Security

The industry side of the military industrial complex is on the scent of the federal government's cybersecurity dollars.

Bloomberg has a year-end rundown on the efforts of the big defense contractors to tap into a market that could swell to $11 billion by 2013. Boeing and Lockheed, for instance, both set up new cyberdefense business units in the last six months, the news agency says, while Raytheon in the last 18 months has acquired a trio of network security providers and is looking to boost the number of its certified security engineers by 50 percent in 2009.

"The whole area of cyber is probably one of the faster-growing areas" of the U.S. budget, Lockheed executive Linda Gooden told Bloomberg.

Whether that is money well spent, however, is a separate question, as CNET News' Declan McCullagh pointed out recently in a look at the efforts of the U.S. Department of Homeland Security. Formed in 2002, the DHS has always had a stated mission of combating cyberterrorism.

More than six years later, and after spending more than $400 million on cybersecurity, DHS still has not accomplished that stated goal....

Along the way, DHS was regularly receiving poor grades--including an F--on computer security report cards released by a congressional oversight committee.

In fiscal 2008 alone, the federal government spent $115 million on the department's National Cybersecurity Division.

And that, of course, is just a drop in the bucket of Washington's monetary outpouring. Altogether this year, the U.S. government is expected to spend $7.4 billion to secure military, intelligence, and other agency computer networks, Bloomberg reported, citing market researcher Input.

Wired's Threat Level blog says that the outlays -- and defense contractors' need to acquire expertise --

will only be good news for computer security firms that have been struggling to stay afloat the last few years when the government and private sector showed little interest in spending money to secure computer networks.

In December, a commission established by the Center for Strategic and International Studies urged that President-elect Barack Obama create a National Office for Cyberspace. "America's failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009," the cybersecurity policy report says. "It is a battle we are losing."

Over the summer, when he was still a candidate, Obama said he would make national cybersecurity policy and leadership a top priority.

China is actively conducting cyber espionage as a warfare strategy and has targeted U.S. government and commercial computers, according to a new report from the U.S.-China Economic and Security Review Commission.

"China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report (PDF) delivered to Congress on Thursday.

The report cites news articles and testimony from U.S. officials like Col. Gary McAlum, chief of staff for the U.S. Strategic Command's Joint Task Force for Global Network Operations. It concludes that Chinese cyber attacks, authoritarian rule, and trade violations are impediments to U.S. economic and national security interests.

A spokesman for the Chinese foreign ministry, Qin Gang, said the report was misleading, impeding cooperation between the U.S. and China, and "unworthy of rebuttal," according to an article published late Monday in Secure Computing Magazine.

China is targeting government and private computers in the U.S., including systems operated by the biggest U.S. defense contractors, according to the report, which cited news articles. In 2005, hackers from China nabbed NASA files on the propulsion system, solar panels, and fuel tanks, and an aviation mission planning system for Army helicopters and Army and Navy flight planning software were stolen from the Army Aviation and Missile Command at Redstone Arsenal in Alabama, the report said.

China can access an unclassified U.S. military network called the NIPRNet (Non-secure Internet Protocol Router Network) and "views is as a significant Achilles' heel and as an important target of its asymmetric capability," according to the report. This "gives China the potential capability to delay or disrupt U.S. forces without physically engaging them--and in ways it lacks the capability to do conventionally."

The U.S. government also is at risk as a result of the global computer supply chain, the commission said. Computer components used by the U.S. and manufactured in China are "vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation," the report said. Hundreds of counterfeit routers made in China were found in systems throughout the Defense Department, it said.

The Chinese government is training citizens in cyber operations at military academies, and tolerates, or even encourages, actions taken by an estimated 250 hacker groups there, the report said.

Chinese military officials believe the U.S. is doing cyber espionage against China, and believe that by striking first with a cyber attack they can plant misinformation and hide their tracks, according to the report.

U.S. officials and lawmakers have complained about specific incidences where they believed Chinese representatives breached their systems. This summer, two congressmen who have been longtime critics of China's human rights record accused China of compromising computers that had information related to political dissidents. In the spring, government sources told the Associated Press that they were looking into allegations that Chinese officials copied data from a laptop left unattended in China by the commerce secretary.