Sunday, June 7, 2009

Analyst: cyberwarfare arms race with China imminent

The article below is a strong critique of Kevin Coleman's written testimony.


Analyst: cyberwarfare arms race with China imminent

A security expert informed Congress last month that the United States is entering a cyberwarfare arms race with China. Some of his information, however, seems to be misleading, especially about China's "top secret" OS.

By Ryan Paul | Last updated May 14, 2009 2:35 PM CT

A congressional commission that reviews economic and security relations between the United States and China held a hearing last month on Chinese intelligence activities that impact national security. During this hearing, security expert Kevin G. Coleman of the Technolytics Institute think tank gave apresentation (PDF) on Chinese cyber-espionage efforts.

He warned that the United States is falling behind in technological defense capabilities and is largely unprepared for what he characterizes as the start of a cyber-warfare arms race. Coleman attempts to describe the threat posed by China's cybersecurity build-up, but how much of it is a sham? Some of his facts are misleading.

Coleman discussed several prominent threat vectors and outlined some areas where he believes that the US military needs to take action in order to boost its cyber-warfare preparedness. One of the topics that he addressed during the panel is the risk of hardware tampering. Much of the hardware used in computers and consumer electronics in the United States is manufactured in China and other parts of the world. Experts are concerned that foreign governments could integrate undetectable kill switches and backdoor access systems directly into hardware components.

"We need to examine in detail and further quantify the risk that the global supply of components, sub-assemblies, assemblies, sub-systems and systems pose to the integrity of our critical information infrastructure and our highly computerized military," Coleman said. "If we are not going to build everything we need here at home, then we need to advance the current testing and validation tools and techniques as well as our system covert compromise monitoring and detection capabilities."

When we covered the manchurian chip problem last year, we looked at a DARPA research program called Trust in IC which aimed to find a consistently reliable method for detecting when circuitry has been compromised. This program is ongoing, and is scheduled for completion in 2010.

Coleman also emphasized the need for continuous investment in cyberwarfare capabilities. He contends that China's rapid economic growth and increasing technological sophistication will give the country "global electronic dominance" within the next 10 to 40 years, enabling it to "outspend the United States and the rest of the world much as we outspent the Soviet Union in the cold war." In order to combat this threat, he said that the US government must acknowledge that "we are in the early stages of a cyber arms race and need to respond accordingly" by developing new cyber-warfare weapons and defense systems.

One particular area where he believes that improvement is needed is the military's capacity to detect the origin of cyberattacks. The growing use of zombie botnets by sophisticated attackers is making it harder to determine who is orchestrating attacks and where those attacks are originating. He suggested that one possible solution is to catalog the characteristics of malicious code and use that as a kind of "digital DNA" to help trace the software back to its creator. The large number of virus variants and the extensive sharing of code between malicious software programs makes it seem unlikely to me that such an approach will be tenable.

An overreaction?

Coleman warned that the Chinese are hardening their technical infrastructure and using new technologies that are believed to be more resistant to infiltration. He cited Kylin, an operating system that is allegedly unique and not based on mainstream platforms.

"This race was intensified when China created Kylin, their own hardened server operating system and began to convert their systems back in 2007," he said. "This action also made our offensive cyber capabilities ineffective against them given the cyber weapons were designed to be used against Linux, UNIX and Windows. Refer to our report - RED SOS."

This statement was widely reported by the press, but much of the coverage (and Coleman himself) appears to be of dubious accuracy. Kylin is not a new top-secret operating system, it's a publicly available FreeBSD derivative that was created by academics for research purposes with funding from the Chinese government. Contrary to Coleman's assertion that it is immune to cyber weapons designed to target Linux and UNIX, Kylin is actually designed to comply with UNIX standards and has a Linux binary compatibility layer. Certain aspects of Kylin's design are documented in mainstream computing journals like IEEE. Its hardening features include filesystem encryption and access control frameworks. In fact, its security features appear to be roughly equivalent with those of the average commercial Linux distribution.

Coleman's mischaracterization of Kylin raises questions about his agenda. He references his own studies for virtually every major statement that is included in his presentation, but not all of these studies—such as the one about Kylin—are publicly available. There is no way to verify his facts or determine if his policy recommendations are based on sound principles.

No comments: