Tuesday, February 19, 2013

Time To Do Something. But what?

The NY Times this morning publishes a longish article that links cyberattacks on some of America's critical infrastructure (power grid, pipelines) to a unit of the Chinese People's Liberation Army (PLA). I guess I'd call it a must-read. It's conclusion:
... [T]he most troubling attack to date, security experts say, was a successful invasion of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.
Telvent keeps detailed blueprints on more than half of all the oil and gas pipelines in North and South America, and has access to their systems. In September, Telvent Canada told customers that attackers had broken into its systems and taken project files. That access was immediately cut, so that the intruders could not take command of the systems.
... [S]ecurity researchers who studied the malware used in the attack, including Mr. Stewart at Dell SecureWorks and Mr. Blasco at AlienVault, confirmed that the perpetrators were the Comment Crew [a Shanghai-based PLA unit].
“This is terrifying because — forget about the country — if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent,“ Mr. Peterson of Digital Bond said. “It’s the holy grail.”
Mr. Obama alluded to this concern in the State of the Union speech, without mentioning China or any other nation. “We know foreign countries and companies swipe our corporate secrets,” he said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”
Mr. Obama faces a vexing choice: In a sprawling, vital relationship with China, is it worth a major confrontation between the world’s largest and second largest economy over computer hacking?
A few years ago, administration officials say, the theft of intellectual property was an annoyance, resulting in the loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, the increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude that a far stronger response is necessary.
It does look like the Chinese government has hostile intent. We don't need to freak out about it, but prudence requires that we do something about it. How about, as a first step, bringing manufacture of American computers back to America's shores? It will be damn inconvenient, not to mention expensive, but it will be those things to the Chinese, too. But increasingly, it's looking like a serious national defense issue.

Meanwhile, the Republicans think the best use of their time is the sequester.

No comments: