America is under cyber attack, and Washington now believes there is evidence that China is officially sponsoring much of it.
The source of much of the activity is a military building, and not some amateur hacker’s home. Mandiant, a private security firm has traced a wave of cyber attacks to the door of China’s cyber command. The report has rattled Washington, and the IT and intelligence communities are still scrambling for adequate answers.
On Wednesday the Homeland Security Committee of the US Congress holds a hearing on cyber security, with the fear that World War Three is already underway, via fibre-optic links and secret servers putting vital infrastructure at risk, and stealing valuable secrets.
“The fact that there is potentially some very serious espionage occurring, that is stealing intellectual property from the United States and maybe from some other nations is big news for businesses. If they do not take cyber security seriously, they are going to lose intellectual property,” says Irving Lachow from the Center for a New American Security.
‘Everyone’s hacking everyone’
Paul Innella, boss of cyber security firm TDI claims “everyone is hacking everyone”, but that does not make it a level playing field. Some victims have more to lose than others.
“I was head of the National Security Agency. I admit, the United States does espionage. But we go out and try to acquire things that keep Americans free. We don’t do it to make Americans rich. We don’t do it for American profit. That seems to be the core interest of Chinese cyber espionage,” says General Michael Hayden, former CIA Director.
As we enter an age of a new kind of warfare, undeclared and with no Geneva Convention regulating its excesses, many fear diplomacy will have little clout in Beijing.
“Talking tough won’t do any good, in fact, it may be harmful, unless we back it up,” warns Lachow.
No administration official has talked publicly about what sort of action the United States could take against Chinese hacking. Privately some are urging a tough response. But then, as Hillary Clinton once remarked, how do you take a hard line with your banker?
More and more corporations rely on Active Cyber Defense (ACD), a term that describes a range of proactive actions that engage the adversary before and during a cyber incident – also called ‘retaliatory hacking’. Yet even as ACD becomes more widespread the debates about what techniques are appropriate – or even legal – are just beginning.
In the next few months, American officials say, there will be many private warnings delivered by Washington to Chinese leaders, including Xi Jinping, who will soon assume China’s presidency. It is too early to tell whether that appeal to China’s self-interest is getting through.