US and China Engaged in Secret Cyber War Games?

 

Yesterday, the London Guardian began a very interesting week-long series of articles called the “Battle for the Internet.”  The objective of the series is to highlight the “challenges facing the dream of an open Internet,” including everything from “states stifling dissent to the new cyberwar front line.”

Yesterday, the focus was on state censorship of the Internet, especially by China and Russia, as well as attempts by the U.S. government to help activists get around it. The Guardian also posted an interactive map of 74 countries and a ranking of each government’s attempts at controlling/interfering with what happens on the Internet.

Today, the daily's focus is the militarization of the cyberspace.  An "exclusive" story claims that the U.S. Departments of Defense and State, along with their Chinese counterparts, held two secret cyberwar games last year that “were designed to help prevent a sudden military escalation between the sides if either felt they were being targeted.” The Guardian says that another is being planned for May.

The Guardian states that the games were organized by Center for Strategic and International Studies and the China Institute of Contemporary International Relations.  The article reports that:

“During the first exercise, both sides had to describe what they would do if they were attacked by a sophisticated computer virus, such as Stuxnet, which disabled centrifuges in Iran's nuclear programme. In the second, they had to describe their reaction if the attack was known to have been launched from the other side.”

According to one observer of the games, the first game went well, but apparently the second one did not. Exactly why wasn’t discussed directly, but reading between the lines, the Chinese participants–specifically those from the People's Liberation Army–didn’t like the possible U.S. response if China was identified as a cyberwar aggressor. There was no word on what China would do if it was the victim of a U.S. attack, but I assume it would be similar to the U.S. reaction.

The other article the Guardian published today is a review of how cyberspace has become the next battlefield, and some ideas on where this militarization might be heading. The thrust of the article is that China currently is best equipped to launch cyber-attacks, and that the United States, the UK and other countries need to increase both their defensive and offensive cyberwar capabilities. What is obvious from the article is that a great cyber-arms race is well underway and doesn't look like it will be slowing down any time soon.

Marshaling the cyber skills needed to carry out these policy objectives continues to be a problem, at least for the U.S. and the UK. As a result, companies are turning to colleges and high schools to recruit hackers with the required skills. An article in Sunday’s LA Times reports how defense contractors such as Boeing are paying college students who won a cyber-security competition to hack into their systems. Another story in today’s LA Times discusses CyberPatriot: The National High School Cyber Defense Competition and how defense contractors such as Northrop Grumman (a major underwriter of the competition) and the U.S. Department of Homeland Security use it to “size up” the teens taking part and identify potential cyber warriors.

Finally, there is an LA Times story today on Cyber Intelligence Sharing and Protection Act of 2011, or CISPA, which aims induce improved sharing of IT security information among private companies and the U.S. government in order to thwart potential cyber-attacks.  While the objective may be sound, the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union are raising objections in regard to exactly what information is to be shared and how it is to be protected. For instance, the EFF has launched an online protest against CISPA on its website, claiming that, “If CISPA passes, companies could vacuum up huge swaths of data on everyday Internet users and share it with the government without a court order.”

While the politicians have been trying to address many of the privacy concerns raised by CISPA, I suspect that at the end of the day, more information than many of us would prefer will end up in the government’s hands in the name of security.

Photo: iStockphoto

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Advertisement