Commentary Magazine


Topic: cyber attacks

U.S. Must Respond to Chinese Cyber Attack

Information is still coming out about the damage done by  Chinese hackers who penetrated the networks of the White House Office of Personnel Management, thus potentially gaining access to confidential files on 14 million current and former federal employees and others. I would not go quite as far as Noah Rothman did to describe this as a  Pearl Harbor-type attack because it was not designed to inflict physical or even cyber-damage. But it was bad enough. This was a brazen intelligence-gathering operation that will in all probability give the Chinese intelligence service an unprecedented amount of information about people in positions of influence in the U.S. government—information that can only be used for nefarious purposes.

Read More

Information is still coming out about the damage done by  Chinese hackers who penetrated the networks of the White House Office of Personnel Management, thus potentially gaining access to confidential files on 14 million current and former federal employees and others. I would not go quite as far as Noah Rothman did to describe this as a  Pearl Harbor-type attack because it was not designed to inflict physical or even cyber-damage. But it was bad enough. This was a brazen intelligence-gathering operation that will in all probability give the Chinese intelligence service an unprecedented amount of information about people in positions of influence in the U.S. government—information that can only be used for nefarious purposes.

Lawmakers are predictably and rightly giving OPM representatives a hard time for not doing a better job of protecting their systems. But of course the problem goes well beyond one federal office. There are few American institutions, public or private, that have been immune from cyber attacks, and the threat is only getting worse. Potentially one day we could even see a true “cyber Pearl Harbor” if an enemy captures or crashes vital computer networks needed for such functions as air traffic control or banking.

 

The problem is that the threat has thus far exceeded the response. As with most security threats there has to be both a defensive and an offensive response. Yet we have no gotten serious about either side of the cyber equation.

When it comes to cyber defense, Congress has bowed to lobbying from private firms that are loathe to share any information with the federal government, and especially with the military’s Cyber Command and NSA, which have the most sophisticated computer capabilities in the government. The only way that we will improve our defenses, both for the government and the for vital civilian infrastructure, is by giving our top cyber-warriors more access to networks that need to be defended. This will outrage Edward Snowden and his ilk, but it is no more offensive or any less necessary than the security measures we agree to endure as the price of flying. Some loss of liberty is necessary for security, whether in the “real” world or the virtual world. That doesn’t mean losing all privacy but certainly we need to give the government more ability to safeguard important networks. We should be more worried about intrusions from lawless Russian or Chinese hackers than from the NSA’s cyber-warriors who operate under tight safeguards within the rule of law.

No defense is ever going to be perfect, however, whether in protecting against missiles or viruses. We can’t count on missile defense to be foolproof; that’s why we developed the doctrine of mutual assured destruction to deter Soviet nuclear attack. There is a similar need for enhanced deterrence in the cybersphere. Quite simply, as this 2013 Council on Foreign Relations Task Force suggested, “offensive capabilities are required to deter attacks, and, if deterrence fails, to impose costs on the attackers.”

President Obama has recently recognized the need for greater deterrence by signing an executive order that gives the federal government the ability to impose financial and other sanctions on individuals and entities that are judged responsible for the worst cyber-attacks. This is a good start, although much will depend on the willingness of the administration to use this tool—and odds are the U.S. won’t be imposing economic sanctions on the government of China anytime soon in response to cyber-attacks. Heck we haven’t even imposed sanctions on North Korea following the attack on Sony Pictures late last year.

A more proportionate and low-profile response could well be more feasible: If the Chinese attack our networks, we should attack theirs, thereby raising the cost of their actions and forcing them to think twice about whether this is a profitable activity to engage in. As the Stuxnet virus should have shown, U.S. capabilities in offensive cyber operations, although veiled, are second to none. If we are willing to retaliate for cyber attacks in kind, there is certainly a risk of unwelcome fallout. But there is a risk in any kind of action. That should not prevent us from acting. The greatest risk of all is to continue doing little, allowing our enemies to attack our computer networks with impunity.

Read Less

Start Retaliating for Chinese Cyber Attacks

The Chinese government is issuing ludicrously unconvincing denials of the report issued by the Internet security firm Mandiant that a specific unit of the People’s Liberation Army—Unit 61398 based in an office-building in Shanghai–is responsible for many of the worst cyber attacks on American companies and governmental agencies. “Chinese military forces have never supported any hacking activities,” a spokesman for the Chinese defense ministry said at a press briefing. “The claim by the Mandiant company that the Chinese military engages in Internet espionage has no foundation in fact.”

Uh right. And if you believe that then no doubt the spokesman also has some nice swampland near Shanghai to sell you.

Read More

The Chinese government is issuing ludicrously unconvincing denials of the report issued by the Internet security firm Mandiant that a specific unit of the People’s Liberation Army—Unit 61398 based in an office-building in Shanghai–is responsible for many of the worst cyber attacks on American companies and governmental agencies. “Chinese military forces have never supported any hacking activities,” a spokesman for the Chinese defense ministry said at a press briefing. “The claim by the Mandiant company that the Chinese military engages in Internet espionage has no foundation in fact.”

Uh right. And if you believe that then no doubt the spokesman also has some nice swampland near Shanghai to sell you.

There is in fact little doubt of the Mandiant report’s veracity because it tallies with so many other findings from many other sources–including the U.S. intelligence community—about China’s very active computer hacking program which is at the core of its aggressive campaign of economic espionage. What really makes these activities especially chilling is this revelation in the New York Times referring to a hacking team called the Comment Crew which is believed to be PLA-sponsored: “While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.”

This strongly suggests that the PLA is not only intent on stealing secrets for China’s economic advantage. It is also, by all indications, preparing for the possibility of war with the United States at which time it could well set off previously planted “cyber bombs” that will blow up key infrastructure nodes, potentially plunging American cities into darkness, shutting down transportation networks, and so forth.

The question is what to do about all this? Chinese activities are offensive, dangerous and intrusive, but they are not a formal act of war as previously understood. So what should be the American response?

For a start the U.S. needs to stop respecting Chinese sensibilities by not being afraid to “name and shame” the perpetrators of these attacks, however much outrage it will cause in Beijing. Bringing such activities into the public light may well lead China to calculate that the public humiliation is not worth the price paid.

Assuming, however, that such cyber-attacks continue, a stiffer response could be warranted: namely retaliation in kind. If it is not already going on, it should be—the National Security Agency should be penetrating Chinese networks as aggressively as they penetrate ours to send a clear signal that two can play at this game. Only if we achieve a degree of deterrence will the Chinese government ultimately be convinced that such activities are too costly to engage in.

Read Less




Pin It on Pinterest

Welcome to Commentary Magazine.
We hope you enjoy your visit.
As a visitor to our site, you are allowed 8 free articles this month.
This is your first of 8 free articles.

If you are already a digital subscriber, log in here »

Print subscriber? For free access to the website and iPad, register here »

To subscribe, click here to see our subscription offers »

Please note this is an advertisement skip this ad
Clearly, you have a passion for ideas.
Subscribe today for unlimited digital access to the publication that shapes the minds of the people who shape our world.
Get for just
YOU HAVE READ OF 8 FREE ARTICLES THIS MONTH.
FOR JUST
YOU HAVE READ OF 8 FREE ARTICLES THIS MONTH.
FOR JUST
Welcome to Commentary Magazine.
We hope you enjoy your visit.
As a visitor, you are allowed 8 free articles.
This is your first article.
You have read of 8 free articles this month.
YOU HAVE READ 8 OF 8
FREE ARTICLES THIS MONTH.
for full access to
CommentaryMagazine.com
INCLUDES FULL ACCESS TO:
Digital subscriber?
Print subscriber? Get free access »
Call to subscribe: 1-800-829-6270
You can also subscribe
on your computer at
CommentaryMagazine.com.
LOG IN WITH YOUR
COMMENTARY MAGAZINE ID
Don't have a CommentaryMagazine.com log in?
CREATE A COMMENTARY
LOG IN ID
Enter you email address and password below. A confirmation email will be sent to the email address that you provide.