The net result, the Northrop Grumman information security analysts speculate, is that Chinese hackers "would in effect have complete control over these critical logistics providers' networks."
As Chinese teams would move into TRANSCOM networks they "may have dual missions assigned to them." These, theoretically, would be collecting intelligence about U.S. military needs and intentions; also, "a data destruct mission to corrupt commercial or military databases supporting sea and airlift for TRANSCOM prior to the start of a Chinese assault on Taiwan or other military operation."
Contractors might not even be able to get into their own systems anymore.
The authors describe how this could be done to disrupt the air-refueling mission for U.S. forces by compromising the TRANSCOM Air Mobility Command which owns the Air Refueling Management System, described as a Web-based application that integrates data from multiple related databases supporting different aspects of the refueling mission. Chinese hacking teams could scan "the Internet-facing application searching for any of thousands of potential vulnerabilities that could be exploited with often longstanding, simple techniques such as structured query language (SQL) injection or cross-site scripting."
The authors of the "Occupying the Information High Ground" report contend that successfully carrying out this type of cyberwar tactic would not even require China's official PLA militia units trained in cyberwar. It could be done by "purely civilian freelance operators (elite hackers) with an existing relationship with the Chinese Ministry of Public Security or Ministry of State Security."
The report concludes: "The strategic impact to the United States of this small tactical scale operation would be disproportionately severe relative to effort and resources expended on the Chinese side, achieving a strategic level outcome that Chinese military writings on information warfare routinely laud as one of the primary benefits of a well-planned computer-network operations campaign."
The report then points to the October 2011 data breach at RSA, the security division of EMC, as an example of reconnaissance of this type, where critical information about RSA's SecurID authentication product was stolen. (Without naming China, RSA Executive Chairman Art Coviello has blamed the break-in on a "nation-state," noting that the intent was to use the stolen SecurID information to break into RSA customers.)
In alluding to the SecurID-related data theft, the report says that "this operation resulted in the loss of all information necessary to crack the encryption on any RSA device in use anywhere in the world." Further, "the adversary used the data stolen from RSA months earlier to compromise Lockheed Martin employee credentials and gain access to the company's network. Adversaries leveraging the information stolen from RSA succeeded in penetrating an extremely well instrumented, well-protected network staff by highly skilled information security professionals with a mature cyber intelligence and network defense capability."
Sign up for Computerworld eNewsletters.