Big Mac: Security firm McAfee reveals a whopper about China's cyber capabilities

Contributor:  Andrew Elwell
Posted:  02/01/2012  12:00:00 AM EST
Rate this Article: (3.5 Stars | 4 Votes)
Tags:   cyber

McAfee and the Security & Defence Agenda (SDA) recently released their report, Cyber-security: The Vexed Question of Global Rules, which gives a snapshot of the cyber-readiness of global powers.

Israel, Finland and Sweden were identified as the world’s leading nations in terms of their cyber defence and preparedness strategies, each scoring 4.5 out of 5 on McAfee’s (self-confessed “subjective”) scale. Following with a score of 4/5 was the US, UK, Denmark, Estonia, Germany, Spain, the Netherlands and France. Here’s an infographic of the findings:

The methodology used for rating various countries’ state of cyber-readiness is that developed by Robert Lentz, President of Cyber Security Strategies and former Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance. At the Cyber Defence & Network Security 2012 conference in London last week, Lentz said that we will likely only see a step-change in government’s attitude towards cyber security after it’s too late, similar to how the War on Terror was born out of the 9/11 attacks.

“Cyber physical threats are on the horizon and that will be the ‘tipping point’ when the government really becomes involved,” said Lentz.

This theory is quite correct. Estonia, which suffered an unprecedented and prolonged cyber assault of its government systems in 2007, ranks side-by-side with the US and UK with regards to its cyber-readiness. I’d venture there aren’t many other lists where the same can be said. Not until the US or UK suffers a similar fate will it’s cyber-readiness ratings move up to a 4.5 or 5 out of 5. Of course by then it may be too late.

Enter the Dragon……..after the Bald Eagle has already arrived that is

Israel is leading the pack, the US and UK have been given an acceptable “B” grade together with a “could do better” teacher’s comment, and Mexico and India really do have quite a bit more to do. In the cold light of day none of these findings should surprise us, there’re fairly well-worn assumptions.

…But then there’s China, scoring a very average 3 and trailing a number of other nations, including the likes of Denmark and Austria. China – for whom the “Advanced Persistent Threat” moniker was basically created – is not quite the cyber behemoth many in the West have been led to believe. May 2011 bought the revelation that China had its own super-elite Cyber Army, called the “Blue Army.” The story was that this army was created to defend China from external cyber attacks; the strong inference and underlying notion of the reporting was that it was in fact for offensive purposes.

At the Cyber Defence conference Lentz gave a stern warning: “I’m not being melodramatic … but the reality is cyber threats will lead to physical attacks.”

The perception is that that threat will (most likely) come from China, and that the attack will be on the US or one of its allies. But this McAfee report goes some way to questioning this assumption. The US and Israel are far better placed for such a strategy than China. The obvious example is Stuxnet, which the US and Israel have both been closely linked to.

The proposition that China poses an imminent threat to critical national infrastructure in the West was the theme of a recent study, called “China's Cyber Warfare Capabilities,” by Desmond Ball, a Professor in the Strategic and Defence Studies Centre at the Australian National University.

“There is no evidence that China’s cyber-warriors can penetrate highly secure networks or covertly steal or falsify critical data,” Ball states in the report. “They would be unable to systematically cripple selected command and control, air defence and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks.

“The gap between the sophistication of the anti-virus and network security programs available to China’s cyber-warriors as compared to those of their counterparts in the more open, advanced IT societies, is immense,” Ball concludes.

All this discourse should be muted on the understanding that relatively very little is known about China's capabilities in general, let alone cyberspace. However, "Blue Army" sounds too vibrant and rich, if we're being colloquial it frankly sounds too cool; 3/5 doesn’t suggest Blue..... “Magnolia Army” might be closer to the mark.

Andrew Elwell Contributor:   Andrew Elwell

comments powered by Disqus

Advertise With Us

Join Defence IQ