China puts itself in the cyber crosshairs — what now?
- By William Jackson
- Oct 28, 2011
It is becoming increasingly apparent that China is the source of a lot of hacking and espionage that is going on in U.S. corporate and government systems — and that an international response is called for.
Identifying the ultimate source of an attack or intrusion is difficult, but Google earlier this year was willing to finger the Chinese as the culprit in a series of high-profile breaches, and a recent blog post from Brian Krebs cites unnamed sources that identify China as the home of almost 90 percent of more than 300 command-and-control computers involved in espionage against this country.
Former White House cybersecurity adviser Richard Clarke in a recent video statement posted for Cybersecurity Awareness Month had no qualms in identifying the Chinese as “the people who are doing us the most damage these days in cyberspace.”
Cyber war: How close are we to the real thing?
Report: China the source of RSA hack, hundreds of others also hit
“The government of China is involved in hacking into American companies and taking that information and giving it to Chinese companies,” Clarke said.
This is hardly shocking news. Most of those aware of the problem have assumed for quite a while now that China is behind a lot of the online espionage in this country. But it is difficult to act on these assumptions without proof. Finding that 299 of 338 command-and-control servers are located in China sure looks suspicious, but how do you prove who is behind them?
As Chinese denials of wrongdoing become less credible, however, China is putting itself in the international crosshairs. The question is, what are we going to do about it?
A consensus is emerging, both in NATO and the U.S. Cyber Command, on how to approach cyber war. The rule of thumb is based on equivalence; the vector of the attack doesn’t matter. If an online attack results in the same kind of loss of life or property damage as a kinetic attack, it is an act of war and can be responded to accordingly.
The response can be either kinetic or digital. This is an important step, but few if any cyberattacks to date have risen to the level of war. Maybe the Stuxnet attack on Iran, and that’s about it.
What China apparently is engaged in is espionage, and although it is illegal, it is not warfare. Governments typically deal with spies by arresting them, but if the spy remains in his home country, that is not feasible.
What’s needed is an international program to establish and enforce norms for behavior in cyberspace. The Obama administration in May released its International Strategy for Cyberspace, a framework for interagency and international cooperation to establish norms for responsible behavior in cyberspace. The norms include respect for property and multi-stakeholder governance.
The adoption of such a framework would allow the international community to respond to bad actors such as China that demonstrate a pattern of malicious behavior, even if we cannot immediately pin a specific incident on them. Censures and sanctions could be applied.
Such sanctions have had mixed success at best in curbing inappropriate behavior by rogue nations, but they represent an international consensus of proper behavior and usually are more effective than unilateral action, either diplomatic or military.
Until such norms can be established and enforced, the best protection against intrusions, either by nation-states or individuals, continues to be defending your systems, monitoring them for breaches, and being ready to mitigate when you have been compromised.
William Jackson is freelance writer and the author of the CyberEye blog.