China is waging a quiet, mostly invisible but massive cyberwar against the United States, aimed at stealing its most sensitive military and economic secrets and obtaining the ability to sabotage vital infrastructure. This is, by now, relatively well known in Washington, but relatively little is being done about it, considering the enormous stakes involved.
Hackers mostly backed by the People's Liberation Army are trying daily to penetrate the computer systems of U.S. government agencies, defense contractors, technology firms, and utilities such as power and water companies - not to mention the private e-mail accounts of thousands of Americans. To an alarming degree, they are succeeding. In recent years hacks have been reported of the State, Defense and Commerce departments; Lockheed Martin; Google; and the computer security company RSA, which protects critical networks through the SecureID system.
The U.S. response has been slowed by bureaucratic infighting, poor information-sharing and a failure to prioritize the problem above more familiar business with Beijing. The Pentagon has set up a cyber command, but it has the authority to protect only military networks; the Department of Homeland Security jealously guards its prerogative to guard domestic civilian targets. Government agencies often don't share sensitive intelligence with companies, while many companies are reluctant to report on penetrations of their networks; Google has been a rare exception.
Predictably, the Chinese government aggressively denies any involvement in the attacks on U.S. agencies and companies - which makes it difficult for diplomats to pressure for a cease-fire. But an encouraging report in the Wall Street Journal this week said that U.S. intelligence agencies had managed to identify many of the Chinese groups, and even individuals, involved in the cyberoffensive, including a dozen cells connected to the People's Liberation Army.
This should provide an opportunity for the Obama administration to more directly confront the problem. It should demand that Beijing shut down the military-backed groups; if it does not do so, they could be subjected to countermeasures, including sanctions against individuals. Congress could also consider legislation punishing companies connected to the Chinese military if the cyberwar does not cease.Click here to read more ....