Secretary Clinton’s speech about Internet freedom and security at the Newseum last January pulled cybersecurity out from under the radar.  It also planted another major issue on the capacious platter of Sino-U.S. relations.  Developments since then seem to place the emphasis on security more than on promoting freedom.

Media reports of cyber attacks on government and business Web sites and networks have multiplied this year, as the U.S. has begun taking steps to put comprehensive cybersecurity measures into place.  The “advanced persistent threat (APT)” attack on Google, which prompted a threat to withdraw from the Chinese marketplace, aimed to steal information from the company’s network.  Experts traced the attack to hackers with connections to Chinese technical schools.  Similar attempts against U.S. agencies including the State Department are rife.  My impression is that the government of China is secretly encouraging attacks like these while denying any involvement.

It’s now in the interest of all countries to define and enforce norms of behavior, as Secretary Clinton stated.  Our country cannot afford to be self-righteous about the issue.  Many of the attacks rely on armies of personal computers that have been compromised by software that allows hackers to use them at will.  McAfee, the computer security company, estimated over a million infected computers in both the United States and China.  McAfee also sponsored a survey recently, carried out by the Center for Strategic and International Studies, to probe the views of 600 IT and security executives in 14 countries.  Respondents in Brazil, Spain and Mexico said the United States was to be most feared with regard to cybersecurity.

The new cybersecurity command at the Defense Department and the recent appointment of a White House cyber coordinator (Howard Schmidt) promise further development of a U.S. doctrine with offensive and defensive sides.  This aims to prevent the nightmare scenario of an attack that reaps destruction by disabling power stations, communications and other strategic national capabilities that are owned and operated by the private sector.  I’ve heard mixed assessments of how likely such a dire scenario may be.  However, former government officials in a simulation exercise this year called Cyber Shockwave found they had no powers to stop a cyber attack.

The government and a council of private companies (including CSC, one of my employers) have been consulting on cyber warfare defenses for a year or so.  On Capitol Hill, Senators Jay Rockefeller and Olympia Snowe have proposed legislation.  However, the U.S. has a road ahead before it can be confident that our Internet communications are well protected against outside interference.

Clearly, establishing some laws of cyber war is a big part of the solution.  James Lewis, director of SAIC’s Public Policy Program, described Secretary Clinton’s speech this way.  “This isn’t a declaration of war.”  [To the Chinese and others]  “It’s saying, ‘Hey, listen we’ve really got to talk.  There are rules, we need to make them clear, and we have to obey them.’”

Advertisement