Longtime public servant and cyber security advocate Richard Clarke has penned a rousing call to arms regarding the state of America’s cyber security stance and the growing threats posed by Chinese cyber excursions.
Clarke, who served as an advisor on national security issues for three administrations, likens the current level of threat to critical networks posed by Chinese state-sponsored hacking to those of tangible physical threats of a more conventional nature.
"What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a government response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government," Clarke writes.
Clarke says that high ranking U.S. government officials are more than aware of the escalation of Chinese hacking operations aimed at stealing the corporate intellectual property and trade secrets that fundamentally fuel our economy and ensure future prosperity.
"Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America’s advantage," Clarke warns.
Recent reports link Chinese hackers to a multitude of operations directed at government and private enterprise targets, including:
The largest and perhaps most damaging operation in recent years were the Aurora attacks which targeted an unknown number of large firms, including Adobe, Northrop Grumman, Dow Chemical, Morgan Stanley, and most famously Google.
"Aurora wasn’t an isolated event. This month Google renewed its charge against China, noting that the Gmail accounts of senior U.S. officials had been compromised from a server in China. The targeting of specific U.S. officials is not something that a mere hacker gang could do," said Clarke.
Clarke also gives a strong indication the he believes China was ultimately behind the network intrusion at EMC’s security division RSA. The attack is believed to have been orchestrated on order to compromise RSA’s SeucrID product, which is used to prevent unauthorized access to netowrk systems, and is used by the government, military, financial, enterprise, healthcare and insurance companies.
"Recently the computer-security company RSA (a division of EMC) was penetrated by an intrusion which appears to have stolen the secret sauce behind the company’s SecureID. That system is widely used to protect critical computer networks. And this month, the largest U.S. defense contractor, Lockheed, was subject to cyberespionage, apparently by someone using the stolen RSA data. Cyber criminals don’t hack defense contractors—they go after banks and credit cards. Despite Beijing’s public denials, this attack and many others have all the hallmarks of Chinese government operations," Clarke asserts.
Clarke saves his harshest condemnation for U.S. government officials for the lack of leadership being displayed in regards to mitigating and combating cybersecurity threats, and urges lawmakers to step up efforts to secure America’s cyber defensive posture.
"Congress hasn’t passed a single piece of significant cybersecurity legislation. When the Chinese deny senior U.S. officials’ claims (made in private) that Beijing is stealing terabytes of data in the U.S., Congress should not leave the American people in doubt," Clarke stated.
Clarke is the author of the widely acclaimed book Cyber War, which was published in 2010.