Cyberattacks on U.S. military jump sharply in 2009

Computerworld -

Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That's a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will jump 60% this year.

The committee is looking into the security implications of the U.S.' trade relationship with China. It released its annual report to Congress Thursday, concluding that a "large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities."

"The quantity of malicious computer activities against he United states increased in 2008 and is rising sharply in 2009," the report states. "Much of this activity appears to originate in China."

"The cost of such attacks is significant," the report notes. Citing data from the Joint Task Force-Global Network Operations, the report says that the military spent $100 million to fend off these attacks between September 2008 and March 2009. A Defense Department spokesman did not have any immediate comment on the report's numbers Thursday.

Attacks on department systems have been rising steadily for years. In 2000, for example, only 1,415 incidents were reported. The increase is in part due to the fact that the U.S. military is simply better at identifying cyberthreats than it used to be, said Chris Poulin, the chief security officer of Q1 Labs, and formerly a manager of intelligence networks within the U.S. Air Force. The department figures are "probably more accurate now," than they were nine years ago, he said.

Security experts have long known that many computer attacks originate from Chinese IP (Internet Protocol) addresses, but due to the decentralized nature of the Internet, it is very difficult to tell when an attack is actually generated in China, instead of simply using Chinese servers as a steppingstone.

Q1's Poulin says that his company's corporate clients in the U.S. are seeing attacks that come from China, North Korea, and the Middle East. "We do definitely see patterns coming from specific nation states."

He said that because China's government has taken steps to control Internet usage in the country, it could probably throttle attacks if it wanted to. "China's defiantly initiating attacks," he said. "State-sponsored? Who knows. But they're certainly not state-choked."

Read more about government in Computerworld's Government Knowledge Center.