US government debates action over alleged Chinese cyberattacks

US government debates action over alleged Chinese cyberattacks

Summary: Following a string of cyberattacks allegedly related to China, the U.S. government is debating whether action is required.

SHARE:
cyber-war-igen-zaw2-1

The Obama administration is considering further action after high-level talks with Chinese officials over cyberattacks against America failed.

The Associated Press reports that two former U.S. officials say the administration is currently preparing a new National Intelligence Estimate -- a governmental assessment of concerns relating to security -- in order to better understand and analyze the persistency of cyberattacks against America which come from China.

Once this is complete, it will be possible to better address the security threat, as well as justify actions to defend both the general public and national security.

The new National Intelligence Estimate will address cyberattacks as a threat to the economy -- often seen when you consider not only the problems caused by downtime, but also in relation to the money organizations and businesses have to spend in order to defend against and repair the damage left by cyberattackers.

One U.S. official said that it will "cite more directly a role by the Chinese government in such espionage," according to the news agency.

In addition, the report is expected to address ways to pave the way for diplomatic and trade measures against the government unless the situation is placed under control. Secretary of State Hillary Rodham Clinton said this week:

"We have to begin making it clear to the Chinese that the United States is going to have to take action to protect not only our government's, but our private sector, from this kind of illegal intrusions."

If cyberthreats are not tackled worldwide, Clinton said that the U.S. government is working on measures of their own. Although nothing is set in stone, it is possible measures including the cancellation of specific visas or restrictions on importing Chinese goods could be considered.

Both the New York Times and Wall Street Journal recently claimed to be victims of these kinds of attacks. The NYT said was a persistent target for hackers based in China -- pointing an accusatory finger at security firm Symantec for not protecting it -- and this resulted in data breaches where passwords and administrative details were stolen. The WSJ says that it has had to combat cyberattacks for "several years" and suggested that confidential emails may have eventually made their way to Chinese officials.

However, attacks against media outlets which may originate from China are not isolated incidents. There has been a string of data breaches and cyberattacks against American banks, universities and companies -- many said to come from the Asian country. Cybersecurity firms often trace these kinds of threats back to China, and many tech giants -- including Google -- have complained for years that the problem is escalating.

It is not just China which is of concern as a number of cyberattacks are also traced back to Africa and Russia. Newly-discovered Red October, for example, targets very specific organizations in order to steal data and gather intelligence. The high-profile targets and origins of the code have led Kaspersky Labs to "strongly believe" it originated in Russia, and may have been state-sponsored.

The Chinese government and military have denied responsibility over monitoring or hacking. The Defense Ministry said that Chinese law forbids "hacking and any other actions that damage Internet security," and that "The Chinese military has never supported any hacking activities."

"The U.S. government has started to look seriously at more assertive measures and begun to engage the Chinese on senior levels," James Lewis, a cybersecurity expert at the Center for Strategic and International Studies told the AP. "They realize that this is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China."

The White House declined to comment on the possibility of tough sanctions against China, but spokesperson Caitlin Hayden said:

"The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information. We have repeatedly raised our concerns with senior Chinese officials, including in the military, and we will continue to do so."

Topics: Security, Government US, China

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • Pull the plug.....

    .....and have the "Great Wall of Wall Street" protect us?
    rotflmao
    :-)
    kd5auq
  • What can be done?

    The real problem is the political relations between these two Mega Nations.
    They can't pull off a full scale cyber-war, even if that would be a remedy, because both a dependent on each other in such immense ways.

    Worse still, if these are not state-sponsored attacks, what can really be done to mitigate?
    If they are state sponsored, they can easily be denied. China is a huge country, with a massive population; it's hard to keep track of everything and everyone - surely the line they'll use if the time comes when they have to respond for these attacks.
    jetsethi
  • Want to be secure?

    Then don't use the worlds proven most insecure system.
    jessepollard
    • Get a life...

      Pffttt.... You'll never catch on.
      NoAxToGrind
    • Worlds proven most insecure system

      You mean, of course, the internet, right? The only way to guarantee you won't be hacked from afar is to pull the plug.
      fromthehip
      • If, by pulling the plug, you mean the ethernet plug

        Then that's not good enough given Stuxnet and these two incidents in late 2012:

        "U.S. power plants combat USB malware infections
        http://www.zdnet.com/u-s-power-plants-combat-usb-malware-infections-7000009871/

        Not to mention this widely-reported incident in 2011:

        http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

        We can either go back to the Stone Age by free will, be forced back to the Stone Age by failing to secure our infrastructure or secure our infrastructure. Which do we choose?

        And why are top executives in the private sector (Chairman of the Board, CEO, President, COO and CFO), universities (President, Controller and Chancellor), and government/military (Secretaries [to the President], Undersecretaries, Assistant Secretaries, Generals) left in place, still pocketing ridiculously high salaries and benefits when the organizations under their "leadership" have been infiltrated and fleeced? Clearly, it's not a problem. Unless, one happens to be the CIO and CSO (assuming that there is one).
        Rabid Howler Monkey
        • Power Grid

          We are all aware that China has been found to have implemented a virus that was capable of wiping out our nations power grid, right? For us to fix what this virus was to do, would take 6 months to manufacture another part. That's 6 months of our nation without electricity. We would become a 3rd world country.
          Heather Littlefield
  • So, why not

    Surely we can tell what ISP / servers these attacks come through. Just block them completely. When China starts whining point out WHY they were blocked and let them figure out how to kiss and make up.
    NoAxToGrind
  • Now I feel better

    "The Chinese military has never supported any hacking activities."

    Oh really, China? Well OK then. If you say so.
    dstinson_z
    • Yes, really

      Everyone knows China has their own cabinet department of Espionage. Completely different from the military...that way they don't have to divert resources from planning the invasion of Taiwan.
      jvitous
  • 是中國不會騙

    中國有這樣壓抑的人從來就不說實話在美國從事間諜活動的政府制度。
    harry_dyke
    • China will not cheat?

      Is this sarcasm or language practice?
      Bill4
  • Lie and Swear To It

    The Middle Kingdon - Oh, excuse me, the People's Republic of China - will NEVER deal honestly with the barbarians from outside, a/k/a, all those Europeans and Americans. Those uncouth, hairy people are beneath the Mandarin from Beijing.
    Well, that's the general attitude inside the Forbidden City, even after over half a century of equality under Marxist Communism. As such, they do NOT feel obligated to tell us anything like the truth, so the Ministry for State Security will blow smoke at us about what they do in trying to penetrate ALL our IT networks, whether they be DoD, NCIC, the White House, or even my little 3-station/1 server network at home. They DON'T CARE, because they DON'T RESPECT US, and they HONESTLY BELIEVE we are beneath them, socially and genetically, and deserve nothing more.
    And until we STOP TRADING WITH THEM, and SEVER RELATIONS WITH THEM, and show them that THEY are the barbarians in this little morality play, they WILL NOT change their attitudes.
    Why should they? It's worked for them for THOUSANDS of years.
    MadYank
  • No moral authority

    After the stuxnet attack on Iran, America has lost the moral high ground. What's the matter, America? You can dish it out but you can't take it.
    akaltman
    • Perhaps not

      But what's done is done and I'm not weeping for Iran.

      I do think that our military efforts should be primarily defensive, attacking only when we our our allies are actually attacked (would we had followed that policy in Iraq).
      John L. Ries
  • One thing we could do...

    ...is to work on breaking up botnets thought to be controlled by Chinese "patriotic hackers", together with remedying worms and viruses thought to be perpetrated by them. I also think an attack on the "great firewall" would be appropriate. It would be surprising if the CIA wasn't already hacking Chinese government and Communist Party systems for intelligence purposes.

    But no, I don't think we should be launching DDoS attacks against China or anyone else.
    John L. Ries