Examining the role of China in U.S. cybersecurity policy

China is a country that is developing quickly, both militarily and technologically, and many security experts think the country poses a serious threat to the United States.

Amit Yoran is CEO of Netwitness, a company that focuses on network monitoring, incident response, data leakage and other issues.

He was also director of cybersecurity for the Department Homeland Security during the Bush administration.

Yoran talks about a new report Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation written by a group of experts from Northrop-Grumman for the U.S.-China Economic Security Review Commission.

The report looks at what threats China potentially poses in cyberspace.

"There's a lot of activity, as the report eloquently points out, going on in China around cyber. Some of it [is] directly sanctioned as a nation-state; some of it is more ideological, militia-type oriented or research oriented; but, I think, irrefutably there is a high volume of what I would generally characterize as very threatening activity coming from China."

There is an important distinction between the behaviors of spying and malicious attacks.

Yoran said the U.S. government looks at these as two distinct categories of threats, which means they are handled differently.

"One is computer network attack, which is focused on bringing systems down or denial-of-service attacks or other methods of destroying data information or rendering systems useless and making them unavailable. The second is computer network exploitation, which is perhaps more nefarious and more surreptitious. You access a system, you compromise the system, you collect intelligence, you retrieve data, but you don't necessarily tip off your adversary that you've compromised their system."

He said the potential for damage is great with either type of attack, but computer network exploitation seems much more intimidating.

Many countries are not capable of directly attacking the United States, so they choose to covertly maneuver in the cyber-world, instead.

"This is very asymmetric warfare. You wouldn't want to take on the U.S. Military head-on, but this is, in fact, a soft underpinning not only of the U.S. Military but of our government and our economic base. American industry uses technology and IT for advantages and competitive efficiencies -- and, really, that exposure is . . . being actively leveraged by not only China, but other nation-state actors and clearly a lot of online criminal activity."

It's not a black and white situation, however. Yoran said that globalization has changed the dynamics of the relationships between the world's major economic powers.

"That said, while it may make an attack and the bringing down of a power grid less probable or less attractive as a course of action for China or other governments out there, it doesn't make the espionage element of this . . . Any less likely. If anything, I would suggest it makes them more likely. If Chinese companies are competing with U.S. Companies for routers and switches for a global infrastructure or for aircraft sales . . . those very much become fair game in this new world where their government, in organized ways, can go after -- and does go after -- American enterprise."

Unfortunately, Yoran said, this new way of conducting war has a theater of operation that favors the aggressor.

"It is far easier to target, attack and exploit a system than it is to defend any large enterprise, U.S. Government entities or otherwise. The technologies that we have in place -- and we've been placing over the years -- in terms of firewalls and intrusion detection systems, security information management systems and anti-virus products -- these things are really effective technologies at dealing with known threats.

"When you're talking about advanced threats -- when you're talking about a nation-state adversary or a complex criminal enterprise, they're going after you with new methods [and] new techniques that are targeting your particular infrastructure. So, the defenses and the ability to defend ourselves and the products we use to defend ourselves are almost by definition inadequate."

Thus, Yoran said that he feels that it is of critical importance to have a national cybersecurity 'czar'. In addition, it's important to have every federal agency actively engaged in cybersecurity.

"A lot of this is also going to require policy evolution, perhaps even changes to everything from tax code liability and incentive programs. You need a White House focal point to understand what's happening across these agencies and balance the equities and priorities across what are sometimes competing interests between law enforcement, intelligence work and network defense operations. . . . [we need to] start coordinating better and working with the private sector where a lot of these security technologies are developed. . . . I think it is the single most important aspect of success for our nation in cyber."

Learn more with the Federal News Radio tag search: cybersecurity.

Read more on Federal News Radio: Former ODNI CIO Meyerrose talks about cybersecurity's future

Read the U.S. Office of Naval Intelligence's report about China's navy.