Situation Report

The Blue Angels, Thunderbirds, likely to be grounded this year; The PLA’s Hackers: Chinese military unit targets U.S.; Panetta’s back in the building; McCain: Hagel likely to be confirmed, and more.

The Blue Angels, Thunderbirds, likely to be grounded this year; The PLA’s Hackers: Chinese military unit targets U.S.; Panetta’s back in the building; McCain: Hagel likely to be confirmed, and more.

He’s back: Still Defense Secretary Leon Panetta is back in the Pentagon this morning. The confirmation drama last week that kept Chuck Hagel from assuming duties as Pentagon chief means Panetta is still in the saddle. After a long weekend at the walnut farm in California and an emotional good-bye late last week, Panetta is still in charge and planning the trip he never planned on taking – to the defense ministerial in Brussels this week.

A new report says there’s a military base in Shanghai just for Chinese cyber warriors and says many attacks against the U.S. come from there. A report out this morning by the American firm Mandiant ties a number of cyber attacks against U.S. corporations, organizations, and government agencies to a military base in Shanghai that houses a Chinese military cyber unit, Unit 61398, that is thought to be behind numerous attacks. The report establishes for the first time what many American cyber and intelligence experts have long suspected — that China’s military is targeting the U.S. "[Mandiant] was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area," according to the NYT, which was given initial access to the Mandiant report Sunday. The American power grid system

Kevin Mandia, founder of Mandiant: "Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood."

Just a few years ago, Mandiant was not able to determine the extent of the Chinese government’s authorization of cyber espionage in 2010. But today, they’ve changed their assessment: "The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them." The Mandiant report says that its analysts have "directly observed" cyber espionage that likely represents only a small fraction of what the Chinese have conducted. And while its view of what the Chinese is doing is "incomplete," it has tracked the Chinese military unit’s intrusions against nearly 150 victims over seven years.

Mandiant report execsum: "Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."

House Intel Committee Chair Mike Rogers (R-Ohio) told Killer Apps’ John Reed just last week that the U.S. must confront China on cyber: "We need direct talks with China and it needs to be at the top of a bilateral discussion about cyber espionage," Rogers told Reed after a speech at CSIS. "This is a problem of epic proportions here and they need to be called on the carpet. There have been absolutely no consequences for what they have been able to steal and repurpose to date."?

Welcome to Tuesday’s edition of Situation Report. Follow me @glubold. Or hit me anytime at gordon.lubold@foreignpolicy.com. Sign up for Situation Report here or just shoot me an e-mail and I’ll put you on the list. And as always, if you have a report, piece of news, or tidbit you want teased, send it to us early for maximum tease. If we can get it in, we will.

A protein shake for passwords: DARPA’s plan to check your ID. Hacking makes DARPA cringe, so the Pentagon’s R&D arm has kicked off a $14 million effort to develop sensors that can monitor computer users’ online behavior to determine whether "they are who they say they are," Killer Apps’ Reed reports. "This kind of vigilance is going to become all the more important as the Pentagon shrinks the number of networks it runs under its cloud-computing initiative and fields mobile devices capable of handling classified information. Ask any cyber security expert and they will tell you that computer networks will inevitably be compromised and that the best defense lies in constantly monitoring for weird behavior." Something called the Active Authentication program aims to verify the identity of computer users based on their online behavior. "The program focuses on the development of new types of behavioral biometrics focused on the user’s cognitive processes," Richard Guidorizzi, DARPA program manager, explained in an email to Killer Apps. Now in English, Reed writes: "That means Active Authentication will monitor your computer habits — like your typing patterns, the way you use a mouse, and even how you construct sentences — to assemble an ‘online fingerprint.’"

The Air Force and the Navy will likely ground their demonstration squadrons, but each service has to agree before either can do it. Times is tough, and as the Pentagon looks to trim costs, the Navy’s Blue Angels and the Air Force’s Thunderbirds are seen as low-hanging fruit. The Navy had floated the idea recently, and now the Air Force has agreed that it, too, will likely ground its demo squadron this year. An Air Force official told Situation Report that if sequestration hits, the Air Force would ground the Thunderbirds, based at Nellis Air Force Base, Nev. It is also looking at canceling "aerial support" at air shows, patriotic holiday events, and local and national sporting events, which could top 1,000 events across the country. "It is likely the Thunderbirds…will not conduct their season this year," Wendy Varhegyi, a spokeswoman for the Air Force, told Situation Report. And for the Navy, it’s simple math: grounding the squadron for a year is worth about $20 million, which equates to normal maintenance for five small warships, Situation Report is told. While no one in the Navy wants to cancel "the Blues," as a Navy official said, it would be hard not to when the service is looking for trims that will affect shipbuilding and maintenance and operations. "For us, it would be difficult for us to justify not doing shipbuilding and maintenance when we’re still flying air shows." The demonstration squadrons are used by both services as a recruiting and "community relations" tool. But with the budgetary axe swinging, they easily fall off the Pentagon’s must-have list. The Air Force did not have a dollar amount of what it would save by grounding the Thunderbirds.

Navy and Air Force budget officials have agreed to agree. Under the deal, if one service has to ground its demo squadron, so does the other. The agreement stems from the shared recognition that both services face the same challenge so if one cancels its program, the other one should cancel its program, too. "If one of us has to cancel the flight programs, then the other one has to," a Navy official told Situation Report. "We’ve agreed we’re going to make this decision jointly, we’re not going to make it independently from one another."

McCain now says Hagel will be confirmed. Republicans have their pound of flesh from Chuck Hagel and are now confident he’ll be confirmed, even if some still won’t vote for him. Sen. John McCain, the Republican from Arizona, said on NBC’s "Meet the Press" that Hagel will likely have enough votes to be confirmed, but he won’t vote for him himself. McCain: "I don’t believe he’s qualified, but I don’t believe we should hold up his confirmation any further." The 10-day recess will be enough time for the White House to give the answers McCain says he still needs on Benghazi. "I think it’s a reasonable amount of time to have questions answered."

Blame Lindsey: Why McCain turned on Hagel, explained. Politico’s David Rogers tells the story of why McCain, a fellow Vietnam vet and Senate friend, turned on Hagel in his bid to become defense secretary. McCain, who was poised to end debate and get on with a floor vote — maybe even voting for Hagel himself, despite the infamous exchange during his confirmation hearing — changed his mind after a visit with Senate colleague Lindsey Graham of South Carolina, who faces a primary challenge from the right at home. Rogers: "For old McCain allies, it was an all-too familiar scenario: Their champion pulled back into the fray by his friend Graham, a likable but impulsive figure caught up in his own political battles with the right in South Carolina. By reversing himself, McCain effectively sacrificed his own credibility to buy Graham more time to continue his campaign against Hagel — an issue that plays to Graham’s advantage as he prepares to run for reelection in 2014."

A Republican insider tells Politico: "This is just a bone thrown to Lindsey Graham, who keeps painting himself into corners and then pleading with friends to crawl in there with him in a vain attempt to save a little face."

Noting

  • Time’s Battleland: Pentagon budget hat trickery.
  • USAT: Army plows ahead with troubled aid program.
  • AFP: Yemeni military jet crashes, kills nine.
  • AP: UN: Afghan civilian deaths by NATO, US, are down.
  • Small Wars: Addressing an ignored imperative: rural corruption in Afghanistan.
  • Reuters: Typhoid breaks out in rebel-held eastern Syria.
  • AP: German cabinet approves measure to send 330 soldiers to Mali.