America's Declared (& Undeclared) Cyberwar

President Barack Obama issued an executive order in mid-February to make it easier for "eligible critical infrastructure" companies and the US government to share information about network attacks.

As the international cyberwar heats up, the executive order represents one of several ways the US government is attempting to protect national interests from network attacks and data theft. It is also the latest development in the US' reaction to increasingly common attacks that could have major implications on the world's supply chain.

The main goal of the executive order is to create more efficient best-practices and policies for protection against "the cyber threat to critical infrastructure, which continues to grow and represents one of the most serious national security challenges we must confront."

The executive order follows an article published in the Washington Post about a classified government report it obtained on international cyberattacks. Foreign governments, especially China, are directly or indirectly sponsoring "massive, sustained" cyberespionage campaigns that are putting US technology and development secrets at risk, according to the article.

Foreign governments, especially China, are directly or indirectly sponsoring "massive, sustained" cyberespionage campaigns, according to government investigators.

Same hack, different day
However, the claims are hardly new. The article in the Washington Post follows a report issued last year by the Office of the National Counterintelligence Executive, which monitors espionage against the United States. While previously largely limited to attacks against military and government networks, the National Counterintelligence Executive maintains that international cyberthieves are increasingly stealing US trade secrets from private firms and using them to gain an advantage in the undeclared economic war. Attacks originating from Russia, Israel, and France are also prevalent, but China is by far the worst culprit, according to the Office of the National Counterintelligence Executive.

The economic consequences in the United States from trade secret and other data theft by foreign parties are significant but difficult to quantify. The Office of the National Counterintelligence Executive said the attacks could cost the US economy up to $400 billion a year, but added that some estimates are substantially lower. However, speaking on a recent edition of Face the Nation, Bob Orr of CBS News cited estimates by House Intelligence Committee Chairman Mike Rogers who said cybertheft against US interests represents up to $400 billion in stolen intellectual property.

No innocents?
But as the US government seeks to shore up its cyberdefenses, it is not necessarily a passive participant in this undeclared cyberwar. The US government, according to French media reports, was behind attacks on the French president's residence during the months leading up to the presidential elections last year. Both the US and France would not comment on the reports, yet credible national French publications, including L'Express and Le Télégramme, confirmed that the attack took place. Le Monde, one of the most well-respected newspapers outside of the United States, cited a French diplomat who said he demanded an explanation from the US government about why it accessed then French President Nicolas Sarkozy's emails and other data.

The US and Israel were unofficially behind the Stuxnet virus attack. Considered to be one of the most complex and lethal virus programs ever coded, the virus succeeded in crippling the supervisory control and data acquisition (SCADA) systems that Iranian scientists supposedly use to enrich uranium.

The French presidential and Stuxnet attacks are, of course, just two examples of attacks against foreign interests that supposedly originated in the United States. To the extent that the United States does apply its vast arsenal of defense spending to cybersurveillance and even cyberwarfare remains the stuff of chat room discussions and information that will remain classified for decades from now, if it ever does become known.

Technology theft
But as network attacks against US interests ramp up, the US government is also obviously worried about how illegally obtained technologies will shift beyond the shores of the United States. The theft potentially has huge implications in the technology industry, since stolen technologies developed in the United States, which spends the most in the world on research, could be marketed and produced elsewhere.

Citing China as the main culprit, Rogers noted during the Meet the Press episode how product blueprints and know-how are stolen by data theft and then used to produce specific products.

Rogers said:

I mean, the Chinese basically are replicating these products about as fast as they can. And we're not doing very much about it. This is the first stage of what could be a very, very big problem if they turn this pillaging of wealth into attacking key systems.

However, the US government's more aggressive role in protecting intellectual property from cyberattacks should have at least some effect. The US government should also likely step up its more offensive actions in this covert cyberwar, although those actions will remain very covert.

Meanwhile, each skirmish and battle won could have a direct effect on which countries get to produce which technologies.

Related posts:

• Is Your Supply Chain Protected Against Cyberattack?
• Cyberwar: We Are All on the Front Line
• Where Should the Supply Chain Focus Its Security Efforts?