Chinese hacking motives remain a riddle
SAN FRANCISCO – When Telvent, a company that monitors utilities, water treatment plants and more than half the oil and gas pipelines in North America, discovered last September that the Chinese had hacked into its computer systems, it immediately shut down remote access to its clients' systems to assure that no outsider could seize control of them. Company officials and U.S. intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?
Was the People's Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs into the system so they could cut off energy supplies and shut down the power grid if the United States and China ever confronted each other in the Pacific? Or were the Chinese hackers just trolling for industrial secrets, trying to rip off the technology and pass it along to China's own energy companies? Telvent ultimately managed to keep the hackers from breaking into its clients' computers, but the attackers' motivations remain unclear.
At a moment when corporate America is caught between what it sees as two different nightmares – preventing a crippling attack that brings down America's most critical systems, and preventing Congress from mandating that the private sector spend billions of dollars protecting against that risk – the Telvent experience is a study in ambiguity.
To some it is prime evidence of the threat that President Barack Obama highlighted in his State of the Union address, when he warned that "our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems," perhaps causing mass casualties. Obama called anew for legislation to protect critical infrastructure, which was killed last year by a Republican filibuster after lobbying by the Chamber of Commerce and other business groups.
But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears – the subject of weekly research group reports, testimony and congressional studies – may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.
U.S. intelligence officials believe that the greater danger to the nation's infrastructure may not even be China, but Iran, because of its avowal to retaliate for the Stuxnet virus created by the United States and Israel and unleashed on one of its nuclear sites. But for now, these officials say, that threat is limited by gaps in Iranian technical skills.
There is no doubt that attacks of all kinds are on the rise. The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at "an alarming rate," according to a December agency report.
Some 198 attacks on the nation's critical infrastructure systems were reported to the agency last year, a 52 percent increase over 2011.
Researchers at McAfee, a security firm, discovered in 2011 that five multinational oil and gas companies had been attacked by Chinese hackers. The researchers suspected that the Chinese hacking campaign had affected more than a dozen companies in the energy industry. More recently, the Department of Energy confirmed in January that its network had been infiltrated, though it has said little about what damage, if any, was done.
But researchers say the majority of those attacks were as ambiguous as the Telvent case. They appeared to be more about cyberespionage, intended to bolster the Chinese economy. If the goal was to blow up a pipeline or take down the U.S. power grid, the attacks would likely have been of a different nature.
Intelligence experts believe the primary reason China is deterred from conducting an attack on U.S. infrastructure is the simple economic fact that anything that hurts America's financial markets or transportation systems would also have consequences for its own economy.
Obama has been vague about how the United States would respond to a cyberattack targeting infrastructure. But no one in the administration argues that the United States should respond, with cyber- or physical retaliation, for the theft of secrets.
The administration has failed to convince Congress that the first line of defense to avert catastrophic cyberattack is to require private industry – which controls the cellphone networks and financial and power systems that are the primary target of infrastructure attacks – that they must build robust defenses.
A bill with such requirements was defeated last year amid intense lobbying from the Chamber of Commerce and others, which argued that the costs would be prohibitive.
Read more here: http://www.sacbee.com/2013/03/04/5233305/chinese-hacking-motives-remain.html#storylink=cpy
--
Check out http://groups.yahoo.com/group/californiadisasters/
Read my blog at http://eclecticarcania.blogspot.com/
My Facebook: http://www.facebook.com/derkimster
Linkedin profile: http://www.linkedin.com/pub/kim-noyes/9/3a1/2b8
Follow me on Twitter @DisasterKim
__._,_.___
No comments:
Post a Comment