(4/2013) While driving to work at Andrews Air Force Base in February, I was surprised to encounter a flood of traffic leaving the
base and being greeted by non functioning traffic signals. It was a real challenge to get past the exiting vehicles, and when I arrived at the Main Gate I could see there was no electricity and automated, traffic control
indicators. Once past the gate guards, Military Police were directing traffic and sirens were blaring constantly. All power and telephones were out at the main buildings.
The problems lasted a little over an hour and all but the most secure areas lacked, back-up generators and most were relying on cell phones for external communication. When the lights finally came back on
we all had a good laugh, but what if they hadn't? I mean this was Joint Base Andrews. A major transportation link for the President, his Cabinet and foreign dignitaries between D.C. and the outside world.
If this event had been caused by some type of a "cyber" attack, it appears there is little that could have been done to cope with it. A week after the Andrews event, Pentagon officials openly declared
that the U.S. "could be devastated by a cyber assault if businesses and governments don't act now" to defend themselves.
House Intelligence Committee Chair, Mike Rogers (R. Michigan) said on February 16th, that there was a need for private companies, who are also in the hackers’ crosshairs, to share their concerns. That a
concerted, coordinated effort was needed to defend against cyber attacks being mounted by private individuals, organizations and foreign governments. Rogers noted that there has "grown an exponential threat both in terms of its
volume and the damage it is doing to our economic future."
A GAO report at about the same time claimed that documented, cyber security threats have jumped from 5503 incidents in 2006 to 48,562 in 2012. The report stated the attacks had put "sensitive information
at risk (jeopardizing) federal and military operations, critical infrastructure, and the confidentiality, integrity, and availability of sensitive government, private sector, and personal information." It suggested developing
controls. Others were more specific as to the source and effective action to be taken to counter this contemporary threat.
A U.S. security firm, Mandiant, claimed on 20 February, that it had traced (relevant) hacking activity to the Chinese, People's Liberation Army (PLA)
Unit 61389, that had systematically stolen hundreds of terabytes of data from at least 141 organizations." PLA Unit 61389 is based in Shanghai, China.
In a February 22nd "Washington Post" article, former CIA director Michael Hayden announced that the U.S. was "almost defenseless" against cyber attacks, and revealed that "almost all Washington
institutions have been penetrated by Chinese cyber spies. Law firms, think tanks, news organizations, human rights groups, corporations, Congressional offices, embassies, and Federal agencies," have all leaked data to the east.
China vehemently denies stealing data from computers or attacking them in such a way as to threaten life, property, or livelihood. Chinese Defense Ministry spokesman Geng Yansreng went on to claim that,
in 2012, "the Defense Ministry and Chinese, military online websites were hacked on an average of 144,000 times a month". The U.S. was thought to be responsible for 62% of these attacks.
Hayden suggests economic sanctions, which might be forthcoming, would do little to damage the American trade balance which is routinely in the red against that rising power. China does finance much of our
debt, and the PLA actions are certainly viewed by U.S. policy makers through that prism. The "war of words" is continuing, and even includes allies such as Germany’s Military Intelligence Chief Ulrich Birkennheim, to admit in a
rare interview, that one of his main challenges "was to protect defense projects from industrial espionage by the Russian and Chinese secret services." He identified the threat, but didn't indicate any, overt or covert actions
to counter it. This seems to be the norm while policy makers there and in other developed and less developed nations grapple with how to deal with the new concern.
The need to protect domestic government interests are clear. What is less clear is how to protect vital commerce from attack without taking sides in what would otherwise be free market competition. Does
helping one producer unfairly hurt its competitors? This has led to a "red line" which distances the U.S. and other relatively, transparent governments from thwarting economic espionage, and concentrating on broader national
interests such as infrastructure.
The free market depends on a strong government to ensure competition and provide services such as printed money or physical infrastructure to include roads, dams, and bridges. No single company can offer
such essentials, but all ultimately need them!
Advanced economies have come to depend on computers for their very existence and survival. They have, however failed to adequately protect these valuable machines from domestic and foreign aggression. A
lapse that could prove devastating if not addressed.
As Michael Hayden concluded "America is almost defenseless to cyber attacks, and should hold China accountable." Hopefully it won't take a 9/11- type event to bring this view to reality!
Read past editions of Ralph Murphy's Common Cents