I Hope We're Hacking China And Russia, Too - InformationWeek
Infrastructure // PC & Servers
02:09 PM
Larry Seltzer
Larry Seltzer
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

I Hope We're Hacking China And Russia, Too

It's common knowledge that the Chinese groups attack our infrastructure. Surely we're doing the same to them... right?

It's been many years that we've been hearing how Chinese hacker groups, perhaps connected with their government, have been hacking into U.S. government and industrial systems. To a lesser extent the same is true of Russian hackers, who have battle-tested experience in the wars against Estonia and Georgia.

There's rarely any conclusive proof, but the circumstantial evidence is overwhelming, plus it just makes sense. It's the nature of such attacks that if the attacker is skilled, it's usually impossible to conclusively attribute a source. This is part of what makes responding so difficult.

So far, all the talk I hear about responding focuses on defensive measures: How can we make our systems more secure to prevent such attacks? This is a mistake. On this battlefield, offense enjoys too great an advantage over defense.

The lesson is that the best defense is a strong offense. We should be probing and hacking Chinese and Russian governmental and industrial infrastructure.

The scenario I envision is very much like Cold War mutually assured destruction (MAD). Were it not for the certainty of massive retaliation, either the Soviets or the United States might have tried a pre-emptive nuclear attack.

Therefore it needs to be clear to the enemy (sorry, the polite Cold War term is "adversary") that we have this ability, and it exists independent of our own systems and infrastructure. In other words, it might be hidden in the systems of uninvolved countries or even the Chinese themselves.

For all I know, we have been doing this for a while already. When U.S. systems are attacked--at least some of the time--word leaks out or is even announced. Would the Chinese do the same if they were attacked? I'm not so sure. You could at least make a case that they wouldn't want to, and it's not like press freedoms will stand in their way.

I'm not so certain that we are doing such things and I am certain that we wouldn't be as ruthless about it as the Chinese. I've heard stories about Chinese nationals working for Western companies being blackmailed into reporting on their work. Maybe we wouldn't do that, but there's always bribery. We might be more dissuaded if such actions violated U.S. law. I'd be surprised if they don't.

Fighting a defensive cyberwar is a recipe for disaster. If that's all we're actually doing, we need a new approach.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll