[Vision2020] How China Steals Our Secrets

Tue Apr 3 08:25:59 PDT 2012

  [image: The New York Times] <http://www.nytimes.com/>

------------------------------
April 2, 2012
How China Steals Our Secrets By RICHARD A. CLARKE

Washington

FOR the last two months, senior government officials and private-sector
experts have paraded before Congress and described in alarming terms a
silent threat: cyberattacks carried out by foreign governments. Robert S.
Mueller III, the director of the F.B.I., said cyberattacks would soon
replace terrorism as the agency’s No. 1 concern as foreign hackers,
particularly from China, penetrate American firms’ computers and steal huge
amounts of valuable data and intellectual property.

It’s not hard to imagine what happens when an American company pays for
research and a Chinese firm gets the results free; it destroys our
competitive edge. Shawn Henry, who retired last Friday as the executive
assistant director of the F.B.I. (and its lead agent on cybercrime), told
Congress last week of an American company that had all of its data from a
10-year, $1 billion research program copied by hackers in one night. Gen.
Keith B. Alexander, head of the military’s Cyber Command, called the
continuing, rampant cybertheft “the greatest transfer of wealth in
history.”

Yet the same Congress that has heard all of this disturbing testimony is
mired in disagreements about a proposed cybersecurity
bill<http://www.govtrack.us/congress/bills/112/s2105/text>that does
little to address the problem of Chinese cyberespionage. The
bill, which would establish noncompulsory industry cybersecurity standards,
is bogged down in ideological disputes. Senator John McCain, who dismissed
it as a form of unnecessary regulation, has proposed an alternative
bill<http://commerce.senate.gov/public/?a=Files.Serve&File_id=e1244f6d-24ac-44b0-872e-61e1ce6509e6>that
fails to address the inadequate cyberdefenses of companies running the
nation’s critical infrastructure. Since Congress appears unable and
unwilling to address the threat, the executive branch must do something to
stop it.

In the past, F.B.I. agents parked outside banks they thought were likely to
be robbed and then grabbed the robbers and the loot as they left. Catching
the robbers in cyberspace is not as easy, but snatching the loot is
possible.

General Alexander testified last week that his organization saw an inbound
attack that aimed to steal sensitive files from an American arms
manufacturer. The Pentagon warned the company, which had to act on its own.
The government did not directly intervene to stop the attack because no
federal agency believes it currently has the authority or mission to do so.

If given the proper authorization, the United States government could stop
files in the process of being stolen from getting to the Chinese hackers.
If government agencies were authorized to create a major program to grab
stolen data leaving the country, they could drastically reduce today’s
wholesale theft of American corporate secrets.

Many companies do not even know when they have been hacked. According to
Congressional testimony last week, 94 percent of
companies<http://online.wsj.com/article/SB10001424052702304177104577307773326180032.html>served
by the computer-security firm Mandiant were unaware that they had
been victimized. And although the Securities and Exchange Commission has
urged companies to reveal when they have been victims of cyberespionage,
most do not. Some, including Sony, Citibank, Lockheed, Booz Allen, Google,
EMC and the Nasdaq have admitted to being victims. The government-owned
National Laboratories and federally funded research centers have also been
penetrated<http://seattletimes.nwsource.com/html/localnews/2015528333_apwanationallabcyberattack2ndldwritethru.html>.

Because it is fearful that government monitoring would be seen as a cover
for illegal snooping and a violation of citizens’ privacy, the Obama
administration has not even attempted to develop a proposal for spotting
and stopping vast industrial espionage. It fears a negative reaction from
privacy-rights and Internet-freedom advocates who do not want the
government scanning Internet traffic. Others in the administration fear
further damaging relations with China. Some officials also fear that
standing up to China might trigger disruptive attacks on America’s
vulnerable computer-controlled infrastructure.

But by failing to act, Washington is effectively fulfilling China’s
research requirements while helping to put Americans out of work. Mr. Obama
must confront the cyberthreat, and he does not even need any new authority
from Congress to do so.

Under Customs authority, the Department of Homeland
Security<http://topics.nytimes.com/top/reference/timestopics/organizations/h/homeland_security_department/index.html?inline=nyt-org>could
inspect what enters and exits the United States in cyberspace.
Customs already looks online for child pornography crossing our virtual
borders. And under the Intelligence Act, the president could issue a
finding that would authorize agencies to scan Internet traffic outside the
United States and seize sensitive files stolen from within our borders.

And this does not have to endanger citizens’ privacy rights. Indeed, Mr.
Obama could build in protections like appointing an empowered privacy
advocate who could stop abuses or any activity that went beyond halting the
theft of important files.

If Congress will not act to protect America’s companies from Chinese
cyberthreats, President
Obama<http://topics.nytimes.com/top/reference/timestopics/people/o/barack_obama/index.html?inline=nyt-per>must.

Richard A. Clarke <http://www.richardaclarke.net/bio.php>, the special
adviser to the president for cybersecurity from 2001 to 2003, is the author
of “Cyber War: The Next Threat to National Security and What to Do About
It.”

 Ghostery has found the following on this page:Facebook Connect
WebTrends

-- 
Art Deco (Wayne A. Fox)
art.deco.studios at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/vision2020/attachments/20120403/7e03e8c2/attachment.html>