Chinese hacker attacks risk fuelling cyber arms race, warns Bruce Schneier

Security maven says mistaking spying campaign for act of war could lead to US military cyber power grab

Security expert Bruce Schneir has warned that mistaking the recently revealed cyber attacks on large US businesses for an act of war - rather than espionage - risks fuelling a cyber arms race.

Earlier this week security firm Mandiant reported it had managed to link a global cyber snooping campaign to a military unit based in Shanghai's Pudong district.

Schneier said that while the report was accurate, attacks like the one listed by Mandiant are commonplace.

"These attacks happen all the time, and just because the media is reporting about them with greater frequency doesn't mean that they're happening with greater frequency," Schneier wrote in a blog post.

"This is not cyberwar. This is not war of any kind. This is espionage, and the difference is important. Calling it war just feeds our fears and fuels the cyber war arms race."

The cryptography expert said espionage is very different in nature to a cyber attack.

"Because espionage unfolds over months or years in real time, we can triangulate the origin of an exfiltration attack with some certainty," wrote Schneier.

"During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible."

Schneier warned that the media frenzy around the report could lead to the US military pushing for greater freedom to flex its cyber muscles.

"This media frenzy is going to be used by the US military to grab more power in cyberspace. They're already ramping up the US Cyber Command," wrote Schneier.

"President Obama is issuing vague executive orders that will result in we-don't-know what. I don't see any good coming of this."

President Obama recently signed a security executive order to improve the country's cyber defences.

Obama cited the emergence of state-sponsored threats, like those listed in the Mandiant report, as proof that the country needs more robust cyber defences.