I Hope We're Hacking China And Russia, Too - InformationWeek
IoT
IoT
Infrastructure // PC & Servers
Commentary
2/24/2012
02:09 PM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

I Hope We're Hacking China And Russia, Too

It's common knowledge that the Chinese groups attack our infrastructure. Surely we're doing the same to them... right?

It's been many years that we've been hearing how Chinese hacker groups, perhaps connected with their government, have been hacking into U.S. government and industrial systems. To a lesser extent the same is true of Russian hackers, who have battle-tested experience in the wars against Estonia and Georgia.

There's rarely any conclusive proof, but the circumstantial evidence is overwhelming, plus it just makes sense. It's the nature of such attacks that if the attacker is skilled, it's usually impossible to conclusively attribute a source. This is part of what makes responding so difficult.

So far, all the talk I hear about responding focuses on defensive measures: How can we make our systems more secure to prevent such attacks? This is a mistake. On this battlefield, offense enjoys too great an advantage over defense.

The lesson is that the best defense is a strong offense. We should be probing and hacking Chinese and Russian governmental and industrial infrastructure.

The scenario I envision is very much like Cold War mutually assured destruction (MAD). Were it not for the certainty of massive retaliation, either the Soviets or the United States might have tried a pre-emptive nuclear attack.

Therefore it needs to be clear to the enemy (sorry, the polite Cold War term is "adversary") that we have this ability, and it exists independent of our own systems and infrastructure. In other words, it might be hidden in the systems of uninvolved countries or even the Chinese themselves.

For all I know, we have been doing this for a while already. When U.S. systems are attacked--at least some of the time--word leaks out or is even announced. Would the Chinese do the same if they were attacked? I'm not so sure. You could at least make a case that they wouldn't want to, and it's not like press freedoms will stand in their way.

I'm not so certain that we are doing such things and I am certain that we wouldn't be as ruthless about it as the Chinese. I've heard stories about Chinese nationals working for Western companies being blackmailed into reporting on their work. Maybe we wouldn't do that, but there's always bribery. We might be more dissuaded if such actions violated U.S. law. I'd be surprised if they don't.

Fighting a defensive cyberwar is a recipe for disaster. If that's all we're actually doing, we need a new approach.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll