Is China responsible for the attacks on America’s government and defense contractor computer networks? The Pentagon says yes. China, not surprisingly, is crying foul, claiming that the United States is the “real hacking empire.”
There is definitely a war of words and lots of finger pointing going on here, but is there really a threat of cyberespionage between the two countries?
The answer to that is probably yes, but no more than there was before. After all, China has long been suspected of hacking into American computer networks. What makes this particular Pentagon report front page news is that the government has never been so forthright about pinning blame on the Chinese military.
A CSO article asked whether the Pentagon report actually indicates that cyber retaliation will be launched. I think we would be naïve if we didn’t think the U.S. wasn’t already involved in cyberoperations against China. However, the article pointed out something that I think is very important, and likely the real push behind the Pentagon report:
The advantage of having high-level administration officials discuss the problem publicly is it builds awareness among private industry, said Ron Gula, chief executive of network security company Tenable and a former penetration tester in the National Security Agency. Many companies do not direct enough resources toward security, unless to meet regulatory requirements.
We know that the White House is pushing for a greater level of cybersecurity and the need for the private sector to be on board. HBGary’s CSO, Jim Butterworth, explained to me why enterprise needs to have this discussion about possible Chinese cyberespionage:
Motivated attackers, including nation-states, are essentially equalizing America’s ability to compete and succeed in a free enterprise global marketplace by seizing the core intellectual property and know-how that we’ve so heavily invested in as a nation. They can enter a marketplace at a fraction of the cost and time, oftentimes as a result of not having to recoup the initial investment in R&D, testing, manufacturing, etc. Any organization or company, in any industry, is a potential target. At HBGary, for example, we consistently see attackers moving freely up, down and laterally among small to mid-size companies that are the innovators that free enterprise requires.