U.S. government attempts to thwart Chinese network intrusions.

Author:Magnuson, Stew

U.S. companies large and small, and in many sectors of the economy, are under assault by sophisticated and persistent cyberespionage operations.

Some of these attacks originate in Russia, the FBI said in a report last year, but most of them come from China.

Companies must do what they can to protect their intellectual property, but they are up against a large, well-funded, technologically sophisticated and apparently growing enterprise.

If the might of the Chinese government--as many believe--is behind this massive operation, what can the might of the U.S. government do to help companies facing the onslaught?

Eric Rosenbach, deputy assistant secretary I of defense for cyber policy, said what he sees in the Pentagon is that "the problem is so amazing and daunting and brilliant, that we have this tendency to sit there and stare at it, and talk about it and kind of marvel at it, and you never get to the point ... of what do we do about it?"

Nevertheless, "It is worth mentioning that the administration does take this issue very seriously and is thinking a lot about it and different policy options," he said.

Some of these efforts are classified, he said.

One that isn't top secret is the Defense Industrial Base Cyber Security/ Information Assurance program, where companies and the Defense Department share information about the latest threats. Officials would like to see at least 1,000 companies join the three dozen that were originally enrolled, Deputy Chief Information Officer for Cybersecurity Richard Hale told reporters recently.

Part of this effort is the Defense Industrial Base Enhanced Cyber Security Services program, which scans Internet traffic going to defense contractors for "threat signatures" such as malware. The Defense Department announced it is expanding the program to allow commercial Internet Service Providers, or ISPs, to offer cybersecurity services to participating defense contractors. Three of the nation's largest ISPs will develop security tools that they could sell to defense contractors in a fee-for-service arrangement.


"Is this the silver bullet? No, and it shouldn't be. It is just one additional piece of risk mitigation," Rosenbach said of the program.

And, it is intended for the defense...

To continue reading