- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
CSO - A recent Pentagon report blaming the Chinese military for cyberattacks on U.S. government computers and defense contractors marks an escalation in rhetoric, but offers no surprises, experts say.
[ALSO: The worst data breaches so far]
The report, released Monday, marked the first time the Obama administration had directly accused the Chinese government and the People's Liberation Army of using cyberweapons to steal intellectual property and gain a military and economic advantage.
The Pentagon said the Chinese government views electronic warfare as a way to counter U.S. military superiority by making it possible to cut the flow of information during a time of crisis.
While the report upped the ante in U.S. efforts to curtail Chinese cyberattacks, its findings did not shock experts, who already assumed a lot of what the Pentagon disclosed.
"This isn't earthshaking, as I have thought this has been the case since 2003," said Murray Jennex, an associate professor at San Diego State University and an expert in information systems security. "However, it does signify that mainstream decision makers in the U.S. government are willing to publicly state it is so."
Because of the difficulty in tracing the origin of cyberattacks, China's involvement has always been suspected, but not proven, Jennex says. The report indicates that the U.S. government now has the evidence.
The question is whether the report indicates the government is willing to launch its own cyberoperations against China? "I think it does and I wonder how that will translate into other actions, such as trade restrictions," Jennex says.
The advantage of having high-level administration officials discuss the problem publicly is it builds awareness among private industry, said Ron Gula, chief executive of network security company Tenable and a former penetration tester in the National Security Agency. Many companies do not direct enough resources toward security, unless to meet regulatory requirements.
"You would expect security to be the number one thing for people, but it's not," Gula said.
The Chinese government has denied any involvement in cyberattacks against the U.S. government or private industry. In a briefing following the release of the report, a spokeswoman for China's Foreign Ministry said the Pentagon offered nothing but "groundless accusations" and "hype," Reuters reported.
China is not alone in building cyberweapons or conducting electronic spying. The U.S. spends billions of dollars each year on cyberdefense and on developing cyberweaponry. Gen. Keith Alexander, director of the NSA and commander of the military's Cyber Command, has told Congress that he is developing a dozen offensive cyberunits to launch attacks against foreign computer networks, if needed, according to The Times.
Whether built by China or the U.S., there's no guarantee cyberweapons will be effective, given the newness of the technology and the complexity of getting it into the right computer systems and having it perform correctly without being discovered, Gula said.