Google's surprise announcement of "a highly sophisticated and targeted attack" on its systems--a case of computer-aided espionage--has also raised the specter of offensive warfare. Defense News quotes Adm. Robert Willard of U.S. Pacific Command as declaring that "the skills being demonstrated" by Chinese hackers in the service of "exfiltrating data"--a fancy way of saying "spying"--are also relevant to "wartime computer network attacks."
If that's not alarming enough, last week, Gerald Posner added a new entry in the annals of hype in a piece he wrote for the Daily Beast: "While Google weighs exiting China, a classified FBI report says [Beijing] has already developed a massive cyber army [that is] attacking the U.S. with 'WMD-like' destruction capabilities."
In the last few years, it's become almost a rite of passage among federal employees to have their computer networks partially shut down for days or weeks after an intrusion, usually (but not always) attributed to China."
Posner's assessment is clearly excessive. But recent years have seen a growing tendency to treat "the cyber threat" as a "strategic" problem, sparking an interest in "cyber deterrence." U.S. Strategic Command even appears to have incorporated computer network attacks into the existing U.S. nuclear declaratory policy, based on the idea of "calculated ambiguity." Last May, Gen. Kevin Chilton of STRATCOM told journalists, including the Global Security Newswire's Elaine Grossman, "You don't take any response options off the table from an attack on the United States of America," including a cyber attack.
When "cyber attack" means a form of spying, General Chilton's statement will come across as extreme. But it's certainly possible that the ability to compromise computers will play a role in future war-fighting. (Aaron Mannes and James Hendler identified some realistic possibilities in a Washington Times op-ed last August.) Still, let's keep the matter in perspective: If the United States were ever to get into a shooting war with another nuclear weapon state, cyber attacks would be the least of anyone's worries.
The Google Affair underscores that there is a different sort of "strategic" cyber threat. Today's issues of global concern hinge in large part on the state of U.S.-Chinese relations: stabilizing the world economy in the wake of the fiscal crisis, shoring up the nuclear nonproliferation regime, and achieving effective cooperation to forestall the worst effects of climate change, to name the most salient issues. And let's be blunt: Pervasive spying via the internet is harming China's relations with the United States.
In the last few years, it's become almost a rite of passage among federal employees to have their computer networks partially shut down for days or weeks after an intrusion, usually (but not always) attributed to China. Everyone from the Office of the Secretary of Defense to the Commerce Department has been a target. And in certain circles, there are few computing experiences more familiar and less delightful than receiving the dreaded socially engineered e-mail attack--an authentic-looking message, seemingly from a known person, but with a nasty PDF attachment.
In other words, not every intrusion of this type is as systematic and well-planned as the December 2009 raid on Google, Adobe, and other U.S. firms. Any American who works on Asia-Pacific security issues or has an interest in human rights in China has probably been aware of the problem for some time. If they haven't received an e-mail probe personally, chances are good they will know someone who has.
The damage to goodwill has been considerable. It isn't shocking that one major power spies on another, or necessarily even intolerable. As the saying goes, "It's all in the game." But the game has never been friendly, and there's something breathtakingly crude about how it's being played today. The attempt to capture as many computers as possible is aggressive and indiscriminate, reaching into the lives of private citizens in the United States and beyond. In a particularly insidious turn, the spies have been known to take advantage of professional contacts between Americans and Chinese in order to assemble convincingly spoofed messages and to mine e-mail address books for targets.
All of this effort is aimed at getting the targets to open the attachments. No serious attempt is made to cloak where the attacks are coming from, should a fake message be spotted. That's especially striking in contrast to the technical and social sophistication of the probes.
These practices are, quite frankly, abusive and uncivilized. And the mechanical denials of Chinese officials do as much harm to the country's image as the scattershot spying itself, if that's possible. As it happens, spying is not the same as warfare. But it does harm regardless.