How China Steals Our Secrets (Updated)
In the New York Times, Richard A. Clarke, the special adviser to President Bush for cybersecurity from 2001 to 2003, calls on President Obama to take more forceful measures to tackle cyber espionage, especially that originating from China:
If given the proper authorization, the United States government could stop files in the process of being stolen from getting to the Chinese hackers. If government agencies were authorized to create a major program to grab stolen data leaving the country, they could drastically reduce today’s wholesale theft of American corporate secrets.
Many companies do not even know when they have been hacked. According to Congressional testimony last week, 94 percent of companies served by the computer-security firm Mandiant were unaware that they had been victimized. And although the Securities and Exchange Commission has urged companies to reveal when they have been victims of cyberespionage, most do not. Some, including Sony, Citibank, Lockheed, Booz Allen, Google, EMC and the Nasdaq have admitted to being victims. The government-owned National Laboratories and federally funded research centers have also been penetrated.
Because it is fearful that government monitoring would be seen as a cover for illegal snooping and a violation of citizens’ privacy, the Obama administration has not even attempted to develop a proposal for spotting and stopping vast industrial espionage. It fears a negative reaction from privacy-rights and Internet-freedom advocates who do not want the government scanning Internet traffic. Others in the administration fear further damaging relations with China. Some officials also fear that standing up to China might trigger disruptive attacks on America’s vulnerable computer-controlled infrastructure.
But by failing to act, Washington is effectively fulfilling China’s research requirements while helping to put Americans out of work. Mr. Obama must confront the cyberthreat, and he does not even need any new authority from Congress to do so.
Update: On his blog, Gen Kanai responds to Clarke’s proposal:
If this proposal is not basically an identical copy of what the Chinese government has set up in with their Great Firewall of China, I don’t know what it is.
US businesses need to take responsibility for securing their own servers, documents and networks. That they have not done so to date is their own fault.
The proposal to give the US government the right/ability to scan/filter the Internet is not only like trying to filter the entire ocean to catch a few fish (i.e. the wrong way to do it), it’s also asking the government to provide Internet security for US commercial businesses (which they should do on their own, not on the US taxpayer’s dime.)
A future that Richard Clarke wants for the US is a mirror image of what China has created today with the Internet in China. That he does not see the irony in this vision is probably the most troubling aspect of his op-ed as well as his “special adviser to the president for cybersecurity” role.