Last week, I blogged about a speech made by Michael Chertoff, head of the Department of Homeland Security (DHS) at the RSA Convention in San Francisco. Chertoff called for a "Manhattan Project" to confront threats to international cyber security. The post cited reports that President Bush in January signed a law greatly increasing the government's investment in such steps.
The depth of the danger to which Chertoff referred is evident in this long BusinessWeek report on cyber threats faced by our government. It notes an "unprecedented rash" of cyber crimes in recent years, including almost 13,000 "incidents" during the past fiscal year alone. Moreover, the attacks are in many cases extraordinarily sophisticated and launched by foreign nations. A former official is quoted as saying that it is "espionage on a massive scale."
The People's Republic of China is thought to be the leading source of the attacks. If so, the most current news is no surprise: Several sources say attacks against pro-Tibetan sites have increased. Wired says these attacks have been evident since 2006, but that activity has spiked in parallel with the recent clash between the two nations.
Larry Seltzer at eWEEK sums up longer pieces in The Wall Street Journal and Daily Tech that say that the U.S. military and entities to which it is connected, such as think tanks and manufacturers, are increasingly under attack. Significantly, Seltzer says the Chinese are suspected in the attacks, but indicates that officials stop short of an outright accusation.
Indeed, there seems to be universal agreement that China is the main culprit. The BusinessWeek article is simply the most recent and detailed indictment. In this Foreign Affairs interview, Richard Clarke, a counter terrorism advisor to President Clinton and the current President Bush, says that the Chinese government has authored "many, many" penetrations. Clarke acknowledges the dangers of a "digital Pearl Harbor," but seems more concerned about the corrosive impact of more subtle intrusions. The target of such attacks, he says, is valuable information from pharmaceutical, bioengineering and other high tech industries. This background story in The New York Times offers a good overview of cyber threats. The piece begins by discussing perhaps the highest-profile case of cyber warfare on record. Last spring, the Estonian government moved a statue commemorating Red Army activities during World War II. Russian nationalists were angry and launched denial of service attacks against multiple governmental and industry sites in the Baltic nation. The most interesting element of the comprehensive story is the description of the United States' offensive capabilities. Indeed, solely blaming the Chinese the for cyber tensions between nations is simplistic and, moreover, inaccurate.
The BusinsssWeek piece culminates what seems like an increasing level of awareness of just how insecure we are. The dangers are twofold: Though Clarke objects to the term "digital Pearl Harbor" because it implies that the only danger is a massive event, that danger does exist. But there are more subtle dangers -- some of which reach out to commercial interests -- that pose just as grave a threat to our national security.