The U.S. government is failing to safeguard American businesses from persistent and widespread online attacks emanating from China, former U.S. national security official Richard Clarke argues in The Wall Street Journal today.
"In private, U.S. officials admit that the government has no strategy to stop the Chinese cyberassault," Clarke wrote in an op-ed piece.
Actions being taken at the federal level are lopsided and insufficient, he argues:
Rather than defending American companies, the Pentagon seems focused on "active defense," by which it means offense. That cyberoffense might be employed if China were ever to launch a massive cyberwar on the U.S. But in the daily guerrilla cyberwar with China, our government is engaged in defending only its own networks. It is failing in its responsibility to protect the rest of America from Chinese cyberattack.
It's not just the Pentagon that's falling short, Clarke said: "Congress hasn't passed a single piece of significant cybersecurity legislation" despite private claims by senior U.S. officials that "Beijing is stealing terabytes of data in the U.S."
Richard Clarke was a U.S. government employee for 30 years. Under President George H.W. Bush, he was made counterterrorism security group chief and took a seat on the U.S. National Security Council. Under President Bill Clinton, Clarke was the national coordinator for security, infrastructure protection, and counterterrorism. After losing his position on the National Security Council under President George W. Bush, Clarke, then the special adviser to the President on cybersecurity, left the administration in 2003.
Feds investigate alleged attacks on Gmail accounts/a>
RSA to replace SecurID tokens following breaches
China linked to new breaches tied to RSA
Clarke became more widely known in American politics in 2004 when he released "Against All Enemies," a memoir on how administrations handled terrorism.
Over the last few years, Clarke has been especially outspoken on what he sees as the cyberwar being waged between China and the U.S.--a war that is becoming all the more heated.
In 2009, for instance, Google announced that it was the target of a hack that it claimed originated in China. The Internet giant said that the "highly sophisticated and targeted attack" led to the theft of key intellectual property, and also indicated that companies in the finance, technology, and chemical industries, among others, were targeted in the attack.
China denied claims that its government was behind the attacks.
More recently, Google was once again targeted. The company said that the personal Gmail accounts of top U.S. government officials and Chinese political activists, among others, were targeted with phishing attacks designed to gain access to the users' accounts. Google stopped short of blaming the Chinese government for the attacks, but said that they seemed to originate from Jinan, China, a known home to a Chinese government intelligence division.
Once again, the Chinese government claimed innocence. However, this time, it also took the opportunity to threaten Google for its allegations.
"Google should not become overly embroiled in international political struggle, playing the role of a tool for political contention," Chinese newspaper People's Daily read. "For when the international winds shift direction, it may become sacrificed to politics and will be spurned by the marketplace."
In March, meanwhile, RSA was targeted in an "extremely sophisticated cyberattack" that saw data related to its SecurID security platform stolen. SecurID is widely used by U.S. government agencies.
Following that breach, Lockheed Martin, Northrop Grumman, and other prominent U.S. government contractors were targeted in hacking attempts that appeared to use the stolen SecurID information. Lockheed claimed it was able to stop the attack before sensitive information was stolen, but it was forced to replace 45,000 SecurID tokens.
Though the companies stopped short of blaming China for the attacks, security experts speaking to CNET earlier this month on the matter didn't.
"There is a massive espionage campaign being waged by a country," Rich Mogull, chief executive of Securosis said to CNET about China. "It's been going on for years, and it's going to continue."
That's a sentiment that Clarke clearly agrees with. And he goes so far to say that top U.S. government officials know for sure that China is behind such attacks.
"Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations," Clarke wrote in today's Wall Street Journal piece. "Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans."
The U.S. government may be getting closer to a stronger, more public response. Late last month, The Wall Street Journal reported that the U.S. was planning to publicly announce a policy that would make cyberattacks an act of war, paving the way for the government to respond with military might in the event it's attacked through digital means.
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said an unnamed military official cited by the Journal.