Our enemies are . . . seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems, Obama said in his State of the Union address last week. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
Democrats on Capitol Hill quickly praised Obamas effort, but cyber-security experts say the executive order doesnt go far enough, in part because the president is limited in his actions.
Melanie Teplinsky, an American University law professor whos written and spoken extensively on cyber-law issues, said the federal government needed to take a tougher stance on hacking, imposing trade sanctions and civil penalties on those suspected of involvement.
All of these things (the government is doing) are focused on building a stronger fortress, she said. But while were building bigger walls, they are building bigger ladders. . . . We need to change our approach.
Congress has debated, but failed to pass, legislation to combat hacking. Last week, Rep. Mike Rogers, R-Mich., the chairman of the House of Representatives Intelligence Committee, reintroduced a bill that would help businesses protect their networks and trade secrets from cyber-attacks, mostly through information sharing.
American businesses are under siege, Rogers said. We need to provide American companies the information they need to better protect their networks from these dangerous cyber-threats.
Sen. Dianne Feinstein, D-Calif., the chairwoman of the Senate Intelligence Committee, said the Mandiant report showed a need for a binding international agreement among nations to prohibit cyber-crimes.
There are already international agreements in place to govern criminal activity and war, she said. Cyber-attacks are both, but there is nothing currently in place to govern this emerging and increasingly dangerous national and economic security threat.
Mandiant, which contracts with corporations to help protect their computer systems from hackers, said it had analyzed the intrusions through painstaking examination of electronic clues left behind after attacks. While not naming specific cases, Mandiant said its investigators had sifted for digital fingerprints such as Internet protocol addresses and information gleaned from the email addresses used to launch spear phishing, emails that carry attachments that, when clicked, allow access to a users computer. Those attachments contain dense code that may carry language identifying them as the work of a particular programmer or group.
The report identified one of the buildings from which Unit 61398 works in Shanghai and provided Google Earth images of the white, 12-floor structure.
Mandiant also distributed a copy of what it said was a China Telecom memorandum saying the state-owned company provided Unit 61398 with special fiber-optic lines, and identified Unit 61398s place within the Chinese militarys command structure: the second bureau of the general staffs third department, which has a focus including signals intelligence and cyber surveillance.
The study, which was first reported by The New York Times, included a video showing what Mandiant said was screen footage of a member of the group setting up anonymous email accounts used to launch the attacks. Another video recorded a member of the unit allegedly breaking into computer systems online and stealing files.
The industries targeted by Unit 61398, the report said, are consistent with those that China has marked as being strategically important to its growth. Mandiant didnt identify the companies affected, but it said they were from a broad range of sectors including aerospace, energy, telecommunications and scientific research. All but two of the attacks took place in English-speaking countries, the report said.
Among the types of information stolen, the report said, were system designs, manufacturing procedures, contract negotiation positions and business plans.
Staff writer Hannah Allam contributed to this report.