Alleged China attacks could test U.S. cybersecurity policy
But what the government can really do remains unclear
Computerworld - The attacks on Google and more than 30 other Silicon Valley companies by agents allegedly working for China is focusing renewed attention on the issue of state-sponsored cyber attacks and how the U.S. government should respond to them.
The U.S. has no formal policy for dealing with foreign government-led threats against U.S. interests in cyberspace. With efforts already under way to develop such a policy, the recent attacks could do a lot shape the policy and fuel its passage through Congress.
In a revelation that was surprising for its boldness, Google on Tuesday said that agents possibly working on behalf of the Chinese government had hacked into its computers -- and those of more than 30 other multi-national companies. Also hit: Adobe.
This is not the first time Beijing has been accused of state-sponsored espionage. Over the past five years, China has been implicated in dozens of attacks involving U.S. commercial, government and military targets. The most sensational of these involved a Chinese hacking group called Titan Rain, which in the early 2000s is believed to have stolen U.S. military and nuclear information.
For the most part, the official U.S. response to the attacks amounted to little more than expressions of outrage and protest by lawmakers. On Tuesday, Secretary of State Hilary Clinton released a statement asking the Chinese government for an explanation for the attacks, which raised "very serious concerns and questions." On Wednesday, Sen. Joseph Lieberman (I-Conn.), the chairman of the Senate Homeland Security and Governmental Affairs Committee, said that attacks like the one against Google must be confronted "aggressively and with all available means."
"The official response will be, 'We are highly upset about this and we demand you stop it,'" said Ira Winkler, president of the Internet Security Advisors Group. (Winkler is also the author of Spies Among Us and a Computerworld columnist.) "The reality of the situation is we are screwed. The political reality is that China, in large part, is funding the U.S. deficit. We have no leverage.
"We just can't cut China off," he said.
Articulating a response to government-led cyber attacks isn't easy.
"We have to keep one thing in mind -- it is extremely difficult to attribute a cyber attack to a foreign government," said Greg Nojeim, senior counsel at the Center for Democracy and Technology (CDT), a Washington-based think tank. "There is often a lack of certainty in that regard that makes it really difficult to decide what kind of response to make."
And even if the evidence is there, it's futile to launch any kind of cyber-retaliation, he said. "That's something that should be off the table. You don't want to have a cyberwar where you fight fire with fire. That could burn the whole house down."
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts