The Time Is Ripe For Tit For Tat

By Rachel Ehrenfeld
Thursday, February 21st, 2013 @ 5:57AM

Print Friendly, PDF & Email

Making the headlines, the 74-page report by Mandiant Corporation, that was released on February 18, details how Chinese government linked hacking groups in Shanghai had stolen data from at least 115 U.S. based companies. The report noted that the focus was on hacking companies engaged information technology, aerospace and energy, though the companies were not identified by name.

Jody Westby, the CEO of Global Cyber Risk, noted in her Forbes article that Mandiant’s modus operandi, tracking the perpetrators back to their base, helped not only to identify the hackers, but also linked them to their employer, the Chinese government. In other words, in addition to identifying the crime–hacking, Mandiant’s elaborate detective work positively identified the criminal–hacker, who committed the crime, as well as the crime boss who ordered the hacking–the Chinese government. This is evidence that could be brought to court. But don’t expect the U.S. government to stage any direct confrontation with the Chinese anytime soon.

 

In his inauguration address on February 12, President Obama acknowledged America’s growing threat from cyberattacks, but did not name China. Clearly, with his legacy in mind he declared, “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.” Indeed, Why?

Following in the president’s footsteps, Mandiant’s conclusion is an exemplary exercise in tenuous diplomacy: “In a State that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group operating from…Shanghai….The most probable conclusion is that…such long running and extensive cyber espionage is [ongoing] with the full knowledge and cooperation of the government.”

Yet, it is no secret that the U.S. has the capabilities of Mandiant and much more. It can trace hackers to their original base and identify them and the material they’ve stolen. Yet, the government agencies who posses this knowhow are seating on their hands because they have no authority to counterattack. That’s a political decision that needs to be cleared by the Justice Department. If this is done in public, expect the Chinese and their agents of influence to try to block such legal actions.

 

But wars–and we are at war for the survival of our economy–cannot be won in the courtroom. When you are under fire you fire back both to protect yourself and to hopefully obliterate your enemy. Your survival is paramount–as is the survival of our economy.

 

While full-fledged war on China is not a winning proposition, selected target response is a necessity. Not with drones, but with the tools perfected by our security agencies. These should be provided in an appropriate manner to the private industry that is being stolen blind. Enough with reporting on cyber attacks. Time to respond in kind.

 

President Barak Obama’s much-ballyhooed “Executive Order”on cybersecurity demonstrates how far the administration is behind the curve. All wind, no rain. All “preliminaries” and bureaucratic processes, no action. And, as has been the case with Obama ever since he started talking about cybersecurity, the focus is on cyber threats to critical public infrastructure managed by the private sector and not on threats to our commercial sector.

The noticeable increase of Chinese investments of strategic character in the U.S. increased seven-fold between 2007 to 2012. Investments buy political influence. The 2012 Report to Congress of the U.S.-China Economic and Security Review Commission suggests this.

 

Lately, the New York Times, the Wall Street Journal, Bloomberg News, and the Washington Post, reported their computers had been repeatedly attacked by Chinese hackers, they claimed the hackers went “only” after the passwords and files of reporters who took part in investigations on the wealth accumulated by China’s political leaders and their relatives. The Wall Street Journal also stated that “the hacking was not an attempt to gain commercial advantage or to misappropriate customer information.”

It is highly unlikely that the Chinese were simply monitoring the U.S. media simply for what it said about them. The hacking will have given them access to the files of economic and business reporters that could easily have held privileged information about companies’ circumstances and the activities of potential non-Chinese investors, as well as direct links into those companies, often getting through their firewalls. Taking this into consideration, a second look at Chinese investments in the U.S. is warranted.

 

In her last meeting with reporters, outgoing Secretary of State Hillary Clinton said that a global effort was needed to establish rules for cyberactivity, and that “‘We have seen over the last years an increase in not only the hacking attempts on government institutions but also nongovernmental ones,’ she said, adding that the Chinese ‘are not the only people who are hacking us.'” Though there is growing evidence of Iranian hacking, nothing comes even close to the sophisticated deep and wide penetration of China into our security, public, private and finance industries,

 

According to AP, “cyber-security experts said the U.S. government is eyeing more pointed diplomatic and trade measures.” Actions could include threats to cancel certain visas or put major purchases of Chinese goods through national security reviews. Do they really believe this would scare the Chinese?

 

Gen. Michael Hayden’s policy “the best defense is offence” is the appropriate and seemingly the only effective defense we can use; i.e., use our cyber offensive knowhow to obliterate the enemy–at its base. Tit for Tat. The hacker’s destroyed computer will take time to replace. Thousands of destroyed hacking computers will take that much longer, giving us time to strengthen our defenses. This is what armies do during wartime to win.

FURTHER READING

SALON: After NYT attack, U.S. considers action against Chinese hacking

 

“‘The U.S. government has started to look seriously at more assertive measures and begun to engage the Chinese on senior levels,’ said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. ‘They realize that this is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China.'”

No doubt Beijing was happy to hear that a potential presidential candidate was soft on Chinese hacking and even inclined to support their position on Internet controls. As for the rumors of other “stern” measures, while they point in the right direction, they are mitigated by the news that the administration’s first priority is holding onto the now nearly meaningless “bilateral relationship” with China.

 

If, as is rumored, the White House intervened with CFIUS to get the Wangxiang acquisition of potentially strategically significant lithium battery-maker A123 approved, what does that say about the likelihood of a self-interested U.S. response to the Chinese infiltration of our economy and cyberspace? Incidentally, CFIUS has more recently approved the acquisition of Canadian energy firm Nexen by China’s CNOOC Limited. This was necessary given Nexen’s holdings in the United States.

As we have been saying for a long time, the U.S. government has been behind in the cybersecurity realm and shows no signs of catching up. If that remains the case, then the only hope for the health of a U.S. economy under attack from abroad will be firms like Mandiant and the private clients who have the good sense to fund the pursuit of their adversaries and otherwise cooperate with them.

 

CHRISTIAN SCIENCE MONITOR: Wanted: global rules on cyberwarfare

 

An unfortunately naïve editorial advocacy for international cyber “arms control.”

 

HOUSE INTELLIGENCE COMMITTEE: Advanced Cyber Threats Facing Our Nation

 

See especially Business Round Table President John Engler’s testimony that

 

“current information sharing environment is not supported by strong legal protections to safeguard companies that share and receive cybersecurity information from civil or criminal action. Companies lack formal guidance on antitrust laws, which creates uncertainties for working within and across sectors to share threat information and risk management and mitigation techniques.

“Furthermore, there are not nearly enough security clearances. In many cases, only one or two employees are cleared even within very large global enterprises, which create difficulties in communicating problems and acting quickly across global operations. And, without access to timely and actionable threat information, senior corporate leaders can only speculate about which threats are greatest and how to best manage them.”

Geoff Whiting: Critical system vulnerabilities exist at Los Alamos


Categories: ACD/EWI Blog, China, Cyber

On The Campaign Trail

Check the dates and see when we're in your town!