On US, China, cyber espionage, and cyber war

The accusations and recriminations lobbed back and forth between the United States and China regarding alleged state-sponsored cyber espionage attacks have become almost a daily occurrence for a while now.

The U.S. government, politicians, intelligence community, military and private sector companies are, most often than not, blaming Chinese hackers for every breach and compromise – whether they have indications that their claims might be true, or simply because they have been conditioned to point the finger that way, so the publishing of Mandiant’s APT1 report offered a welcome confirmation of their beliefs.

“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” the researchers stated in the report. “The issue of attribution has always been a missing link in publicly understanding the landscape of APT cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns. We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.”

And they definitely reached one of their goals, as the report has signaled a change: the accusations now have a formal leg to stand on – despite it still being shaky, and the fact that China continues to refute the charges laid at its door.

Since then, a lot of things have happened. China has a new Premier, but he continues on the course set before him. “I think we should not make groundless accusations against each other but spend more time doing practical things that will contribute to cybersecurity,” he said, echoing the previously stated call for international rules and cooperation on Internet security and hacking issues under a United Nations framework.

At the same time, China has started throwing out some counter-accusations. Its National Computer Network Emergency Response Technical Team Coordination Center (CNCERT/CC) has trotted out reports on government agencies and high-profile private companies being hacked from IP addresses in the U.S.

In the meantime, NSA Director General Keith Alexander has confirmed the United States’ readiness to use cyber weapons in both defense and retaliation for possible attacks. While the statement is obviously meant to also function as a deterrent for attackers, I have no doubt that it’s true.

There are, luckily, some people in the U.S. that are trying to calm the waters, and are calling for Congress and the government to tone down their cyber warfare rhetoric and stop and consider carefully whether it can adversely affect decision making in the case of a cyber attack.

Computer security specialist and noted pundit Bruce Schneier also pointed out that none of these attacks are cyberwar.

“It’s all espionage, something that’s been going on between countries ever since countries were invented. What moves public opinion is less the facts and more the rhetoric, and the rhetoric of war is what we’re hearing,” he says, and adds that, unfortunately, both the reality and the rhetoric play right into the hands of the military and corporate interests that are behind the cyberwar arms race in the first place.

And while I couldn’t agree more, I’m doubtful on whether we can stop it.

For one, people who are set on making money or simply gain power are often (if not always) more forceful in pursuing their goals than those who couldn’t care less about it or are oriented more towards cooperation and peaceful resolution of issues. Secondly, the same is true about politicians – i.e. those who have the power to decide on these things. And thirdly, the human race is not good at avoiding repeating past mistakes. But that still doesn’t mean that we should stop trying.

I’m not saying that cyber espionage should be ignored. In this era of massive companies and corporations that are driving world economies, trade secrets and intellectual property should be protected better than ever.

But if you ultimately want to consider these attacks a form of war, I’ll say I prefer it over other, extremely more brutal ones, and hope we can keep it that way. Thinking up new ways of deterring and preventing attacks instead of responding to them – especially when it’s difficult to say and prove who actually did it – seems to me the best solution for now.

Finally, as a short side note: here is a recently released proposal about rules and laws that should be applied when waging cyberwarfare. Requested by NATO, it also addresses the physical repercussions of such a conflict, and it is a very interesting read.