It's no secret the U.S. and China are waging a clandestine cyberwar. National Security Agency director Gen. Keith Alexander says it's hitting home hard.
Testifying before the Senate Armed Services Committee yesterday, Gen. Alexander said that China is stealing a "great deal" of the U.S. military's intellectual property, adding that the NSA sees "thefts from defense industrial base companies." According to a story in Information Week, he declined to provide any information on those attacks. However, he did confirm speculation swirling around the security space that China was behind last year's attacks on RSA.
Those attacks proved extremely troublesome for U.S. defense contractors. A year ago, Chinese hackers allegedly stole data related to RSA's SecurID two-factor authentication devices. Soon after, that information was used to break through security safeguards at defense contractors Lockheed Martin, L-3 Communications, and Northrop Grumman. Although Lockheed said at the time that no data was stolen, it was forced to replace 45,000 SecurID tokens.
Gen. Alexander's confirmation of the RSA attack follows statements made to CNET last year by security experts saying that China was behind it all along.
His comments are just the latest in a string of reports discussing China's efforts to steal defense data. In January, for example, security company AlienVault reported that hackers in China had discovered a method of hacking into the U.S. Defense Department's data by distributing malware that could capture PINs off government employee smart cards. It's also believed China hacked the U.S. Chamber of Commerce and had access to its records for over a year.
All that, plus the countless other attacks hitting the U.S., have made some foreign-security experts question the government's ability to fend off foreign cyber threats.
"In private, U.S. officials admit that the government has no strategy to stop the Chinese cyberassault," former U.S. national security official Richard Clarke wrote in an op-ed piece in the Wall Street Journal last year, adding that the U.S. government "is engaged in defending only its own networks."
But China sees things another way. For one, it denies that it's targeting U.S. companies. The country also believes that it's actually the U.S. that's leading the cyberwar, and it needs to do more to protect itself in the coming years.
"The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak," the Chinese military wrote last year in its official newspaper, Liberation Army Daily. "Their actions remind us that to protect the nation's Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army."
Protecting Internet security also appears to be on the mind of Gen. Alexander, telling Information Week that the U.S. must "make it more difficult for the Chinese to do what they're doing."