James Fallows of The Atlantic has an excellent piece on China and the cyber threat (as well as some other points on the Chinese military). A few excerpts about cybersecurity:
China has hundreds of millions of Internet users, mostly young. In any culture, this would mean a large hacker population; in China, where tight control and near chaos often coexist, it means an Internet with plenty of potential outlaws and with carefully directed government efforts, too. In a report for the U.S.-China Economic and Security Review Commission late last year, Northrop Grumman prepared a time line of electronic intrusions and disruptions coming from sites inside China since 1999. In most cases it was impossible to tell whether the activity was amateur or government-planned, the report said. But whatever their source, the disruptions were a problem. And in some instances, the “depth of resources” and the “extremely focused targeting of defense engineering data, US military operational information, and China-related policy information” suggested an effort that would be “difficult at best without some type of state-sponsorship.”
[…]
[Cyber authorities] stressed that Chinese organizations and individuals were a serious source of electronic threats—but far from the only one, or perhaps even the main one. You could take this as good news about U.S.-China relations, but it was usually meant as bad news about the problem as a whole.
[…]
This led to another, more surprising theme: that the main damage done to date through cyberwar has involved not theft of military secrets nor acts of electronic sabotage but rather business-versus-business spying. Some military secrets have indeed leaked out, the most consequential probably being those that would help the Chinese navy develop a modern submarine fleet. And many people said that if the United States someday ended up at war against China—or Russia, or some other country—then each side would certainly use electronic tools to attack the other’s military and perhaps its civilian infrastructure. But short of outright war, the main losses have come through economic espionage. “You could think of it as taking a shortcut on the ‘D’ of R&D,” research and development, one former government official said.
And Fallows adds one general extraordinarily striking cautionary note that has little to do with China, but that all policy makers should pay attention to:
[N]early everyone in the business believes that we are living in, yes, a pre-9/11 era when it comes to the security and resilience of electronic information systems. Something very big—bigger than the Google-China case—is likely to go wrong, they said, and once it does, everyone will ask how we could have been so complacent for so long. Electronic-commerce systems are already in a constant war against online fraud. [emphasis added]
The entire piece is worth your time, but those are the big highlights. From my perspective, I’ve seen first-hand how the Pentagon is well-aware of the threat and is devoting substantial assets to detect and disrupt the intrusions. I’m not just talking about the NSA’s new cyber command either — cyber is the hot, new frontier and that creates incentives for every agency under the sun to grab a few million smackers from the budget for working the issue. But where’s the line between effective cyber defense and too many agencies tripping over one another?
