It’s good to see heightened interest in efforts by China, Iran and doubtless other nations and other organized groups to hack into the data central to the operations of the U.S. government and American industry.
Though indications are that considerable damage has been done and that the potential exists for catastrophic damage — a threat Defense Secretary Leon Panetta recently likened to a “cyber Pearl Harbor” — other indications are that we are beginning to “connect the dots.” The inability to connect another set of dots that were evident after the fact resulted in the terrorist attacks of Sept. 11, 2001.
Now, Americans who never heard of a U.S. company named Mandiant ought to be glad it exists. It’s a computer security firm, and since 2006, it’s been tracking multiple groups of Chinese hackers, some of which are sponsored by the People’s Liberation Army, that have been stealing data from scores of companies, most of them American, in all sorts of fields.
Mandiant says hundreds, even thousands, of well skilled cybersleuths operating out of a nondescript office building in Shanghai, are conducting corporate espionage and collecting all manner of trade secrets from financial institutions as well as utility, telecommunications, transportation and manufacturing companies.
China, of course, denies it. Its embassy said flatly that its government doesn’t engage in computer hacking. For good measure, a spokesman for the Chinese Foreign Ministry called Mandiant’s allegations “groundless.”
We don’t believe that, any more than we doubt that U.S. hackers are hard at work garnering secrets and probing for vulnerabilities in China’s government and major industries.
Meanwhile, given the awareness of hackers from other countries, we’d like to believe our government and business leaders are acting with appropriate urgency to protect our systems. As Secretary Panetta told business executives in New York, “This is a pre-9/11 moment. The attackers are plotting.”
And it’s not inconceivable that in the not too distant future, they could cause blackouts lasting weeks, create chaos in our banking system, shut down oil and gas pipelines and wreak other forms of havoc without firing a single shot. Given our dependency on all things electronic, it wouldn’t take long for widespread anxiety to mushroom into social disorder.
To his credit, President Barack Obama issued an executive order earlier this month calling for greater sharing of information about cyberthreats between the government and private firms associated with the electrical power grid and other elements of our infrastructure. And Congress is considering legislation pertaining to the protection of our infrastructure, though like so much else in Washington, consensus has proved elusive.
Cyberdefense is a relatively new arena for the United States and for other nations. We know enemy hackers are numerous, resourceful and relentless. Intercepting and stopping them before they hurt us isn’t as simple as it sounds. Still, knowing how dire the alternatives are ought to provide ample motivation.