China’s Cyber Strategy – Too Much or Too Little?

Tuesday, January 10, 2012

Joel Harding

94ae16c30d35ee7345f3235dfb11113c

Over the past few years anyone working in the cyber defense industry has been inundated with stories of Chinese intrusions into government computer networks. We’ve been overwhelmed with a virtual tsunami of reports of seemingly Chinese government approved incursions into sensitive networks all over the world.

One of the best and earlier reports relating the widespread efforts to penetrate and gather information was the GhostNet report released by the Information Warfare Monitor, a joint initiative between the SecDev Group and the Citizen Lab, in March 2009.

One of the latest publicized penetrations has been in the US Chamber of Commerce, which was a long term penetration suspected of ties to the Chinese government.

That the Chinese government seems to be systematically penetrating corporate and government system in order to steal corporate and government secrets is not really the issue.  This appears to be an accepted fact by seniors throughout the community, after talks in which I have participated within the past week.  The issue is how to address the problem. 

Whenever the US government approaches the Chinese government, they receive a positive response, basically a statement that the Chinese government will handle the problem. Then the problem shifts and yet another issue is surfaced, another penetration, another incursion, another theft of intellectual property, a disclosure of trade secrets, another trove of sensitive documents copied. US corporations alone have lost billions of dollars of intellectual property. 

Faith in the abilities of our government to protect us from these massive incursions are beginning to look like a successful unconventional guerrilla war, where the guerrillas are seeking to make the indigenous population lose faith in the government.  As a former Special Forces soldier, I recognize this.  Does our government?

Obviously the US government is somewhat bothered by this massive onslaught, they have raised this issue in varied forums.  Secretary Clinton has responded to Chinese cyber attacks on Google, but the administration has not adequately addressed the ongoing systemic problem. One has to ask, is the problem too big to grasp or too small to address?

At one point I thought the proper way to describe the problem was from the Chinese form of torture called “Death of a thousand cuts” or Ling Chi (), which was outlawed in 1905. Over the course of three days, 3,600 cuts would slowly remove various parts of the body, lengthening the process so the torture was extreme, ongoing, and excruciating.

There are two problems with this comparison.  The first is that in this form of torture, the eyes are first removed, whereas we have our eyes to see the ongoing abuse of our and other systems. The second problem is this torture has grossly exceeded three days.

When and how are we going to say “enough”?

Cross-posted from To Inform is to Influence

Possibly Related Articles:
14345
Network->General
Military
China Security Strategy Government Cyberwar Cyber Security Espionage hackers Information Warfare SecDev Joel Harding
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.