ONE OF the biggest difficulties in building America’s defenses against predatory computer hacking is that relatively few people seem to take it seriously, as if it’s the work of a few nerdy high schoolers and merry pranksters. Recent news about systematic computer espionage by the Chinese military should serve as a wake-up call about this critical national security threat.
The government and major corporations have long been reluctant to acknowledge major computer security breaches. What good are the billions of dollars they’ve spent to beef up security if hackers still manage to get through? Col. Cedric Leighton, a retired Air Force intelligence officer, told Bloomberg News last month that hacking costs the United States up to $500 billion a year, yet Congress still lacks a sense of urgency about the threat.
This has to change. Evidence abounds that China and other nations have penetrated America’s best computer defenses and gained access to networks controlling air traffic, power grids, nuclear generators and classified Pentagon files. Corporations such as Apple, Google, The New York Times, Coca-Cola and Lockheed-Martin have acknowledged breaches.
So far, much of China’s probing appears aimed at mapping out how the pieces of the American puzzle fit together and finding shortcuts to duplicate American technology. American newspapers that report on China have been hacked in an apparent effort to identify reporters’ sources.
Foreign governments also want to know where our vulnerabilities lie. In the unlikely event of war, the first strike might not come in the form of a nuclear launch but rather a stealthy shutdown of the infrastructure that makes America work. The United States conducts such activity, too, as was evident in the 2010 Stuxnet computer attack on Iran’s nuclear program.
China is very sensitive to hacking accusations, and the government denies any involvement. An investigation by Mandiant, a U.S. computer security firm, determined the Chinese military used diversionary tactics, such as entering via university network servers, to disguise its activities.
Use of university servers might not be coincidental. China is second only to Mexico in the number of U.S. immigrant visas issued, with 40,000 issued to Chinese citizens last year, according to the State Department. Chinese students form a disproportionately large share of the foreign student population and are second only to India in enrollment in science, technology and math specialties.
If there’s a chance that Chinese students are helping their government gain a spying foothold, the U.S. government would be justified in threatening to sharply curtail student and other visas unless Beijing comes clean and pledges to stop.
The threat from China is credible. Any retaliatory threat from the United States must be credible enough to ensure we have Beijing’s undivided attention.