General Keith Alexander, the head of US Cyber Command and the National Security Agency, testified to Congress yesterday that China continues to hack into “defense industrial base companies” and steal military technology (see Don Reisinger‘s latest blog post). And he confirmed what was widely believed already—that China was responsible for the hacks on RSA last year, which compromised that company’s SecureID tokens and hence compromised the networks of thousands of companies that use those tokens for network security.
This continues a steady drumbeat of stories over the last couple of years about the rising tide of sophisticated attacks from China, which seems to be increasingly brazen in its attacks. Part of the reason is that the Administration does not seem to know what to do about the attacks other than to talk about them publicly, finally, and to continue to try to bolster our defenses. But in the unclassified sphere, at least, there doesn’t appear to be a concrete strategy for reducing the attacks—no plan to counterattack, issue demarches, threaten trade sanctions, or anything else.
This is a tough nut to crack, because the US has so many issues in which it needs cooperation from China (restarting the world economy, North Korea, Iran, to name just a few). And at bottom, one can look at this as essentially an issue of espionage, and countries don’t go to war or institute sanctions just because another country spies on them.
The problem with viewing the Chinese cyber threat this way is that a) a lot more information can be, and probably is, being taken through cyber means than through networks of spies, and 2) while China is stealing valuable information, it is also mapping our networks and probably depositing malware for potential future use. So the same access that allows them to spy also allows them to “prepare the battlefield” for possible future military confrontation.