Trusted Computing

[awk]

REPORT: Chinese Capabilities for Computer Network Operations and Cyber Espionage

March 8, 2012

http://www.uscc.gov/

"The U.S.-China Economic and Security Review Commission was created by Congress to report on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China. For more information, visit www.uscc.gov

Today the U.S.-China Economic and Security Review Commission released a report entitled: “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage.” The report details how China is advancing its capabilities in computer network attack, defense, and exploitation and examines issues related to cybersecurity, China, and potential risks to U.S. national security and economic interests.

"The United States suffers from continual cyber operations sanctioned or tolerated by the Chinese government" said Commission Chairman Dennis Shea. "Our nation's national and economic security are threatened, and as the Chinese government funds research to improve its advanced cyber capabilities these threats will continue to grow. This report is timely as the United States Congress is currently considering cybersecurity legislation, and the Commission hopes that this work will be useful to the Congress as it deliberates on how to best protect our networks."

"The report highlights China's extensive development of cyber tools to advance the leadership's objectives” said Commissioner Michael Wessel. “It's getting harder and harder for China's leaders to claim ignorance and innocence as to the massive electronic reconnaissance and cyber intrusions activities directed by Chinese interests at the U.S. government and our private sector. The report identifies specific doctrinal intent as well as financial support for government-sponsored cyber espionage capabilities. There's clear and present danger that is increasing every day."

This report was prepared for the U.S.-China Economic and Security Review Commission by Northrop Grumman Corp, and is a follow-up to a 2009 report prepared for the Commission by Northrop Grumman on the “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.”


Report Conclusions

Among other things, the report concludes that:

* Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict;

* Chinese commercial firms, with foreign partners supplying critical technology and often sharing the cost of the R&D, are enabling the PLA to receive access to cutting edge research and technology; and

* The Chinese military’s close relationship with large Chinese telecommunications firms creates an avenue for state sponsored or state directed penetrations of supply chains for electronics supporting U.S. military, government, and civilian industry – with the potential to cause the catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety.


Chinese Capabilities for Computer Network Operations and Cyber Espionage

http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf

Prepared for the U.S.-China Economic and Security Review Commission
by Northrop Grumman Corp.
March 7, 2012

The report finds:

(Here some snippets):

Computer network operations combined with sophisticated electronic warfare systems are increasingly an option for Chinese commanders as tools improve and more skilled personnel become available to the PLA. To counter sophisticated and multilayered U.S. C4ISR networks, China’s defense industries, have devoted resources over the past fifteen years to developing space-based and network-based information warfare capabilities to target U.S. systems in detail.

* Calling space “the ultimate high ground” the PLA has developed credible capabilities for direct ascent kinetic strikes against orbiting satellites, ground-based laser strikes, apparent capabilities for ground-based laser optical countermeasures to imagery satellites.

* Additionally, joint PLA and civilian research into CNE and CNA tools and techniques may provide a more advanced means to penetrate unclassified networks supporting U.S. satellite ground stations.

* Computer network attack research and development has focused on stealthier means of deploying tools via more sophisticated rootkits possibly delivering Basic Input/Output System BIOS level exploitation and attack on targeted computer systems.

[skip]

As the Chinese D-day draws closer, more direct offensive measures may be employed, possibly using tools that were pre-deployed via earlier CNE penetrations. CNE tools with BIOS destruct payloads emplaced on PACOM and TRANSCOM computers with an activation that is timed to correspond to other movements or phases of a larger Chinese campaign plan could create catastrophic hardware failures in key networks. CNE efforts against PACOM networks to understand the network topology and command relationships would provide the details as to where to place these tools to achieve the desired impact.

* BIOS destruct tools pre-placed via network reconnaissance and
exploitation efforts performed earlier in this two-week CNO campaign
might be activated to destroy the circuit boards of key the motherboard
containing the microprocessors necessary for the systems’ operation.

* Chinese writings on information confrontation and network attack
underscore the effectiveness of BIOS attacks as a means of destroying
hardware components, such as the motherboard containing the
microprocessors necessary for the systems’ operation.68

* Tools designed to destroy the primary hard drive controller, overwrite
CMOS RAM, and erase flash memory (the BIOS) would render the
hardware itself completely inoperable, requiring a full replacement
of motherboard components, not just an operating system reimaging,
to restore the system to full functionality.

* Attacking multiple servers at a specific command, unit, or base would
require the IT personnel to obtain necessary parts and physically replace
the destroyed components. Performing this replacement during peacetime
is a prolonged and expensive effort but during a crisis the potential delay or
network outage has the potential for significant delays depending on the
nature of the military unit or government agency targeted.