Cyber security threat: P.L.A. Unit 61398
PhilStar.com  (1 march 2013)

"Global dependence on the Internet expands by leaps and bandwidth every day. Nations depend on a cyber infrastructure that enables the operation of financial markets, transportation networks, taxation and energy grids, as well as the public agencies protecting the health and security of their citizens. Defense and intelligence agencies depend on cyber networks to manage far-flung operations, analyze intelligence data and implement homeland security, military logistics and emergency services."

"With this growth come ever-greater risks as well as opportunities. Advanced persistent threats reflect the risks posed by adversaries with the sophistication, resources and determination to cause real and permanent damage by exploiting the architecture of networks, and of cyberspace itself." (CIASC, Stanford University).

Quoting from a New York Times article of David Sanger, David Barboza and Geoffrey Periroth: "The building off Datong Road (in Shanghai), surrounded by restaurants, massage parlors and a wine importer, is the headquarters of People's Liberation Army, Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years-leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower."

Kenneth Leiberthal, a senior fellow at Brookings Institute stated: "As recent news reports highlight, the US government and cyber security firms are increasingly naming names as they accuse the Chinese of a wide ranging state-directed  campaign of cyber espionage."

President Obama alluded to this concern in the State of the Union speech, without mentioning China or any other nation. "We know foreign countries and companies swipe our corporate secrets," he said. "Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing." On the same day as his speech he signed a new Executive Order directing the federal departments and agencies to use their existing authorities to provide better cyber security for the nation.

Cyber espionage
Business ( Article MRec ), pagematch: 1, sectionmatch: 1

Recently, a US Congressional Committee investigated Huawei and ZTE, two major Chinese telecom suppliers. The final report concluded that they posed a threat to national security.

"The United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies."  They further elaborated: The Committee on Foreign Investment in the United States (CFIUS) must block acquisitions, takeovers, or mergers involving Huawei and ZTE given the threat to US national security interests. US government systems, particularly sensitive systems, should not include Huawei or ZTE equipment, including component parts. Similarly, government contractors-particularly those working on contracts for sensitive US programs-should exclude ZTE or Huawei equipment in their systems."

It should also be noted that Australia banned Huawei's Australian unit from bidding for their $38-billion broadband network project, citing the need to protect national interests.

ASEAN/Australian focus on cyber security

Singapore Deputy Prime Minister Minister Teo Chee Hean announced the creation of the National Cyber Security Centre (NCSC).  Its primary role will be to support the government in dealing with cyber security threats and vulnerabilities to ensure early detection and prevention. The Centre will be headed by the Singapore Infocomm Technology Security Authority.

In the government sector, he emphasized that Singapore is a highly networked government which has created a significant vulnerability.  He stressed that the inter-dependency of its network means that a successful attack in one sector would have knock-on effects which could effectively paralyze the nation.

In Malaysia, the National Cyber Security Policy seeks to address the risks to the Critical National Information Infrastructure (CNII) which comprises the networked information systems of ten critical sectors. The overall responsibility for cyber security is CyberSecurity Malaysia under the purview of the Ministry of Science, Technology and Innovation (MOSTI).

Last January, Australian PM Julia Gillard announced that the combined functions of several agencies-the Attorney-General's Department, the Australian Defense Force, ASIO, the Australian Federal Police and the Australian Crime Commission will constitute the new Cyber Security Centre.

Philippine position

In May 2000, the I Love You virus was let loose, courtesy of two Filipino hackers and charges against them were dropped as there were no laws in the country against writing malware. Two months after, the E-Commerce Law was enacted. However, a stronger law was still needed to address other cybercrimes. Congress initiated several pieces of legislation but without success. More than a decade later, the Cybercrime Prevention Act was passed and signed by the President in September last year. Unfortunately, the Supreme Court issued a TRO amidst the much justified public protest caused by the libel and take down provisions. Back in 2008, the National Cybersecurity Coordination Office was established under the former Commission on Information Communications Technology (CICT).  I am also aware that the Armed Forces of the Philippines announced the creation of what is called C4ISTAR (Command, Control, Communications, Computers, Intelligence, Surveillance, Target Acquisition and Reconnaissance) to focus on cyber security from a military/defense perspective. However, a holistic approach to cybercrime has yet to be formulated.

When President Aquino presented the National Security Policy paper, one paragraph stated:

"Information and communications technologies give tremendous benefits to societies. The government, transportation, industries and economy have become more and more reliant on all components of cyber space. However, the growing cyber space dependence comes with an increased level of exposure and vulnerability to cyber-attacks. These could lead to the paralysis of communication infrastructure, international financial systems, critical government services and defense/military command and control systems."

President Aquino's policy statement is timely and appropriate but it must be reinforced by more substance - new tools and authorities are needed to meet the nation's collective cyber security challenges. We live in an interconnected competitive world which presents both opportunities and challenges. We must always be vigilant of competition among nations in the economic as well as political arena.