Cyber Roundup (3/13): Senate hearings, hacker angst, China willing to ‘talk’, and more . . .

A quick survey of recent cyber news, in an effort to keep pace with the deluge of articles.

***

Terril Yue Jones reported for Reuters on China’s supposed willingness to discuss cybersecurity with the U.S.  This follows a speech by U.S. National Security Advisor Tom Donilon wherein Mr. Donilon said “we need a recognition of the urgency and scope of this problem and the risk it poses—to international trade, to the reputation of Chinese industry and to our overall relations . . . Beijing should take serious steps to investigate and put a stop to these activities . . . we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace.”

According to Jones, here was the Chinese response:

China is willing . . . to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain the security, openness and peace of the Internet . . . Internet security is a global issue. In fact, China is a marginalized group in this regard, and one of the biggest victims of hacking attacks.

The Reuters article continues with a few more form Chinese denials.

I propose a new drinking game: anytime there is an article on China and cybersecurity, and the exact words “China is one of the biggest victims of hacking attacks” appears, you drink.

***

Along similar lines, Paul Rosenzweig wrote for Lawfare and offered analysis on the Donilon speech.  As a quick summary, Mr. Rosenzweig noted three things:

1. This is the first time the Administration publicly called out the Chinese over their pervasive cyberexploitation.
2. The Obama administration gave the Chinese a “diplomatic out” by asking them to better enforce their already standing cyber laws rather than pointing to state-sponsored hacking.  In this sense, the Administration “is willing to start the conversation by pretending that the hackers are rogue actors who are outside the bounds of Chinese law and policy.”
3. The U.S. wants to talk to China directly on this issue.

***

Reuters’ Mark Hosenball and Patricia Zengerle reported on how U.S. intel community leaders testified that “cyber attacks and cyber espionage have supplanted terrorism as the top security threat facing the United States.”  Interestingly, the DNI played down the risk of a cyber Pearl Harbor.

Gen. Keith Alexander (CyberComm/NSA) also testified before the SASC on the three CyberComm teams (National Mission, Cyber Combat Mission, and Cyber Protection force) and cyberattacks on private companies.

While we’re on the topic, John Reed wrote for Foreign Policy and also covered Gen. Alexander’s testimony.  Reed discussed several new types of CyberComm “teams”, noting that Gen. Alexander testified that CyberComm will field “13 offensive cyber teams that are tasked with deterring destructive cyber attacks against the United States.”  How these teams fit into the broader National Mission/Cyber Combat Mission/Cyber Protection Mission force concept is beyond me.

arstechnica’s Dan Goodin picked up the same story, arguing that this was “the first time ever [that] the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime.”  Is that true?  I don’t know.

J. Nicholas Hoover covered Gen. Alexander’s testimony on sequestration’s impact on CyberComm for InformationWeek Government.

***

Reuters reported (via FoxNews) that “President Barack Obama will sit down on Wednesday with corporate leaders to discuss efforts to improve cyber security in private industries amid rising concern about hacking attacks emanating from China.”

Reuters’ Susan Heavey with some quotes from President Obama (right before the CEO meeting):

You always have to be careful with war analogies . . . there’s a big difference between them engaging in cyber espionage or cyber attacks and, obviously, a hot war . . . We’ve made it very clear to China and some other state actors that, you know, we expect them to follow international norms and abide by international rules.  . . .

***

John C. Wohlstetter had an interesting opinion piece for The Wall Street Journal arguing that Chinese hackers is a misnomer considering they are more like spies.  Unfortunately, the article may be behind a paywall, but if not, it’s a good read.

***

 Barbara Demick wrote a fantastic article for the Los Angeles Times on the blogging habits of a Chinese hacker.  The Los Angeles Times apparently tracked down a blog written by a Chinese hacker named Wang (that narrows it down tremendously).  Wang details his PLA hacker lifestyle, lamenting (according to the LA Times) that it is “[n]othing at all like the unkempt hackers of popular imagination” with an 8 a.m. to 5:30pm workday, required military uniform, “no money and little free time”, and the promise of ramen noodles waiting for him.  Interestingly, Wang read The Economist and Harvard Business Review to brush up on his English, but “his boss rebuked him for reading too much foreign press.”

Wang went on to say that “[f]ate has made me feel that I am imprisoned . . . I want to escape . . How can passionate young people like us handle a prison-like environment like this?”

That’s deep, Chinese hacker bro.

There’s more to the LA Times article, check it out here.

***

Now turning to one of Wang’s favorite publications, The Economist covered the most extensive cyberattacks in the Czech Republic’s history.

***

Via InformationWeek Security’s Mathew J. Schwartz, a debate over whether to play offense or defense on China hack attacks.

***

Alexis C. Madrigal for The Atlantic on whether the best intelligence is cyborg intelligence.