Nice reporting by Paul Roberts at ThreatPost (Kaspersky Lab Security News Service, HT to Dave Emery) of some analysis of China's own cybersecurity amidst all this talk in Washington that the PLA is readying its killer opening "Assassin's Mace" blow in any fight over Taiwan or thereabouts. It opens nicely:
The official line in Washington D.C. is that there's a new Cold War brewing, with an ascendant China in the place of the old Soviet Union, and cyberspace as the new theater of war. But work done by an independent security researcher suggests that the Chinese government is woefully unprepared to fend off cyber attacks on its own infrastructure.
The gist that follows:
For the last 18 months, Dillon Beresford, a security researcher with testing firm NSS Labs and divorced father of one, has spent up to seven hours a day of his spare time crawling the networks of China's state and provincial governments, as well as stealthier networks belonging to the PLA and the country's top universities. Armed with free tools like Metasploit and Netcat, as well as Google Translate, he's pulled back the curtains on the state of cyber security in China. What he's discovered may come as a surprise to many U.S. policymakers and Pentagon officials.
Dillon BeresfordContrary to the image of China as a nearly invincible cyber powerhouse, Beresford says in an interview with Threatpost Editor Paul Roberts, that the fast-growing nation suffers from woeful cyber security practices at home that leave, literally, thousands of networks and databases vulnerable to even trivial, remote attacks. Beresford, whopublicized holes in domestic Chinese SCADA systems in September, 2010, said the country's aggressive cyber offense abroad, he said, is in stark contrast to an almost total lack of basic cyber defense at home that has left both classified and unclassified government networks vulnerable to attack and compromise.
Great post (really an interview with Beresford) and worth reading in full.
I have had some very smart people in DC warn me ominously about all of China's continuing military advances and I'm buying almost none of it. I see them putting up a Potemkin village of a defense designed, as Beresford suggests, to hide great weaknesses. It is a lot of wasted effort because the US has no intention of doing anything other than to scare China (deterrence), which makes China's showy counter-efforts to do the same all the more pointless.
As if there's nothing else to be done in this world that the planet's two biggest and highly interdependent economies insist on pursuing this asinine sideshow!
This is business as usual in the PNT, which hopefully Panetta disciplines better than Gates did. On the Chinese side, it's poorly supervised generals with too much money on their hands. The fiscal pain will solve the issue on our side, and the right crisis will inevitably reveal China's misaligned military - as in, not appropriate to their actual emerging global security needs. They remain in fighting-the-last-war mode - a good indication of their complete lack of recent operations that matter whatsoever (thus no learning). Let them field their carrier design alongside their new carrier-killer missile and think themselves so clever. I find most of it pathetically unimaginative and unbefitting their rise. They desperately need better military leadership on top.