CYBEREYE

China puts itself in the cyber crosshairs — what now?

It is becoming increasingly apparent that China is the source of a lot of hacking and espionage that is going on in U.S. corporate and government systems — and that an international response is called for.

Identifying the ultimate source of an attack or intrusion is difficult, but Google earlier this year was willing to finger the Chinese as the culprit in a series of high-profile breaches, and a recent blog post from Brian Krebs cites unnamed sources that identify China as the home of almost 90 percent of more than 300 command-and-control computers involved in espionage against this country.

Former White House cybersecurity adviser Richard Clarke in a recent video statement posted for Cybersecurity Awareness Month had no qualms in identifying the Chinese as “the people who are doing us the most damage these days in cyberspace.”


Related coverage:

Cyber war: How close are we to the real thing?

Report: China the source of RSA hack, hundreds of others also hit


“The government of China is involved in hacking into American companies and taking that information and giving it to Chinese companies,” Clarke said.

This is hardly shocking news. Most of those aware of the problem have assumed for quite a while now that China is behind a lot of the online espionage in this country. But it is difficult to act on these assumptions without proof. Finding that 299 of 338 command-and-control servers are located in China sure looks suspicious, but how do you prove who is behind them?

As Chinese denials of wrongdoing become less credible, however, China is putting itself in the international crosshairs. The question is, what are we going to do about it?

A consensus is emerging, both in NATO and the U.S. Cyber Command, on how to approach cyber war. The rule of thumb is based on equivalence; the vector of the attack doesn’t matter. If an online attack results in the same kind of loss of life or property damage as a kinetic attack, it is an act of war and can be responded to accordingly.

The response can be either kinetic or digital. This is an important step, but few if any cyberattacks to date have risen to the level of war. Maybe the Stuxnet attack on Iran, and that’s about it.

What China apparently is engaged in is espionage, and although it is illegal, it is not warfare. Governments typically deal with spies by arresting them, but if the spy remains in his home country, that is not feasible.

What’s needed is an international program to establish and enforce norms for behavior in cyberspace. The Obama administration in May released its International Strategy for Cyberspace, a framework for interagency and international cooperation to establish norms for responsible behavior in cyberspace. The norms include respect for property and multi-stakeholder governance.

The adoption of such a framework would allow the international community to respond to bad actors such as China that demonstrate a pattern of malicious behavior, even if we cannot immediately pin a specific incident on them. Censures and sanctions could be applied.

Such sanctions have had mixed success at best in curbing inappropriate behavior by rogue nations, but they represent an international consensus of proper behavior and usually are more effective than unilateral action, either diplomatic or military.

Until such norms can be established and enforced, the best protection against intrusions, either by nation-states or individuals, continues to be defending your systems, monitoring them for breaches, and being ready to mitigate when you have been compromised.

 

Reader Comments

Thu, Nov 3, 2011

I wouldn't completely rule out the possibility most of the alleged cyber attacks came from financially motivated companies (and their employees in the basement somewhere) launched these attacks and made them seem like coming from somewhere else. Probably 99% of these attacks are self-inflicted. Most of everybody else don't have time to fool with this and enjoying life.

Thu, Nov 3, 2011

Don't buy the product if it reads "Made in China."

Wed, Nov 2, 2011

If it is important, put it on a private air-gapped network. Stuff that could put national security or industrial capability at risk should never have been in the public IP unverse in the first place.

Mon, Oct 31, 2011 WOR

Mr EdT I guess there is no problem with the Chinese knowing all our government policies, system specifics and configurations, military data; knowing the details of the expensive R&D that US corporations undertake, and other competitive data? No problem if your Chinese, anyways.

Mon, Oct 31, 2011 EdT

Oh my, cyber war... what to do about it? Consensus emerging... NATO involved, why not the UN too? Apparently it's a slow IT news day, solving cyber attacks is like solving crimes, in general. How about we stop bank robbing? stop murders? stop violence? whatever...

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above