It came
as a surprise to Wang Jianwei, a
graduate engineering student in
Liaoning, China, that he had been
described as a potential cyber warrior
before the United States Congress.
Larry M. Wortzel, a military strategist,
and China specialist, told the House
Foreign Affairs Committee on March 10
that it should be concerned because
“Chinese researchers at the Institute of
Systems Engineering of Dalian University
of Technology published a paper on how
to attack a small U.S. power grid
sub-network in a way that would cause a
cascading failure of the entire U.S.”
When reached by telephone, Mr. Wang said
he and his professor had indeed
published “Cascade-Based Attack
Vulnerability on the U.S. Power Grid” in
an international journal called Safety
Science last spring. But Mr. Wang said
he had simply been trying to find ways
to enhance the stability of power grids
by exploring potential vulnerabilities.
“We usually say ‘attack’ so you can see
what would happen,” he said. “My
emphasis is on how you can protect this.
My goal is to find a solution to make
the network safer and better protected.”
And independent American scientists who
read his paper said it was true: Mr.
Wang’s work was a conventional technical
exercise that in no way could be used to
take down a power grid.
The difference between Mr. Wang’s
explanation and Mr. Wortzel’s conclusion
is of more than academic interest. It
shows that in an atmosphere already
charged with hostility between the
United States and China over cyber
security issues, including large-scale
attacks on computer networks, even a
misunderstanding has the potential to
escalate tension and set off an
overreaction.
“Already people are interpreting this as
demonstrating some kind of interest that
China would have in disrupting the U.S.
power grid,” said Nart Villeneuve, a
researcher with the SecDev Group, an
Ottawa-based cyber security research and
consulting group. “Once you start
interpreting every move that a country
makes as hostile, it builds paranoia
into the system.”
Mr. Wortzel’s presentation at the House
hearing got a particularly strong
reaction from Representative Ed Royce,
Republican of California, who called the
flagging of the Wang paper “one thing I
think jumps out to all of these
Californians here today, or should.”
He was alluding to concerns that arose
in 2001 when The Los Angeles Times
reported that intrusions into the
network that controlled the electrical
grid were traced to someone in Guangdong
Province, China. Later reports of other
attacks often included allegations that
the break-ins were orchestrated by the
Chinese, although no proof has been
produced.
In an interview last week about the Wang
paper and his testimony, Mr. Wortzel
said that the intention of these
particular researchers almost did not
matter.
“My point is that now that vulnerability
is out there all over China for anybody
to take advantage of,” he said.
But specialists in the field of network
science, which explores the stability of
networks like power grids and the
Internet, said that was not the case.
“Neither the authors of this article,
nor any other prior article, has had
information on the identity of the power
grid components represented as nodes of
the network,” Reka Albert, a University
of Pennsylvania physicist who has
conducted similar studies, said in an
e-mail interview. “Thus no practical
scenarios of an attack on the real power
grid can be derived from such work.”
The issue of Mr. Wang’s paper aside,
experts in computer security say there
are genuine reasons for American
officials to be wary of China, and they
generally tend to dismiss disclaimers by
China that it has neither the expertise
nor the intention to carry out the kind
of attacks that bombard American
government and computer systems by the
thousands every week.
The trouble is that it is so easy to
mask the true source of a computer
network attack that any retaliation is
fraught with uncertainty. This is why a
war of words, like the high-pitched one
going on these past months between the
United States and China, holds special
peril, said John Arquilla, director of
the Information Operations Center at the
Naval Postgraduate School in Monterey,
Calif.
“What we know from network science is
that dense communications across many
different links and many different kinds
of links can have effects that are
highly unpredictable,” Mr. Arquilla
said. Cyber warfare is in some ways
“analogous to the way people think about
biological weapons — that once you set
loose such a weapon it may be very hard
to control where it goes,” he added.
Tension between China and the United
States intensified earlier this year
after Google threatened to withdraw from
doing business in China, saying that it
had evidence of Chinese involvement in a
sophisticated Internet intrusion. A
number of reports, including one last
October by the U.S.-China Economic and
Security Review Commission, of which Mr.
Wortzel is vice chairman, have used
strong language about the worsening
threat of computer attacks, particularly
from China.
“A large body of both circumstantial and
forensic evidence strongly indicates
Chinese state involvement in such
activities, whether through the direct
actions of state entities or through the
actions of third-party groups sponsored
by the state,” that report stated.
Mr. Wang’s research subject was
particularly unfortunate because of the
widespread perception, particularly
among American military contractors and
high-technology firms, that adversaries
are likely to attack critical
infrastructure like the United States
electric grid.
Mr. Wang said in the interview that he
chose the United States grid for his
study basically because it was the
easiest way to go. China does not
publish data on power grids, he said.
The United States does and had had
several major blackouts; and, as he
reads English, it was the only country
he could find with accessible, useful
data. He said that he was an “emergency
events management” expert and that he
was “mainly studying when a point in a
network becomes ineffective.”
“I chose the electricity system because
the grid can best represent how power
currents flow through a network,” he
said. “I just wanted to do theoretical
research.”
The paper notes the vulnerability of
different types of computer networks to
“intentional” attacks. The authors
suggest that certain types of attacks
may generate a domino-style cascading
collapse of an entire network. “It is
expected that our findings will be
helpful for real-life networks to
protect the key nodes selected
effectively and avoid
cascading-failure-induced disasters,”
the authors wrote.
Mr. Wang’s paper cites the
network science research of
Albert-Laszlo Barabasi, a physicist at
Northeastern University. Dr. Barabasi
has written widely on the potential
vulnerability of networks to so-called
engineered attacks.
“I am not well vested in conspiracy
theories,” Dr. Barabasi said in an
interview, “but this is a rather
mainstream topic that is done for a wide
range of networks, and, even in the area
of power transmission, is not limited to
the U.S. system — there are similar
studies for power grids all over the
world.”
