Cyberwar with China? More Likely, the Enemy Will Be Anonymous
Jun. 4 2011 – 10:01 am
Posted by Robert Hahn and Peter Passell
The Pentagon says that cyber-attacks may be interpreted as an act of war – thereby allowing Washington to respond to serious transgressions with military force. Or, as one military official more plainly put it, “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”
That hypothetical may not be so far-fetched. The US, Israel and Britain reportedly designed the Stuxnet virus, which scrambled the computers at Iran’s uranium enrichment complex. Russia temporarily brought down critical Websites during its brief war with Georgia in 2008. And the Russians may have aided and abetted hackers who breached the firewalls on some top-secret Pentagon computers.
Fastforward to today. According to Google, hackers from Jinan, China targeted the Gmail accounts of “senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.” Google does not mention whether the Chinese government was behind this, but notes that the goal apparently was “to monitor the contents of these users’ emails” – not standard operating procedure for hackers with mayhem or fraud in mind.
Google has a history of being on the wrong end of the sort of cyber aggression that has “government” written all over it. In December 2009, the company “detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.” That assault targeted Chinese human rights activists and their supporters outside of China. It prompted a call from David Drummond, Google’s chief legal officer, for “a new approach to China.”
Alas, more than a new approach to threats from one country is needed. Cybersecurity concerns, public and private, will likely get worse before they get better. And the slew of successful attacks (mostly in the service of old-fashioned theft) in the recent past suggests how vulnerable our IT-dependent economy is to marauders.
This is disheartening for a variety of reasons. First, the economic and technological barriers to engaging in cyber attacks are so low that any number can play. It takes billions of dollars worth of infrastructure to even begin to think about making highly enriched uranium for a nuclear weapon. But there’s good reason to believe that a few well-trained engineers armed with laptops and an Internet connection could do massive damage to the global economy.
By the same token, the source of a nuclear weapon can be traced relatively easily from the radioactive signature of the fissile material. But sophisticated hackers have a good shot at completing attacks without leaving fingerprints. And if you don’t know who did it, the threat of retaliation isn’t much of a deterrent.
But arguably the most troubling consequence of living with cyberthreats is the potential cost of deterring them. Consider the parallel of the war on terror: the response to September 11 has cost untold billions in everything from the cost of more police to more time wasted in security lines at airports, office buildings and sport stadiums. The first time a cyberattack blacks out Chicago or Los Angeles, utilities across the country will spend billions hardening their infrastructure.
There’s a familiar irony here. One of the reasons that the decentralized market economies of open societies are so productive is that they minimize costly restrictions on everyday life. But that very openness lowers the barriers to threats such as cyber warfare. The best we can hope for is that the flexibility inherent in free markets will also make them more nimble in responding to the challenge.