Home » Armed Conflict, Foreign Policy, Intelligence, International Law

Cyberattacks against US Department of Defense increased in 2009, many coming from China

In case you missed this, the New York Times reports:

Cyberattacks on the U.S. Department of Defense — many of them coming from China — have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That’s a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will jump 60 percent this year.

The committee is looking into the security implications of the U.S.’ trade relationship with China. It released its annual report to Congress Thursday, concluding that a “large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities.”

“The quantity of malicious computer activities against he United states increased in 2008 and is rising sharply in 2009,” the report states. “Much of this activity appears to originate in China.”

“The cost of such attacks is significant,” the report notes. Citing data from the Joint Task Force-Global Network Operations, the report says that the military spent $100 million to fend off these attacks between September 2008 and March 2009. A Defense Department spokesman did not have any immediate comment on the report’s numbers Thursday.

Attacks on department systems have been rising steadily for years. In 2000, for example, only 1,415 incidents were reported. The increase is in part due to the fact that the U.S. military is simply better at identifying cyberthreats than it used to be, said Chris Poulin, the chief security officer of Q1 Labs, and formerly a manager of intelligence networks within the U.S. Air Force. The department figures are “probably more accurate now,” than they were nine years ago, he said.

Security experts have long known that many computer attacks originate from Chinese IP (Internet Protocol) addresses, but due to the decentralized nature of the Internet, it is very difficult to tell when an attack is actually generated in China, instead of simply using Chinese servers as a steppingstone.

Q1′s Poulin says that his company’s corporate clients in the U.S. are seeing attacks that come from China, North Korea, and the Middle East. “We do definitely see patterns coming from specific nation states.”

He said that because China’s government has taken steps to control Internet usage in the country, it could probably throttle attacks if it wanted to. “China’s defiantly initiating attacks,” he said. “State-sponsored? Who knows. But they’re certainly not state-choked.”

And, of course, these attacks raise the obvious international legal questions:

First, when does a cyber action violate Article 2(4) of the United Nations Charter. Article 2(4) provides:

All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.

Second, When does a cyber action rise to the level of an “armed attack,” thus engendering a right to use force in self-defense under Article 51 of the Charter? Article 51 provides, in part:

Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations, until the Security Council has taken measures necessary to maintain international peace and security.

Third, when can a state be held accountable for cyber actions¬† emanating from its territory? This is a particularly critical question with respect to China. If the cyber actions rise to the level of an Article 2(4) violation and the government of China is the instigator of the actions, then it can clearly be held accountable. But what if, as the article suggests, it is more a case of “state-toleration,” rather than initiation?

In 1994 my colleague and old friend, Robert J. Beck, and I explored¬† some of these same questions regarding for terrorist actions in “Don’t Tread on Us”: International Law and Forcible State Responses to Terrorism. Perhaps some of the suggestions we made in that article can be usefully applied to cyber actions too.

(HT: appsecurity)

Share/Bookmark this!

Leave a reply

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally recognized avatar, please register at Gravatar.


Connect: LinkedIn profile Connect: Twitter profile
Connect: LinkedIn profile

Welcome! Who am I?



Anthony Clark Arend is Professor of Government and Foreign Service at Georgetown University and the Director of the Master of Science in Foreign Service in the Walsh School of Foreign Service.

Commentary and analysis at the intersection of international law and politics.