Inside a Cyber War Room: The Fight Against Hacking
On the front lines of the cyberwar, things look much different than U.S. military veterans are used to.
For one thing, veteran Army officers are used to having the upper hand in technology and manpower in any battle they fight. But in cyberspace, that's not always the case. Under-equipped corporate IT departments can find themselves tangling with elite Chinese army units probing every nook and cranny of the U.S. defense and industrial base.
"Unlike most of my experience in the military where I had a technical advantage, there's lots of us in the United States who don't have so much of a technical advantage," said former Army Major General David Fastabend, who is now the vice president and general manager for advanced information systems at Exelis, a defense and intelligence contracting firm. "You find you have an adversary that is adapting very, very quickly."
And that's forcing the United States to adapt quickly, too. On Monday, for the first time, the Pentagon made it clear what many in the U.S. government had only discussed obliquely before: the U.S. government is being raided by hackers working for the Chinese military.
A new Pentagon report to Congress put it directly. "China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic and defense industrial base sectors that support U.S. national defense programs," the report concluded.
"China's military continues to explore the role of military operations in cyberspace as a feature of modern warfare, and continues to develop doctrine training and exercises which emphasize information technology and operations," David Helvey, the Deputy Assistant Secretary of Defense in charge of East Asia, told reporters on Monday.
The struggle between hackers and their targets is played out every day inside defense contractors and tech firms across the country. Exelis locates its cyber war room in Rome, New York, to be near a primary U.S. military client, the Air Force Research Laboratory, which focuses on cyber threats. This week, the company allowed CNBC inside the facility to see the response in real time.
The company said it has a robust cyber defense capability in the Rome office and can both detect and respond to attacks against Exelis in the same facility, isolating each example of malware so analysts can pick it apart and see how it works.
Fastabend and his team have found that defending against such attacks is much different than defending against an enemy battalion.
In warfare, defenders have the advantage. It typically requires many more attackers to take ground away from an entrenched enemy.
Not so in cyberspace. "It is easier to attack -- the defender has some serious challenges to overcome," said Fastabend. "The cyber system is built on a system of communication, connectivity and trust. Every time we've tried to adapt this system, we've had to trade off between security and connectivity. We went the connectivity route."
At Exelis, analysts nearly constantly filter through inbound cyber attacks to isolate and understand the malware that's trying to penetrate their systems. They say they see a wide range of attempts, particularly so-called phishing attacks in which malware is hidden in otherwise ordinary-seeming emails.
And they've noticed a pattern. Those misspelled spam emails riddled with bad grammar are not sloppy English from overseas adversaries. They say they're intentional.
Exelis cyber security analyst Vernon McCandlish said attackers deliberately dumb down the wording of some email attacks specifically to weed out well-educated, sophisticated readers. In that kind of attack, the adversary is looking for unsophisticated, perhaps naive, targets inside a company.
For all that, McCandlish says the variety of inbound attacks has given him a grudging respect for the adversary he tangles with each day.
"What really surprises me about it is the creativity they come at you with," he said. "I keep using that word and I mean it. It's one of those things where we will sit there and go, 'That's really cool. It's evil, but it's cool.'"