Original URL: http://www.theregister.co.uk/2008/06/06/china_infowar_response/

Cyber B52 strikes mooted as response to Chinese infowar

PHP is our profession...

By George Smith, Dick Destiny

Posted in Government, 6th June 2008 11:44 GMT

"I have watched this thing grow... to the incredible proportions it has reached today. I have studied the facts ... facts, and by projecting the statistics I realized the time has come to act. I realized I had to act before the entire will and vitality of the free Western world was sapped and polluted and made rancid... The absolutely fantastic thing is that the facts are all there for anyone who wants to see them."

Are they the words of some expert ranting about Chinese hackers causing blackouts in the US? Or just your author being tricky, lifting a quote from General Jack D Ripper in Peter George's script for Dr. Strangelove.

While it looks obvious here, the mixed nuts are harder to discern in the mainstream news. CNN put an "expert" named Gordon Chang on primetime on the 29th. If you were in the States and watching you learned Chinese cybermen had been having a field day, inflicting a digital Pearl Harbor on the country, not once, but twice.

CNN's Pentagon correspondent, Jamie McIntyre, was puzzled: "This term cyber warfare sounds kind of, you know amorphous, kind of hard to get your hands around it..."

Fifteen minutes later, Chang, author of an unintentionally hilariously entitled book called The Coming Collapse of China vaguely informed the news network, "Well, they say that two of those were really the Chinese caused blackouts in the United States, one in 2003 and the other..."

For Chang, "they" were a couple of chatterers from the press, more specifically, an article in the National Journal, a publication nobody but Congressional staffers and producers and editors of news organizations in Washington, DC, reads. (We'll get to it briefly in a moment.)

"We've always knows that our civilian networks, which are not protected as well as the defense ones, can be taken down, but we never really had a demonstration that it could, indeed, actually happen until a couple of years ago," continued Chang.

Pick a scare, any scare

The news story demonstrated one common feature of all stories on cyberwar. You can say anything you wish and not suffer a beatdown. The most remarkable, even ludicrous, things can be claimed. Once on paper, it's fair to discuss such things as if they had the reality of a piece of granite.

Since the Chinese had been causing blackouts, Chang reasoned the US government ought to show some backbone and give them a talking to. Angela Merkel of Germany had shown it. She had told off the Chinese premier, it was claimed. But Defense Secretary Bob Gates was not so bold. Gates had even had his e-mail hacked by the Chinese, claimed Chang.

But back to the National Journal. It had published an article entitled "China's Cyber Militia," one which fueled the paranoia of Dr. Strangelove crazies. The facts were all there for everyone to see, implied the magazine, and the Chinese "had possibly triggered two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts."

"Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention," reported the magazine. And then came the procession of private sector consultants, stating things were otherwise. The magazine's report was lengthy, working through the logic that the truth of a thing is determined by the number of Americans who can be found to assert it. In another manner of speaking, if one can fill a room with bull, hearsay and gossip, there's always a magic tipping point where it transforms into fact, like lead turns into gold when touched by the Philosopher’s Stone in alchemy.

To spend too much time arguing details is to be drawn into the deranged world of the American way of threat description. Absence of proof is not proof of absence, goes the slogan, and before you know it, you're off to war.

But long-time readers know how the cyberwar game has played for close to a decade.

By way of example, in November of 1999 the Washington Times published a front page story entitled "China Plots Winning Role in Cyberspace."

The hypothetical scenario of catastrophe was produced.

"China could launch a devastating computer-run sabotage operation by attacking U.S. oil refineries, many of which are grouped closely together in areas of Texas, New Jersey and California... A [Chinese] computer attacker could penetrate the electronic 'gate' that controls refinery operations and cause fires or toxic chemical spills," it was said.

For close to ten years, there has been a constant parade of characters peddling this manner of paranoid threat-assessment. Older names like John Hamre, Richard Clarke, James Adams or Michael Vatis have drifted away, replaced by younger characters, functionally equivalent. It has always been apparent that many were and are involved in a process which included fear-mongering and shakedowns for funding. It was a bipartisan activity, a constant small collective of experts and officials more accurately, if impolitely, described as mischief-makers and eccentrics massaging a part of the government/private sector security collaborative. The mainstream media has generally been a compliant enabler of them.

But what if in the space of ten years, it has just been a coincidence that we've been plagued by whispering pests from the professional doom industry? What if China actually has stolen a march and made fantasy into reality? Let's conduct a thought excursion and pretend it's all real, every last word, and the infrastructure is in danger of being torched, the lights turned out.

The cyber bomber gap

What would the United States do? Start carpet-bombing? Carpet-bombing, in this case, means having a force of cybermen and their own vast military botnet to launch DDOS attacks.

In "Carpet-bombing in Cyberspace," an article from the Armed Forces Journal, Col. Charles W. Williamson III writes "America needs the ability to carpet bomb in cyberspace to create the deterrent we lack."

There is a carpet-bombing gap in cyberspace, it is said. "We are in [a new arms race] and we are losing," asserts Williamson. China has the greatest capability for cyber carpet-bombing because "analysts think China has the world’s largest denial-of-service capability."

The US can offset this by investing in its own military botnet, sort of like not allowing the Russkis to take the lead in mineshaft digging in Dr. Strangelove.

When it comes to carpet-bombing a foreign country's cyberspatial infrastructure, the proper intelligence will be important, reasons Williamson. But no capability should be particularly restricted by details. If the US blows some puny country off the Internet and it turns out that their computers were only being used by others, the retaliation will have had, in any case, a warning effect. After all, a weapon has no deterrence if you keep it a secret. And besides, they'll probably have had it coming.

"Brute force has an elegance all its own," the man says.

Script fragment from a hypothetical remake of Strangelove: "Now, if we can speak freely, sirs, we think the Chinese flash a big game but, frankly, they're short on know-how. You can't take a bunch of ignorant peasants and expect them to understand a machine like one of our boys. If you see one of our cybermen from the Air Force - their slogan's "Above All" - they're really sharp. They'll barrel our DDOS attack in so low, you've just got to see it sometime!" (Manic stare, chomps cigar) ®

George Smith is a senior fellow at GlobalSecurity.org, a defense affairs think tank and public information group. At Dick Destiny, he blogs his way through chemical, biological, and nuclear terror hysteria, often by way of the contents of neighbourhood hardware stores.