The
NY Times this morning publishes
a longish article that links cyberattacks on some of America's critical infrastructure (power grid, pipelines) to a unit of the Chinese People's Liberation Army (PLA). I guess I'd call it a must-read. It's conclusion:
... [T]he most troubling attack to date, security
experts say, was a successful invasion of the Canadian arm of Telvent.
The company, now owned by Schneider Electric, designs software that
gives oil and gas pipeline companies and power grid operators remote
access to valves, switches and security systems.
Telvent keeps detailed blueprints on more than half of all the oil and
gas pipelines in North and South America, and has access to their
systems. In September, Telvent Canada told customers that attackers had
broken into its systems and taken project files. That access was
immediately cut, so that the intruders could not take command of the
systems.
... [S]ecurity researchers who studied the malware used in
the attack, including Mr. Stewart at Dell SecureWorks and Mr. Blasco at
AlienVault, confirmed that the perpetrators were the Comment Crew [a Shanghai-based PLA unit].
“This is terrifying because — forget about the country — if someone
hired me and told me they wanted to have the offensive capability to
take out as many critical systems as possible, I would be going after
the vendors and do things like what happened to Telvent,“ Mr. Peterson
of Digital Bond said. “It’s the holy grail.”
Mr. Obama alluded to this concern in the State of the Union speech,
without mentioning China or any other nation. “We know foreign countries
and companies swipe our corporate secrets,” he said. “Now our enemies
are also seeking the ability to sabotage our power grid, our financial
institutions, our air-traffic control systems. We cannot look back years
from now and wonder why we did nothing.”
Mr. Obama faces a vexing choice: In a sprawling, vital relationship with
China, is it worth a major confrontation between the world’s largest
and second largest economy over computer hacking?
A few years ago, administration officials say, the theft of intellectual
property was an annoyance, resulting in the loss of billions of dollars
of revenue. But clearly something has changed. The mounting evidence of
state sponsorship, the increasing boldness of Unit 61398, and the
growing threat to American infrastructure are leading officials to
conclude that a far stronger response is necessary.
It does look like the Chinese government has hostile intent. We don't need to freak out about it, but prudence requires that we do something about it. How about, as a first step, bringing manufacture of American computers back to America's shores? It will be damn inconvenient, not to mention expensive, but it will be those things to the Chinese, too. But increasingly, it's looking like a serious national defense issue.
Meanwhile, the Republicans think the best use of their time is the sequester.