Archived Story

Cyber attack defense limited

Published 11:40am Wednesday, May 28, 2014

After tiptoeing around the obvious for years, the Obama administration finally did something about corporate espionage when it indicted five Chinese military officers this week.

The good news, says one of our country’s top cybersecurity experts, is that the United States is not at (cyber) war with China. The bad news is that nothing we are doing is working or will work, the long-term prospects are even worse, and China has a lot of retaliatory options.

Other than that, the Justice Department’s tough stance on China was a great move.

“A military attack is not a proper response to espionage, and everything else we were doing wasn’t working all that well,” said Jake Olcott, a principal at Good Harbor Security Risk Management. “And by the way, this probably won’t work that well either. Diplomacy is a long, tough road.”

Olcott first got pulled onto cybersecurity as a young lawyer working for the House Homeland Security Committee a decade ago. From there he became counsel to Senate Commerce Committee Chair John D. Rockefeller, IV. His work led to the groundbreaking Securities and Exchange Commission rules issued in 2011. (Full disclosure: Olcott long ago worked for my political consulting firm, and he and I are both members of the Truman National Security Project.)

Now he advises private and public sector clients how to defend themselves against cyber attacks because, he says, “There’s actually very little that governments can do to stop or slow this stuff down.”

Our cyber conflict with China is a next-generation example of how online freedoms create new security issues that were hard to imagine. The anonymity of the Internet—and the inability of nations to defend their ‘Internet borders’—means that attacks can be launched from anywhere in the world with limited fear of punishment.

Making matters worse, the unique relationship our government has with the private sector allows for economic growth but paradoxically makes us vulnerable. Private companies supply our electricity and build components for military hardware, for example. An unintended consequence of this is that those private companies then become responsible for our cybersecurity.

“Most of our critical infrastructure is owned by the private sector.

People think the NSA is defending us from everything, and that’s not happening. In the US, companies are on their own to defend themselves from threats,” said Olcott.

Conversely, China is perfectly structured to exploit our weakness. “The Chinese have long discussed their interest in using their military and intelligence arms to steal from other businesses to reward Chinese business,” said Olcott.

It’s not all bad news. Some of it is awful, and the rest is downright horrible.

“These guys are part of the Chinese military. They probably won’t be brought to justice,” said Olcott. “Without a strong deterrent, people will still be doing it. There aren’t any real deterrents today.”

Right now, we hold the indictments, but China holds all the cards. Olcott says China has several options, none of them appealing to the US. They can redouble their cyber espionage. China could also counterattack with charges of corruption as happened last week when Chinese police accused a GlaxoSmithKline executive of orchestrating a “massive bribery network” to boost pharmaceutical prices.

Or China could start an old-fashioned trade war by making it hard for American businesses to break into their market—all of which are reasons why the US never did anything like this in the past.

Olcott said short of Congress passing comprehensive cybersecurity legislation along the lines of what he negotiated for Sen. Rockefeller the only realistic thing for businesses to do is learn self-defense.

“It’s not going to get any easier. Executives need to recognize that their entire business can be undermined by a cyber incident. When somebody walks out with your trade secrets, that’s a really bad day.”

Whether we have more bad days to look forward to depends largely on whether the American business community rises to their own defense. But Olcott’s been sounding the alarm for a decade now, and the rush to the barricades has been slow. In the end, creating a sense of urgency in corporate America might be the only good thing to come out of Obama’s legal counterattack against China’s espionage.

 

Jason Stanford is a Democratic consultant who writes columns for the Austin American-Statesman and The Quorum Report. He can be reached at stanford@oppresearch.com and on Twitter @JasStanford.

The Tribune believes it is possible for people with a variety of points of view to discuss issues in a civil manner and will remove comments that, in our opinion, foster incivility. We want to encourage an open exchange of information and ideas. Responsibility for what is posted or contributed to this site is the sole responsibility of each user. By contributing to this website, you agree not to post any defamatory, abusive, harassing, obscene, sexual, threatening or illegal material, or any other material that infringes on the ability of others to enjoy this site, or that infringes on the rights of others. Any user who feels that a contribution to this website is a violation of these terms of use is encouraged to email report-comments@irontontribune.com, or click the "report comment" link that is on all comments. We reserve the right to remove messages that violate these terms of use and we will make every effort to do so — within a reasonable time frame — if we determine that removal is necessary.

Editor's Picks

Apple butter on sale to benefit Shop With a Cop

SOUTH POINT — Law enforcement agencies in Lawrence County have kicked off the annual apple butter fundraiser for the Shop With a Cop program. Every year, ... Read more