Information Warfare: An Emerging and Preferred Tool of the People’s Republic of China
7. Private owners of information networks that interface with any of the nation’s critical infrastructure should be required to become ISO 17799 certified.
A majority of the critical information infrastructure is owned by the private sector in the United States. Requiring private networks that directly interface with any components of the critical infrastructure (i.e. defense, law enforcement, finance, energy, etc.) to be ISO 17799 would be a prudent and strong security measure and the least that could be done.
The critical infrastructure include…..“services that are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States”.19 Components of the interconnected critical infrastructure would be among the first targets of a full scale, simultaneous information warfare attacks. The PRC has already demonstrated the capability to coordinate such an effort in concert with its technical civilian militias that were concentrated to conduct information warfare activities.
A malicious software attack directed against the critical infrastructure is capable of causing damage, destruction, theft, and denial of access to critical information that is needed to protect our people. Attacks against the privately owned portions of the nation’s critical infrastructure do and will come from cyberspace.
8. The United States should do everything in its power to produce more domestic engineers and scientists.
A report cited by the Central Intelligence Agency listed “education” as the single most important determinant of success for nation states and individuals between now and the year 2015. Our nation has a need for qualified information technology professionals. The critical nature of the situation becomes quickly apparent. Do we believe that our country’s formal information technology training programs promote the protection of our vital political and economic interests?
We are without a cohesive national plan to promote professional information technology training programs. The U.S. simply isn’t growing the intellectual resources that are needed. Indeed, the information technology industry had to ask Congress for increases in the number of H1-B visas to hire skilled foreign workers. The problem is even worse.
Nearly 30% of the science and engineering faculty employed by universities and colleges in the United States are foreign born. More than forty percent of the Ph.D.’s awarded went to foreign citizens in science, engineering, and math. Our dependence upon foreign born scientists with divided loyalties needs to be abated.
The number of foreign born individuals (who are unlikely to be U.S. citizens) who have close proximity to our information infrastructure is staggering. More than 43% of the people who have entered America with H1B visas have gone to work in the information technology field. Indian citizens make up the largest number of foreign nationals with Chinese nationals having the second largest number.
Our nation should draft a National Information Technology Bill to address the problem. Business and industry could specify the curriculum. Universities could compete to be the designated information technology institute for each state (similar to India’s plan to be an IT megapower). Matching funds could be provided. The information technology institutes could sponsor certification standards, meet continuing education requirements as well as manpower training needs. Such a plan would help to eliminate our dependency on foreign born information technology professionals.
_______________________
1 Military Power of the People’s Republic of China, 2006, 35.
2 Ibid.
3 Ibid.
4 2006 Report to Congress of the U.S.-China Security and Economic Review Commission, as cited in Minnick, Wendell, “Computer Attacks from China leave many questions,” Defense News, 13 August 2007, 14
5 Tkacik, John, “China’s Quest for a Superpower Military,” Heritage Foundation Backgrounder #2036, 17 May 2007.
6 Bill Gertz, “Chinese Hackers Prompt Navy College Site Closure,” The Washington Times, 30 November 2006, A11, as cited in Ibid.
7 Sipress, Allen, “Computer System Under Attack: Commerce Department Targetted; Hackers Traced to China, Washington Post, 6 October 2006, A21.
8 United Press International, “Defense Department Confirms Cyber Attack,” 4 September 2007. Found at https://www.upi.com/International_Security/Emerging_Threats/Briefing/2007/09/04/defense_department_confirms_cyber_attack/7582/.
9 Landler, Mark, and Markoff, John, “In Estonia, What May Be the First Cyberwar,” International Herald Tribune, 28 May 2007. Found at https://www.iht.com/bin/print.php?id=5901141.
10 Thomas, Timothy L., Like Adding Wings to the Tiger: Chinese Information War Theory and Practice (Foreign Military Studies Office: Fort Leavenworth, KS, 2001).
11 Toshi Yoshihara, “Chinese Information Warfare: A Phantom Menace or Emerging Threat?”, Strategic Studies Institute, U.S. Army War College, Carlisle Barracks, Pennsylvania, 2001.
12 Wei Jincheng, “Information War: A New Form of People’s War,” translated from the Military Forum column, Liberation Army Daily, 25 June 1996
13 “Information technology – Security techniques – Code of practice for information security management,” ISO/IEC, Second edition, 16 June 2005, Geneva, Switzerland.
14 William G. Perry, “Enhanced data mining information assurance by using ISO 17799,” Defense & Security Symposium Information: Assurance and Security, Data Mining, Intrusion Detection, Information Assurance and Data Networks Security, The International Society for Optical Engineering, 17 April 17, 2006.
15 Ira Winkler, “Spies Among Us,” Wiley Publishing, Inc., 2006, Indianapolis, Indiana.
16 Spencer S. Hsu, “TSA Hard Drive With Employee Data Is Reported Stolen,” Washingtonpost.com, 5 May 2007.
17 Ibid.
18 Ibid.
19 William G. Perry, “The Science of Protecting the Nation’s Critical Infrastructure,” Voices of Discovery, Elon University, 7 March 2007.