“Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.
The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies.
The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day….
“They’re trying to make connections between prominent people who work at think tanks, prominent donors that they’ve heard of and how the government makes decisions,” said Dan Blumenthal, director of Asian studies at the American Enterprise Institute, which also has been hacked. “It’s a sophisticated intelligence-gathering effort at trying to make human-network linkages of people in power, whether they be in Congress or the executive branch.”
According to experts, the Chinese hack everybody. They hack major corporations and steal trade secrets — attacks against Google, Apple, the Wall Street Journal and the New York Times have been publicized in recent years. They hack lowly individual dissidents. They hack, or attempt to hack, major agencies in the U.S. government, including the Pentagon, CIA and White House and most certainly the Department of Commerce. Given the byzantine ways of the Chinese government, they almost certainly hack each other as well.
The natural response to such a discovery is outrage, and to some degree that outrage is justified. It is, at some level, a violation of our national sovereignty. But it gets complicated because China is hardly alone. A lot of other countries are aggressive about hacking into overseas computer networks, including the Israelis, the French and the Russians.
Oh, and the Americans too. It would be naive in the extreme to believe that the U.S. government isn’t running cyber-spying operations of its own. Those operations probably don’t extend to efforts to steal commercial secrets of foreign companies so that data can then be handed to U.S. companies, which the Chinese and other governments do. But on issues of national security, we are no doubt just as invasive as anybody else.
In other words, while everybody is a victim in this thing, everybody is also a villain. Nobody’s clean.
It’s also important to distinguish between cyberspying and cyberwarfare. If you can penetrate a highly sensitive computer network and steal data, you may also be able to do great damage to that network at a time of your choosing.
As President Obama put it in his State of the Union address:
“We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
And again, it would be naive to believe that the U.S. government is not building similar capacity to bring down important computer networks in other countries, just in case it’s needed. In this game, like any other, you need to be able to play offense as well as defense.
To handle such duties, in 2010 the Defense Department created the U.S. CyberCommand, which is now slated for a major expansion. Eighty percent of the thousands of new personnel to be devoted to the effort will be military; 20 percent will be civilian experts. In fact, some of that expanded operation may be headquartered right here in Georgia, at Fort Gordon outside Augusta. That would be a big economic boost to the state, given the potential high-tech spinoffs from such an operation.
In other words, what we’re witnessing is a quiet, high-stakes state of virtual warfare that will be permanent and escalating.
– Jay Bookman