The Blog

Cybersecurity: Still at the ‘ Closing the Barn Door After the Horse Has Bolted’ Stage

1:21 PM, May 13, 2013 • By KEN JENSEN
Widget tooltip
Single Page Print Larger Text Smaller Text Alerts

What does the White House’s objection (and, therewith, the Democratic Senate’s) really come down to? At whose expense personal information would be removed from attack reports, the government’s or the private sector’s? Apparently so. Billions of dollars at stake and we can’t figure out how to do information sharing, which, in itself, is no defense against cyber attack.

Given our performance with regard to CIPSA (which was rejected twice last year, too), it’s hard to get enthused about May 7th’s bipartisan Senate proposal to fight cyber theft, the Deter Cyber Theft Act, sponsored by Carl Levin, Jay Rockefeller, John McCain, and Tom Coburn. Levin said we need to hit those who commit cyberespionage in their wallets, “by blocking imports of products or from companies that benefit from this theft." Reuters says that the law would require an annual report listing the countries involved in cyberespionage and detail the kind of data the perpetrators were stealing. These lists could lead to the president blocking imports of certain products from those countries.

This would be a step in the right direction.

The trouble is one cannot be sure how the White House would react to the push to take such reprisals against offenders. All of its actions regarding the Chinese cyberthreat have been “let’s talk” timid. Yes, the administration has more than acknowledged China’s depredations, but that’s really as far as things have gone. The Chairman of the Joint Chiefs of Staff, Gen. Martin Dempsey, recently visited with Chinese general Fang Fenghui, and talked about setting up a cybersecurity “mechanism.” What does that mean? This seems to indicate that the administration is less interested in getting China to stop cyberattacks than it is in finding a compromise where no compromise ought to be seen as an outcome favorable to the United States. Remember: The Chinese want to regulate the Internet.

Since tougher administration rhetoric regarding China and cyber in March, the Chinese have done nothing to mitigate criticism. This was acknowledged in a May 6 Pentagon report openly blaming some Chinese cyber attacks directly on its government and military. The report also said that Chinese espionage “was designed to benefit its defense and technology industry into U.S. policy makers’ think about China.” Commentators have noted that the administration has never been this forthcoming before. They don’t particularly notice that there’s nothing new in the report that people who follow cyber haven’t known about for years. Actually, the report was far more interesting on Chinese investments in new ships and anti-access military systems aimed at keeping enemy ships out of any particular area of the sea.

And, by the way, if the Defense Department is so concerned about Chinese penetration of U.S. defense systems, as the report suggests, then how does it explain its recent $10.6 million contract with the Chinese for a year’s use of their Apstar-7 satellite for data communications purposes?

Meanwhile, there’s more bad cyber-related news in the financial sector. The recent hacking of the Associated Press that caused a tweet to go out reporting on explosions at the White House, while put down as an “annoyance” by the media, apparently instantly wiped $136 billion off the Dow Jones Industrial Average. The Dow came back, of course, but so what? It illustrates what cyber attack can do to the market, even if it’s not an attack on the market per se. Apparently, the AP attack was the work of the Syrian Electronic Army, by the way.

Recent Blog Posts