theft becomes the biggest crime out there, and network attacks and break-ins continue to skyrocket, very few seem to get that an economy, a government, and a military all built on the needle-head of technology can all be brought down with a single blow as never before. The Chinese and Russians and certainly the terrorists know this, which is why they are investing so much in prowling our networks and trying to infiltrate our systems to set them up for a catastrophic information meltdown – and each one of us for personal ruin. It is why the Chinese are making consumer electronic devices that connect to our computers such as digital picture frames or flash drives or the very chips that go into our computers containing Trojan horses and other malware intended to open up back doors to our systems and phone home to somewhere in the Communist regime. Incidentally, in case you are new to China and its sundry unfriendly exploits and failed to infer anything from their making rogue hardware, China is not our friend and never will be until it is democratic. What’s worse, we fed that alligator until it became strong enough to eat us, and eat us it will unless we wake up and develop a realistic defense strategy similar to that which Reagan brought forward and implemented to defeat the Soviet Union under eerily similar circumstances.

 

The dysfunction is real, but only part of the problem. In 1991, during Desert Storm, morale and force strength were at an all-time high for the period after Vietnam until now. Morale, probably at its highest since the end of World War II, began to wane not long thereafter, however, as troops realized that total victory – the policy under FDR, Truman, and those who had gone before them and  which replaced limited warfare – the failed Vietnam-era doctrine – under Reagan, would once again take a back seat and regime change would not be implemented against a truly evil dictator. This dictator, it turns out, would become far more troublesome for us in leaner years hence than he would have been during the fat years with relative international peace due to the collapse of the Soviet Union, relative domestic unity, high morale, and plenty of resources.

 

Nevertheless, morale was still at historic highs until the cuts and the multiple horrific misapplications of an under-resourced military began in earnest under President Clinton. During the 1990s, as Russia sought to renew its intelligence-gathering prowess and China sought to expand its own along with its overall global power military and economic, the U.S. cut its troop level to almost half of what it was in the Reagan years while sending the military on countless more missions – many with inadequate supplies such as we saw in Somalia or poor organization such as we saw in the Balkans. When George W. Bush took office, the new administration sought to make even further cuts. Donald Rumsfeld even declared that the U.S. no longer needed to be prepared to fight a war on two or more fronts; thus, he sought to further reduce the budgets and the capabilities the armed forces. These reductions, together with even more deployments after 9/11 with no real increase in funding or change in geostrategy encouraged a culture of neglect and poor morale to ripen. During the Korean War, for instance, the United States had over 64 divisions on the ready. In Vietnam, we still maintained a sizeable 40 divisions. These were significantly cut after the Vietnam War; however, the election of Ronald Reagan to office in 1980 began to see these numbers rise again, along with over all increases in the budget, smart strategies, and a boost in morale.  By the end of the Cold War, the U.S. had 28 divisions; today there are just 18. Meanwhile, between Vietnam and the end of the Cold War, there were but a few deployments – Lebanon, Granada, and the like. Since then, there have been over 43 deployments with only a sliver of the resources available that were there for a much larger military two decades ago. Second and third deployments among troops who have barely had a chance to see home, occasional poor quality barracks or hospital conditions, and the low number of qualified new applicants seeking to join the military (41% of otherwise qualified young people do not qualify because they are high school drop-outs or score too low on entrance aptitude tests) all contribute to this poor morale. Lastly, the threat of political scapegoating by politicians – as we saw with Rep. Jim Murtha, who sought to have troops from the Haditha incident prosecuted for war crimes even before an independent inquiry had determined any suspicion of guilt, contribute to our troops feeling as if they have been left out to dry. At the same time, other soft-power tools previously available to aid the military, such as the United States Information Agency, which was tasked with getting word out to other nations about United States  policies and intentions and to counter the negative propaganda circulating around the world, were terminated. Also, in an era of globalism, corporations were allowed to export slave factories abroad, at times mistreating workers or doing ecological damage and the U.S. Chamber of Commerce was given a free hand to open up trade with egregious human rights violators (that had also promised to destroy the United States), such as China in order to make a fast buck, all contributing to and aggravating a sense of resentment against the U.S. and doubt about its noble pro-democracy rhetoric. In an age of asymmetric “persistent conflict” as we ask our military to do more than ever before, we have given our military the fewest amount of resources – in terms of funding, good strategic planning, utilization of soft-power, moral support, and manpower – to get it done.

 

LTG David H. Huntoon discussing with us history and current trends (Photo courtesy U.S. Army)

 

It makes sense, then, that one should hear stories of civilian employees leaving their jobs at the Pentagon because the dysfunction was too great to bear or hear stories of some of our best and brightest retiring early from burnout. Ironically, last week as the cyber attacks were significantly ongoing, I participated in a Pentagon fly-in with several other members of the Dallas/Ft. Worth World Affairs Council. Over the course of the five hour visit, LTG David H. Huntoon, Jr. discussed with us just how dire things had become after eight years of Clinton and another eight years of G.W. Bush (although, of course, he declined to criticize the administrations specifically). During the half hour that he spoke, he repeatedly used words and phrases like, “we are out of balance”, we are “being stretched”, “there’s stress on the system”, and used the word “miserable" to describe our historic readiness and ability to predict the next conflict. He cited sustaining multiple back-to-back redeployments of our troops as one of the biggest morale drains and worried it could lead to catastrophic trouble in the long term. He sounded deeply concerned as he said simply that we don’t know what will happen because we have never been forced to do this before with such dwindling resources. While LTG Huntoon did believe that bonuses and nicer barracks and other amenities for those who chose to stay on after their time was up could help mitigate such a catastrophe in the short run, he seemed to intone that such a band-aid fix would hardly be enough to shore things up for very long. All he could do, all many of those who spoke that day could do, it seemed, was to hope for the best.

 

Thus we arrive at our original problem with which we began this piece: lack of information security for the Department of Defense. As I touched on in my previous post last month, it is, in part, due to the lack of computer hardware not made in China – or more ideally, made in the U.S., that a hardware-based threat exists to the degree that it does today. However, it also stems from an utter culture of neglect of our security apparatus as a nation, which began in earnest the moment newly freed men began pouring over the wall separating East and West Berlin. We, as a nation – in large part encouraged by an ignorant and foolish media and educational establishment that refused to learn the lessons presented so nakedly before us all by history because it could prove that folks like President Reagan were right all along – foolishly believed that our threats were eliminated, no new significant threats could emerge, and that democracy had won out. Indeed, who can forget the predictions of Francis Fukuyama, whose work, “The End of History” in a tone disturbingly reminiscent to Neville Chamberlain's "peace for our time" declaration, announced that democracy – and thus peace – had won out for good: “The triumph of the West, of the Western idea, is evident first of all in the total exhaustion of viable systematic alternatives to Western liberalism.” Thus began us down the sparkling path that denied every known reality of human nature and the nature of states and groups of men joined in common cause. The assumption was of course that, since many of those in the West had no other choice but to finally admit that democracy had significantly beaten back the dark specter of violent and totalitarian men, all totalitarian men and those who wished to one day become totalitarian would acquiesce. In other words, that the belief was universal, everyone had gotten the word, and nobody was a sorry sport about it. Communist China’s extinction of human rights via the bloodbath of Tiananmen Square, the stubborn cleaving to power of Panama’s Noriega, which forced our hand or Cuba’s Castro the same year and Saddam Hussein’s invasion of Kuwait the following year, which forced multilateral intervention, were dire warnings that all was not right, even for those unaware of what China and even Russia were up to. It is true that democracy had taken the ball closer to the goal line than it has ever before; it is also unfortunately true that our celebration prior to crossing that goal line throughout the 1990s was premature and caused us to lose possession of the ball to the extent that today there are many around the world who are writing works similar to Fukuyama except with a slightly different twist: call it the end of democracy. Our nation’s lack of understanding and anticipating this sort of push back – and indeed, feeding into it – not to mention being unprepared for anything other than small outbreaks of fighting among Eskimo tribes has left us in a very precarious position where our military is under-ready and over stretched and our elected officials have no interest in fixing it. Indeed, some congressmen, such as the self-same Barney Frank infamous for driving our economy into the trashcan almost single-handedly by resisting any oversight or investigation into Freddie and Fannie just a few years ago – has called for further military cuts starting with a 15% gash from the budget beginning in 2009. At a present 3.9% of our 2007 GDP, our defenses are already at a crisis level. Granted, as our GDP falls due to recession, that percentage may rise even as real spending numbers remain the same, giving those who wish to slash and cut even more vacant rhetoric with which to justify their misdeeds, but that would be simply smoke and mirrors.

 

Col. Robert Faillee discussing strategic concerns with our group (Photo courtesy U.S. Army)

 

The Pentagon hasn't said publicly who exactly has been exploiting the most recent cyber-breach, but I think it's fair to assume the usual suspects: Chinese IW (information warfare) has literally gone through the roof over the past few years as the PLA, MSS (Ministry of State Security), and other Chinese agencies have been mounting an ever more aggressive and sophisticated host of attacks against hardened targets for intelligence gathering as well as searching out ways to cripple the DOD's GIG (or Global Information Grid). At the same time, China has been caught on numerous occasion making chips infected with Trojan horses and other malware that phone home to that country, as well as a full spectrum of non-virtual but equally aggressive economic soft-power policies around the world as well as strengthening the force and influence of its military. Some have even begun using the word "empire". Russia, too, is fixed on revanchism, despite its diminishing population and oil profits and possibly partly because of them. When I asked Col. Robert Faille, Joint Staff Chief over the Strategic Effects Division what he thought our strategy should be right now to deal with states like China and Russia that do business with state sponsors of terrorism and even with terrorist entities, he hesitated for a moment, then responded a bit nervously that he truly hoped we would not be forced to face "a new Cold War" – in his words. Indeed, if that is what portends on the horizon, is there anybody out there other than the Russians and the Chinese – and a few pundits and our men in uniform who get it? Heaven help us all, if we don’t realize it and realize it fast.

 

 

UPDATE: The Telegraph just posted an article about a recent Congressional report telling us what I and others have been saying for quite awhile:

 

The report accuses China of using its foreign exchange reserves, built up through "heavy-handed government control" to buy influence.

 

In one recent example, a government sovereign wealth fund agreed to use the reserves to loan money to Costa Rica in return for its dropping diplomatic recognition of China's rival, Taiwan.

 

Meanwhile, it has built up its army of cyber-spies to such an extent that it can launch attacks "anywhere in the world at any time".

 

The number of attacks on US government, defence companies and businesses rose by a third in 2007, to 43,880 incidents affecting five million computers, according to the claims by the US-China Economic and Security Review Commission.

 

Some were so sophisticated that they might be impossible to counteract, or even detect. Meanwhile, its space programme, targeted at what one Chinese military strategist called "America's soft ribs", was steadily increasing the vulnerability of US assets.

 

"China is intent on expanding its sphere of control even at the expense of its Asian neighbours and the United States," it said.

 

Pentagon and other Washington studies have accused China of using computer hacking to steal information and threaten disruption to both civil and defence services before, and particularly since an alleged co-ordinated attack in 2002, code-named by the US "Titan Rain", downloaded huge quantities of information.

 

The report also cites unease about China possibly benefitting from the current world economic crisis. China, of course, is also likely pretty giddy about another study saying it and India are perched to overtake a waning U.S. by 2025. Indeed, China has reason to be expectant, unless, of course American decides to do something about it: Such rhetoric about the inevitable U.S. decline were quite the rage in the 1970s, as Rockefeller Republicans and liberal Democrats conspired mediocrity, but today, as it was when Reagan took office in 1980, our best days like ahead of us if only we decides. We and we alone have the power to determine how the rest of the book will read.

 

The increased attention given in the report to China's economic policy is another sign of that unease.

 

China has been accused of keeping its exchange rate too low, boosting its exports artificially and using the dollars it is forced to buy as a result of the policy to lend back to the United States, exacerbating the recent credit bubble.

 

"Rather than use this money for the benefit of its citizens – by funding pensions and erecting hospitals and schools, for example – China has been using the funds to seek political and economic influence over other nations," Larry Wortzel, the Commission chairman, said at the report's launch.

 

Since, at the end of the day, China is fundamentally nothing more than a more sophisticated version of the Soviet Union, its Communist government seeking to use all forms of power to establish worldwide domination and destruction of capitalism, freedom, and other basic human rights and the creation of poverty, oppression, and hopelessness.

 

Naturally, Congressional reports critical of China have been nothing new since the 1990s; however, they continually have fallen on deaf ears of Republican and Democrat presidents since the first Bush administration prior to Clinton, all of whom, in a significant policy reversal of the Reagan administration, have always bent over backwards to placate the Chamber of Commerce, even when it was not in our best strategic interest. These reports have “not deterred President George W Bush from pursuing ever closer business and diplomatic relations with China, a policy set in place by his father, the first President Bush.” One can certainly understand why this was the case with Clinton – after all, he received quite a number of suspicious campaign contributions from Chinese nationals and the like, but for the elder Bush – even with Tiananmen Square in fresh memory or the younger, one has to guess it has been the triumph of theory over reality once again.

 

“China is waiting anxiously to see whether an Obama presidency brings less hawkishness on international relations, or a more protectionist trade policy, which Beijing fears.” Beijing also fears a U.S. willing to stand with Third World countries against China’s unfair export prices which result from Chinese near-slave labor or outright slave-labor among its political prisoners. A strong human rights stand by the U.S. would benefit other countries in two ways: it would force China to implement fairer wages and conditions for its workers, thus creating a fairer market price for its products, and it would show the world the U.S. is ready to stand up for what is moral and just, not merely talk about it or focus its efforts entirely on Iraq or Afghanistan.

 

The commission called for legislation pressuring China to raise the value of its currency and to demand its main sovereign wealth fund, China Investment Corporation, disclose investments it is making in the United States.

 

"China appears far less likely than other nations to manage its sovereign wealth funds without regard to political influence that it can gain by offering such sizeable investments," the report said.

 

Would we really expect anything less? When will we finally drop theory and wishful thinking and acknowledge things for what they are? Time will only tell, but I pray for this nation and the world it is very much sometime soon. I have no doubt if we reach for that nobility that has made us great once more, it will not disappoint in giving us and the world another generation of peace and security with even further expanded freedom and prosperity. It is, as it always has been, in us to decide.

 

 

 

Our WAC group visit to the Pentagon, 7 November

 

*All statistics provided by Pentagon officials last week during the fly-in.

 

 

 

Posted by Martin at November 21, 2008 01:28 PM

Trackback Pings

TrackBack URL for this entry:
http://blogbat.us/mt/mt-tb.cgi/759

Comments

Excellent article. China has tried several other kind of cyber attacks over the past few years, and it did not seem that anyone took it very serious from out here in blog-land. But we never know what's going on behind closed doors at the Pentagon or anywhere else.

I'm going to post the first few paragraphs, with a link back here, so hopefully people will read your fine article and spread the word.

Posted by: Debbie at November 21, 2008 10:50 PM

Post a comment




Remember Me?