1. Forum
  2. FidoNet Int
  3. politics

  • American cyber brass call

    From Mike Powell@1:2320/105 to All on Wed Apr 2 09:32:00 2025
    American cyber brass calls for retaliatory strikes against China, but is the
    US really ready?

    Date:
    Tue, 01 Apr 2025 20:46:00 +0000

    Description:
    The US isn't ready for a cyber war with China, but some want to hit back in revenge against Salt Typhoon.

    FULL STORY

    In the wake of the Salt Typhoon attacks that compromised most of the major telecommunications providers in the US, many in the upper echelons of power
    are pushing for offensive cyber operations against China.

    The move would model a tit-for-tat strategy, in that China has struck the US, so the US should strike China, and vice-versa until they stop.

    The difficulty with that strategy, as legendary threat intelligence analyst Marcus Hutchins explains, is that the US is woefully under regulated and underprepared for any escalation of cyber warfare with China.

    No scope for cyber war

    Despite Chinas claims that Volt Typhoon is actually a CIA asset , there is fairly reliable evidence to suggest that all of the typhoon groups are
    Chinese state-sponsored actors, and it was Salt Typhoon that breached the US telecommunications networks by targeting and exploiting systems put in place under the Communications Assistance for Law Enforcement Act, (or CALEA for short).

    This act, introduced in 1994, saw all major communications networks have backdoors installed to monitor the communications of criminals.

    However, as John Ackerly, CEO and co-founder of Virtru told me, It's the
    same doors that the good guys use, that the bad guys can walk through , - and walk through they did.

    Hutchins writes that while the US certainly has the capability to launch offensive cyber operations on China, and would likely see success, the US is not prepared for the retaliation-in-turn that would come next.

    For example, US critical infrastructure is woefully underequipped to protect against cyber attacks and relies heavily on outdated tech that in some cases hasnt received an update in over a decade.

    China and its Typhoons have been mapping this infrastructure for years,
    probing the defences and checking responses and recovery plans with small
    scale attacks in preparation for a much bigger strike that could be used
    should a hot conflict erupt between the two super powers.

    But equally, Hutchins argues, this large scale attack would be just as effective as a response to US cyber offensives in China, and it cant be
    patched any time soon.

    Thanks to a lack of federal regulations governing cybersecurity in the US,
    the private sector has been largely left to its own devices to protect itself from cyber attacks, and Hutchins duly notes that its often cheaper for a company to ignore a cyber intrusion than it is to chase them down and evict them from the network.

    It's also cheaper to continue using outdated tech to run systems than to
    spend billions of dollars replacing everything and training your staff to operate new systems. Who couldve guessed that the private sector wouldnt regulate itself?

    Now throw into the mix a smattering of federal bodies that, because they are modelled on the US separation of powers, must rely on each other to get anything done.

    As Hutchins puts it, Ultimately, cybersecurity in the United States feels
    like trying to put together a puzzle; except, theres no picture on the box, each piece has been distributed to a random entity, half of the entities
    arent even willing to disclose that they have any puzzle pieces, and nobody
    is sure whos actually supposed to be the one building the puzzle.

    Whats more, Chinas own regulations for cybersecurity at both the state and private sector levels are fairly robust, and have been for many years more
    than the US can hope to catch up to.

    Convincing an administration to establish a body with complete
    cyber-regulatory oversight in the age of DOGE is one thing, convincing the private sector to spend the ever increasing billions to give their networks even a fighting chance at being resilient is another.

    "Personally, I think that trying to deter China through offensive cyber operations would not only be unsuccessful, but also a huge mistake," Hutchins concludes. "I am not arguing that the US should bow down to China, or that it should not be able to defend itself, only that increasing offense[ive] cyber operations without the defencive capabilities to back them up, is a horrible idea.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/american-cyber-brass-calls-for-retaliat ory-strikes-against-china-but-is-the-us-really-ready

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)