Today's date:

Fall 2007

Chinese Hacking Signals Age of Info Warfare

Retired Adm. Bobby Ray Inman is the prestigious “elder statesman” of the United States’ intelligence community, having served in posts ranging from director of Naval Intelligence to vice director of Defense Intelligence and director of the National Security Agency to deputy director of the CIA. Inman spoke with NPQ in September.

NPQ | The US secretary of defense, Robert Gates, has publicly accused the Chinese People’s Liberation Army (PLA) of hacking into Pentagon computers over the summer. Germany’s chancellor, Angela Merkel, has a made a similar charge regarding her country’s defense computers. The British and the French also report hacking into their defense systems from China. The Chinese government denies it. What is going on?

Bobby Ray Inman | We are seeing governments learning to exploit the vulnerabilities that modern information technology brings along with all its virtues.

We’ve seen the Estonians claim that Russia hacked into their systems as punishment for some actions they took the Russians didn’t like. We’ve now had this whole series of incidents that came from China.

This tells us two things: First, our information systems have a lot of vulnerabilities for which there is at present little defense. Second, it is not surprising that many countries are examining their capacity to damage or gain advantage against others’ computer systems as they build capability for a new form of 21st-century electronic warfare.

Now, are the Chinese hackers government-controlled or rogue individuals? For me, the sophistication of the focus, specifically on government and defense, clearly suggests it is controlled by the military or intelligence structures. Individual hackers who are looking to make money or just cause trouble are likely to be exploring the vulnerabilities of commercial systems.

NPQ | Presumably American intelligence is also probing the vulnerabilities of the Chinese system?

Inman | Yes. One would suspect that any modern country would be looking at the vulnerabilities of other countries they might on some occasions want to exploit.

NPQ | How much should the West be concerned about China’s cyber-spying or potential cyber war?

Inman | What concerns me is that if we are vulnerable to government hacking, we are vulnerable to sophisticated terrorists as well. After 9/11, I chaired a commission on American vulnerabilities to terrorist attacks. Like most commissions, we focused on ports, harbors, aircraft, airports, transportation in general and power plants.

Once we got past these obvious targets, what surfaced was the wide-open vulnerabilities of all our utility systems across the US, which are all computer-controlled. A terrorist group can blow up one power station with a large bomb and cause a local blackout; a hacker can take out the whole grid and shut down power across entire regions.

Six years after the 9/11 attacks, I still don’t see much activity defending ourselves on this front.

NPQ | How do these latest hacking attacks from China relate to the incident earlier this year where the Chinese destroyed a communication satellite in space with a missile?

Inman | It fits exactly the same pattern of preparing for information warfare. What is not clear to me is how much of this is the PLA operating on its own, or to what degree do they seek and have political approval for their activities. I don’t automatically assume that the PLA probing for computer vulnerabilities abroad has political approval from the top.

NPQ | What is this, Pakistan, where the head of state doesn’t know what the intelligence agencies are up to and can’t control them?

Inman | Precisely. That is not a good situation.

NPQ | So, cyber-spying is the new Cold War and cyber war is the new battlefield of the future?

Inman | As one looks at the degree to which we now use instant communications for everything—including sharing information among intelligence agencies—it is to that same degree that we’ve become vulnerable. Securing or damaging electronically transmitted information is now the name of the game.