Cyber-war between US, China? Everybody's Doing It
February 21, 2013
James Temple / San Francisco Chronicle
Some have suggested the ongoing digital attacks originating in China are tantamount to war. But let's all take a deep breath before arguing for cyber-counterstrikes against the world's most populous nation. For one thing, equating espionage to war isn't a standard this nation would want to apply to itself. The US has spied on foreign nations in the past and is widely believed to have released a computer worm to disrupt Iran's nuclear program, a clear act of cyber-sabotage.
(February 19, 2013) -- A prominent computer security firm has traced the activity of one of the world's most sophisticated hacking groups to the gates of the Chinese military, underscoring critical weaknesses in both our cyber-defenses and trade policies.
Mandiant's detailed 60-page analysis, first reported in the New York Times on Sunday, adds to the mounting evidence that Beijing plays a direct hand in ongoing espionage of US corporations.
The Alexandria, Va., security firm explained that attacks from the group it calls APT1, or Comment Crew, originate in the same geographic location as the People's Liberation Army Unit 61398, on the edge of Shanghai. The two groups also appear to share missions, capabilities, resources, tactics and technology infrastructure.
"It is time to acknowledge the threat is originating in China," the company said.
China declined to do so, however, denying the allegations and labeling the report "unprofessional."
But Mandiant's analysis follows a string of reports linking corporate cyber-attacks to China in recent weeks, including ones aimed at the New York Times, Wall Street Journal. Washington Post and others. The report is also consistent with the US government's own findings.
The firm observed Comment Crew downloading hundreds of terabytes of data from at least 141 organizations going back to as early as 2006. The stolen information included manufacturing procedures, product development materials, executive e-mails and more.
The top target was information technology companies, which most likely means California businesses were on Mandiant's list of unnamed victims. Other popular targets included aerospace, energy and transportation companies.
Everybody's Doing It
A foreign nation tiptoeing past the firewalls of companies in charge of our critical infrastructure is a real problem that demands a real response. Some have suggested the ongoing digital attacks originating in China are tantamount to war. But let's all take a deep breath before arguing for cyber-counterstrikes that risk escalation with the world's most populous nation.
For one thing, equating espionage to war isn't a standard this nation would want to apply to itself. The United States has clearly spied against foreign nations in the past. It's also widely believed the US government helped create the Stuxnet computer worm that hobbled Iran's nuclear program, a clear act of cyber-sabotage.
Moreover, as UC Berkeley professor Steven Weber points out, if this constitutes war, we're already neck deep in WW III. Russia, Iran, North Korea, Romania and other nations actively utilize cyber-attacks, according to various reports.
"It's a cyber-war of all against all," said Weber, a China expert at the School of Information.
Defense Is Best Offense
That point is a critical one to consider as we form our response.
Because while shaking our fist at China feels right, it's a partial solution at best if Russia and North Korea are aiming worms and viruses at us as well. The only real way to really tackle this problem is to bolster our digital defenses.
Some of this is under way. Last week President Obama issued an executive order designed to encourage government agencies and owners of critical infrastructure to share information about specific threats and attacks. It will also establish a common set of standards and procedures to help government and businesses reduce cyber-risks.
But far more is needed, including legislation not asking but requiring critical infrastructure companies to acknowledge when and how they've been attacked, so that everyone's defenses can be improved.
After weeks of headlines about successful intrusions of the world's most prominent tech companies, it's also clear the industry must raise its own standards to ensure the security of employees, customers and products.
An Unhealthy Relationship
At the same time, the Mandiant report is one more piece of evidence of the unhealthy and ultimately untenable trade relationship with China.
But cyber-espionage might not even be the most damaging of that nation's trade sins, among a list that includes: ignoring US intellectual property, manipulating currency, subsidizing domestic products and more.
A recent report by the Economic Policy Institute said eliminating currency manipulation in China and a handful of other Asian nations would reduce the US trade deficit by $190 billion to $400 billion over the next three years. It would help create 2.2 million to 4.7 million jobs.
But our government leaders are loath to demand changes due to other financial concerns. China is one of our largest trading partners and the biggest single holder of US debt. Our large businesses rely on its cheap products and labor.
"There is a clear disconnect between what is in the interest of Wall Street and US multinationals and what is in the interests of the United States as a country," said Robert Scott, direct of trade and manufacturing policy research at the Economic Policy Institute, a Washington, D.C., think tank.
A Question of Fair Play
The Times reported that Obama administration officials say they are "planning to tell China's new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing."
Rhetorically, that sounds vaguely like: Please don't attack us quite so often or obviously.
Our government must state unequivocally that any behavior of this kind is unacceptable among trading partners, and that no one's buying Beijing's rote denials.
But the broader message needs to be: If you want fair trade with this nation, you need to engage in fair play.
James Temple is a San Francisco Chronicle columnist. E-mail: firstname.lastname@example.org Twitter: @jtemple
Posted in accordance with Title 17, Section 107, US Code, for noncommercial, educational purposes.