The report concludes: "The strategic impact to the United States of this small tactical scale operation would be disproportionately severe relative to effort and resources expended on the Chinese side, achieving a strategic level outcome that Chinese military writings on information warfare routinely laud as one of the primary benefits of a well-planned computer-network operations campaign."
The report then points to the October 2011 data breach at RSA, the security division of EMC, as an example of reconnaissance of this type, where critical information about RSA's SecurID authentication product was stolen. (Without naming China, RSA Executive Chairman Art Coviello has blamed the break-in on a "nation-state," noting that the intent was to use the stolen SecurID information to break into RSA customers.)
In alluding to the SecurID-related data theft, the report says that "this operation resulted in the loss of all information necessary to crack the encryption on any RSA device in use anywhere in the world." Further, "the adversary used the data stolen from RSA months earlier to compromise Lockheed Martin employee credentials and gain access to the company's network. Adversaries leveraging the information stolen from RSA succeeded in penetrating an extremely well instrumented, well-protected network staff by highly skilled information security professionals with a mature cyber intelligence and network defense capability."
Disruptions could also occur to the U.S. electrical supply, the authors say. Because the Chinese government has sponsored research on "attack-induced cascading power failures" related to the U.S. power grid, the authors say if tensions between China and the U.S. ever heat up to the point of possible military confrontation over Taiwan, it will be no surprise to see "multiple large-scale network or power-grid failures, seemingly unrelated to rising tensions with China" which could "force a U.S. president and his national security team to divert time or resources to manage the domestic emergency."
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about wide area network in Network World's Wide Area Network section.