- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Two recently-published books, "America the Vulnerable" by Joel Brenner, a former official at the National Security Agency (NSA) and "When Gadgets Betray Us," by writer and security analyst Robert Vamosi, have one theme in common: We've come to depend on modern networks and technology, but the compromise of them by attackers is a serious threat to both individuals and society as a whole.
"America the Vulnerable" by Joel Brenner
In "America the Vulnerable," Brenner, formerly inspector general at the NSA and chief of counterintelligence for the director of National Intelligence, says his work over the years gave him "a hair-raising view of the incessant conflicts being waged in cyberspace — conflicts short of war but involving concerted attempts to penetrate our nation's information systems and critical infrastructure.
China, he argues, has successfully compromised corporate networks and stolen huge amounts of sensitive trade and military information, with the U.S. government so far failing to take much action. Among the events recounted in his book, he points to an attack on Google which the company disclosed in 2010 -- as coming from China, in what has since been called "Operation Aurora." Brenner writes, "Operation Aurora didn't just hit Google. It was a coordinated attack on the intellectual property of several thousand companies in the United States and Europe -- including Morgan Stanley, Yahoo, Symantec, Adobe, Northrop Grumman, Dow Chemical, and many others."
In asking who did it, Brenner says "we can cavil about whether the right verb is 'directed' or 'oversaw' or 'authorized,' but the operation was approved at high levels of the government of the People's Republic of China. According to sources available to U.S. diplomats, Li Changchun, a member of the Politburo Standing Committee and therefore a top dog, did what lots of people do: He looked himself up on Google.cn. And what he found upset him: Chinese people were writing unpleasant things about him, which other Chinese people could find on Google. This should not have been too surprising for a man who was the country's senior propaganda official, nor was his response surprising. Li decided it was time to reassert control over China's information space. So he directed (or oversaw, or authorized) a payback operation."
"In the Google case there is no room for serious doubt that the PRC government was behind it," Brenner states, adding this was but one wave of many attacks coming from attackers in China with a relationship to the Chinese government, including the People's Liberation Army (PLA). (Read columnist Scott Bradner's take on this book.)
"They're big-game hunters who know what they're after," Brenner states. "And once inside a system they need be in no hurry. They can exfiltrate what they want when they want. Typically, they work during daytime hours — that is, daytime in China."
Brenner sees electric-power utilities here as particularly vulnerable to a well-coordinated malicious attack. And he laments that "nearly all North American industrial electric generators are made abroad, and nearly all the really big ones come from China and India — mostly China."