The China Syndrome

Chinese hacking exploits became mainstream news over the past few months leading up to last week’s meeting between U.S. President Obama and Chinese President Xi Jinping. While cybersecurity was a primary topic however, there was no breakthrough deal coming out of the tete-a-tete. The two countries did agree to work together on cybersecurity issues in the future.With no concrete progress, China is bound to remain a poster child as a cyber adversary here in the U.S.A but those of us who live in cybersecurity have known about Chinese cybersecurity activities for years. Why the recent demonization? Clearly cybersecurity issues have become more visible and it has been suggested that Chinese hackers were involved in breaches at the NY Times, Wall Street Journal, and both Democratic and Republican computers during the 2008 election. There was also the damning Mandiant paper which fingered a unit of the Chinese military down to street addresses and buildings. No doubt there is an electronic paper trail of evidence pointing toward nefarious cyber behavior out of Beijing and it was important for President Obama to address this in his recent summit. That said, I believe it is somewhat counterproductive for the cybersecurity community to demonize China as a cyber “evil empire” for several reasons:1. Remember that the U.S. has been active in cyber espionage for a long time. Given the post 9/11 Bush doctrine (“To forestall or prevent such hostile acts by our adversaries, the United States will, if necessary, act preemptively in exercising our inherent right of self-defense.”), it’s likely that the DoD, CIA, and other intelligence agencies were quite active in these types of activities in the early 2000s. And what about the domestic spying of the NSA? It’s hard to cry foul if the rest of the world assumes that the U.S. remains on the offensive. 2. China isn’t alone. Cyber espionage, organized crime, and hacktivism are all global activities coming from nation states, loosely-organized cells, and angry cyber nerds. The combination of “canned” exploits, network resources, and a growing population of global computer science knowledge will only exacerbate this situation.3. Someone still has to get hacked. When discussing Chinese cyber espionage, many people will point to a hacking incident involving Lockheed Martin and the costly F-22 fighter jet (roughly $339 million per plane). Apparently Chinese hackers penetrated Lockheed’s network and stole highly classified engineering data about this top-secret aircraft. Of course we should be upset with China if this is true but shouldn’t we be equally angry at Lockheed for leaving its cyber doors unlocked? In fact, shouldn’t Lockheed and others be accountable when this hush-hush kind of stuff is breached? Somehow this detail never seems to get mentioned.I’m not suggesting for a moment that China isn’t poking around as an uninvited guest on numerous networks. Lots of my security intelligence contacts assure me that it is. I’m merely saying that an obsession with China may be counterproductive. Nation states and individual hackers are finding it all too easy to break into U.S. networks, discover and steal valuable data, and get off scot free. Let’s let the government sort out issues with China while the rest of focus on improving our cyber defenses. Lord knows they need the attention.