“Coleman, a computer security specialist at Technolytics and a consultant to the office of the director of national intelligence and U.S. Strategic Command, said Chinese state or state-affiliated entities are on a wartime footing in seeking electronic information from the U.S. government, contractors and industrial computer networks.” The Washington Times article states that China has also bolstered its defenses by deploying “more secure operating software” that it hopes will “make Beijing’s networks impenetrable to U.S. military and intelligence agencies.”
Coleman discussed this operating system, known as Kylin, “during a hearing of the U.S.-China Economic and Security Review Commission on April 30.” Supposedly, Kylin’s deployment “has ‘hardened’ key Chinese servers,” and, according to Coleman, “made our offensive cybercapabilities ineffective” because our cyberweapons “were designed to be used against Linux, UNIX and Windows.”
At this point, Coleman’s argument gets shaky. There is no denying Communist China’s hacking efforts, but Coleman’s dire warnings may be a bit too conveniently timed to foster fear. Our April 9 online article “New Cybersecurity Regime Proposed” referred to a Wall Street Journal online report that revealed how “cyberspies from China and Russia had penetrated the U.S. electrical grid and had inserted their own software” through which they could “disrupt the system at any time in the future.” Our article pointed out how “fortuitous” it was that information about these security breaches was leaked at just the right time to garner support for the new Cybersecurity Act of 2009.
And it is not just Coleman’s timing but his facts that deserve to be questioned. A May 14 article entitled “Analyst: cyberwarfare arms race with China imminent” on the technologically savvy website Ars Technica addressed Coleman’s report to the commission: “Coleman attempts to describe the threat posed by China’s cybersecurity build-up, but how much of it is a sham? Some of his facts are misleading.”
In particular, Coleman’s claim that Kylin greatly improves security is “of dubious accuracy. Kylin is not a new top-secret operating system, it’s a publicly available FreeBSD derivative that was created by academics for research purposes with funding from the Chinese government. Contrary to Coleman’s assertion that it is immune to cyber weapons designed to target Linux and UNIX, Kylin is actually designed to comply with UNIX standards and has a Linux binary compatibility layer.” Kylin’s “security features appear to be roughly equivalent with those of the average commercial Linux distribution.”
Ars Technica concludes: “Coleman’s mischaracterization of Kylin raises questions about his agenda. He references his own studies for virtually every major statement that is included in his presentation, but not all of these studies — such as the one about Kylin — are publicly available. There is no way to verify his facts or determine if his policy recommendations are based on sound principles.”
Thus, while Coleman accuses the United States of “playing checkers,” he appears to be playing poker and relying on a bluff. Certainly the U.S. military should do everything legally within its power to defend our country from cyberwarfare. But when legislation such as the Cybersecurity Act of 2009 threatens to give the federal government unprecedented power over the free flow of information on the Internet, a healthy dose of skepticism is justified. To Sun Tzu’s words in The Art of War, “All warfare is based on deception,” we might add, “especially Big Government’s warfare against liberty.”
Photo: Kevin G. Coleman