The unseen cyber-war: national-security infrastructure faces relentless cyberespionage campaign.

• Author: Wright, Austin
• Position: Cover story

[ILLUSTRATION OMITTED]

Each day, millions of suspicious activities are directed at Northrop Grumman's cyberperimeter--a collection of firewalls, access lists and antivirus software. Most of these potential intrusions never penetrate the virtual border.

[ILLUSTRATION OMITTED]

But some do.

U.S. government and defense-industry networks face a relentless onslaught from cyber-spies who seek some of the nation's most heavily guarded secrets: the technical specifications of U.S. weapons systems. As of 2007, hackers had stolen at least 10 terabytes of sensitive data from Defense Department networks, according to an Air Force estimate.

Experts believe these hackers work for foreign governments--a suspicion that's easily assumed but nearly impossible to prove.

A report released in October by the U.S.-China Economic and Security Review Commission describes an unseen cyber-war in which hackers--most of whom appear to reside in China--constantly bombard U.S. agencies and defense contractors with malicious software designed to steal data only a nation-state would want. They seek defense-engineering specifications, military operational information and U.S.-China policy documents, according to the report, which was prepared by Northrop Grumman.

"The depth of resources necessary to sustain the scope of computer network exploitation targeting the U.S. and many countries around the world ... is beyond the capabilities or profile of virtually all organized cyber-criminal enterprises and is difficult at best without some type of state-sponsorship," the report says.

Conversations with industry leaders, analysts and government officials reveal a cyber-security infrastructure that's plagued by vulnerabilities, personnel shortages and an enemy with little to lose.

Moreover, individual government agencies and private companies are tasked with defending against these near-constant and ever-changing threats--a sharp contrast from other national-security operations, which rest firmly in the hands of the federal government.

And unlike the Cold War era, when foreign spies risked their lives to infiltrate U.S. agencies, the cyber-spies of today can wreak havoc without ever leaving their living rooms. Hackers can hide their whereabouts and may have loose connections to the governments that condone their attacks.

"Law-enforcement guys all over the globe--I'm sure-are trying to track down these cyber-criminals," said Greg Rattray, a security advisor at the Internet Corporation for Assigned Names and Numbers and a former cyber-security official under the Bush administration. "But we've created an ecosystem where attribution is very hard."

Greg Schaffer, the Department of Homeland Security's assistant secretary for cyber-security and communications, said that in recent years the threat has become stealthier, better organized and more harmful. "Cyber-security, like all security, is an exercise in risk management," Schaffer said. "It's about assessing the value of what's at stake and the cost of protecting it.

[ILLUSTRATION OMITTED]

For Schaffer. the government's most pressing challenge is hiring enough specialists to protect its online infrastructure. DHS, which defends many federal-government networks...