Search
Login

Information is still coming out about the damage done by  Chinese hackers who penetrated the networks of the White House Office of Personnel Management, thus potentially gaining access to confidential files on 14 million current and former federal employees and others. I would not go quite as far as Noah Rothman did to describe this as a  Pearl Harbor-type attack because it was not designed to inflict physical or even cyber-damage. But it was bad enough. This was a brazen intelligence-gathering operation that will in all probability give the Chinese intelligence service an unprecedented amount of information about people in positions of influence in the U.S. government—information that can only be used for nefarious purposes.

Lawmakers are predictably and rightly giving OPM representatives a hard time for not doing a better job of protecting their systems. But of course the problem goes well beyond one federal office. There are few American institutions, public or private, that have been immune from cyber attacks, and the threat is only getting worse. Potentially one day we could even see a true “cyber Pearl Harbor” if an enemy captures or crashes vital computer networks needed for such functions as air traffic control or banking.

 

The problem is that the threat has thus far exceeded the response. As with most security threats there has to be both a defensive and an offensive response. Yet we have no gotten serious about either side of the cyber equation.

When it comes to cyber defense, Congress has bowed to lobbying from private firms that are loathe to share any information with the federal government, and especially with the military’s Cyber Command and NSA, which have the most sophisticated computer capabilities in the government. The only way that we will improve our defenses, both for the government and the for vital civilian infrastructure, is by giving our top cyber-warriors more access to networks that need to be defended. This will outrage Edward Snowden and his ilk, but it is no more offensive or any less necessary than the security measures we agree to endure as the price of flying. Some loss of liberty is necessary for security, whether in the “real” world or the virtual world. That doesn’t mean losing all privacy but certainly we need to give the government more ability to safeguard important networks. We should be more worried about intrusions from lawless Russian or Chinese hackers than from the NSA’s cyber-warriors who operate under tight safeguards within the rule of law.

No defense is ever going to be perfect, however, whether in protecting against missiles or viruses. We can’t count on missile defense to be foolproof; that’s why we developed the doctrine of mutual assured destruction to deter Soviet nuclear attack. There is a similar need for enhanced deterrence in the cybersphere. Quite simply, as this 2013 Council on Foreign Relations Task Force suggested, “offensive capabilities are required to deter attacks, and, if deterrence fails, to impose costs on the attackers.”

President Obama has recently recognized the need for greater deterrence by signing an executive order that gives the federal government the ability to impose financial and other sanctions on individuals and entities that are judged responsible for the worst cyber-attacks. This is a good start, although much will depend on the willingness of the administration to use this tool—and odds are the U.S. won’t be imposing economic sanctions on the government of China anytime soon in response to cyber-attacks. Heck we haven’t even imposed sanctions on North Korea following the attack on Sony Pictures late last year.

A more proportionate and low-profile response could well be more feasible: If the Chinese attack our networks, we should attack theirs, thereby raising the cost of their actions and forcing them to think twice about whether this is a profitable activity to engage in. As the Stuxnet virus should have shown, U.S. capabilities in offensive cyber operations, although veiled, are second to none. If we are willing to retaliate for cyber attacks in kind, there is certainly a risk of unwelcome fallout. But there is a risk in any kind of action. That should not prevent us from acting. The greatest risk of all is to continue doing little, allowing our enemies to attack our computer networks with impunity.

Letter
+ A A -
You may also like
Close
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied