So what's new in the Defense Department's new report about Chinese military capabilities? The biggest news seems to be that the Pentagon is actually saying that Chinese-military hackers are attacking its networks. Not that this should be news to readers of Killer Apps.
The report states that numerous U.S. government computer systems around the world are being "targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military." It goes on to say that China is using cyber espionage to collect intelligence on U.S. diplomatic, economic, and "defense industrial base sectors that support U.S. national defense programs."
The same skills being used by Chinese cyberspies to steal information could easily be used in a destructive attack against U.S. networks, the report points out.
Preventing cyber espionage and cyber attacks is "a consequences calculation and the consequences aren't there," said one Senate staffer who works on cyber issues. For "everybody from your common hacker to your professional hacker to the nation states, the consequences aren't there" to deter these kinds of actions.
He went on to compare the current era of cyber espionage to the "Napster days" of free music downloading.
"There was nothing that was going to deter college-age students from ripping off music until there was a consequence that was associated with it and the RIAA [Recording Industry Association of America] had to go out there and start suing," said the staffer.
Richard Bejtlich, chief security officer at Mandiant, thinks that while it's important for the U.S. government to call out the Chinese government's bad behavior, it's going to take more than harsh language to deter state-backed cyber espionage. (Remember, Mandiant is the firm that published a report in February detailing the exploits of what is believed to be a PLA hacking unit against worldwide targets, including the U.S. government.)
"It's important for noncommercial, government entities like DOD to make definitive statements on Chinese cyber capabilities," Bejtlich told Killer Apps. However, "because the Chinese consider espionage a tool for economic development, and the economy is one of their top national security concerns, they will not change course if the U.S. only complains with words. They are more likely to constrain their behavior if the U.S. imposes specific sanctions and exercises all elements of national power."
Bejtlich's comments echo those of Rep. Mike Rogers, chair of the House Intelligence Committee who has repeatedly urged the State Department to impose sanctions on any foreigner found to aid cyber espionage against the United States government or businesses.