I Hope We're Hacking China And Russia, Too - InformationWeek
Infrastructure // PC & Servers
02:09 PM
Larry Seltzer
Larry Seltzer
Connect Directly

I Hope We're Hacking China And Russia, Too

It's common knowledge that the Chinese groups attack our infrastructure. Surely we're doing the same to them... right?

It's been many years that we've been hearing how Chinese hacker groups, perhaps connected with their government, have been hacking into U.S. government and industrial systems. To a lesser extent the same is true of Russian hackers, who have battle-tested experience in the wars against Estonia and Georgia.

There's rarely any conclusive proof, but the circumstantial evidence is overwhelming, plus it just makes sense. It's the nature of such attacks that if the attacker is skilled, it's usually impossible to conclusively attribute a source. This is part of what makes responding so difficult.

So far, all the talk I hear about responding focuses on defensive measures: How can we make our systems more secure to prevent such attacks? This is a mistake. On this battlefield, offense enjoys too great an advantage over defense.

The lesson is that the best defense is a strong offense. We should be probing and hacking Chinese and Russian governmental and industrial infrastructure.

The scenario I envision is very much like Cold War mutually assured destruction (MAD). Were it not for the certainty of massive retaliation, either the Soviets or the United States might have tried a pre-emptive nuclear attack.

Therefore it needs to be clear to the enemy (sorry, the polite Cold War term is "adversary") that we have this ability, and it exists independent of our own systems and infrastructure. In other words, it might be hidden in the systems of uninvolved countries or even the Chinese themselves.

For all I know, we have been doing this for a while already. When U.S. systems are attacked--at least some of the time--word leaks out or is even announced. Would the Chinese do the same if they were attacked? I'm not so sure. You could at least make a case that they wouldn't want to, and it's not like press freedoms will stand in their way.

I'm not so certain that we are doing such things and I am certain that we wouldn't be as ruthless about it as the Chinese. I've heard stories about Chinese nationals working for Western companies being blackmailed into reporting on their work. Maybe we wouldn't do that, but there's always bribery. We might be more dissuaded if such actions violated U.S. law. I'd be surprised if they don't.

Fighting a defensive cyberwar is a recipe for disaster. If that's all we're actually doing, we need a new approach.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll