The call for a radio interview was fairly routine. For whatever reason, I get calls from time to time from radio stations asking for a comment on something involving current technology news. Less often, I appear on networks such as NPR to talk about technology. The call I got Nov. 7 was a little unusual in that it came from the Voice of Russia.
For those of you not familiar with the Voice of Russia, it’s an information operation of the Russian government that broadcasts on two stations in the U.S., one in Washington and the other in New York. Voice of Russia also broadcasts live on the Web. The station carries news and features giving the Russian take on global news, including news in the U.S. If this sounds familiar, that’s because it’s the new face of what was once Radio Moscow that we used to listen to on our shortwave radios back during what my children call “the olden days.”
Today, Voice of Russia hosts Rob Sachs and Jessica Jordan wanted to know what I thought about the recent report by the Office of the National Counterintelligence Executive to Congress that said that Russia and China were the major cyber-espionage threats to the U.S.
My view is that it’s the Chinese who are perpetrating the vast majority of relentless attacks on the U.S. I also explained that the Russian government would be mistaken to think that the Chinese are only attacking the U.S. They’re hitting Russia just as hard.
But I also explained that singling out a couple of countries as major cyber-attackers is more than a little misleading. First, as cyber-attackers go, there’s China, and there’s everybody else. China has so institutionalized cyber-warfare that they are a menace to businesses and agencies everywhere in the world, not just the U.S.
But that doesn’t mean that the nations conducting cyber-attacks are limited to those few mentioned in the report. In fact, every nation that has the capability of conducting cyber-espionage or cyber-warfare has done so or is doing so. Protests by government officials that their respective governments would never do such a thing are simply words. They have no basis in reality.
Just as every nation with the ability to field an army puts it armies through exercises and maneuvers, so too does every nation with the ability to perform cyber-espionage. It would be irresponsible to do otherwise. It’s very much like the spies that nations send to find out what’s going on in other countries. We send spies to Russia; Russia sends spies to the U.S.
Nations, Enterprises Must Get Serious About Cyber-Security
We also send spies to lots of other nations and so does Russia. But it’s not just us. Israel famously spent a great deal of effort and money spying on the U.S., one of its closest allies. So has another traditional U.S. ally, France. I have no doubt that the U.S. government is collecting intelligence on our allies as well as our adversaries. This sort of activity has taken place as long as there have been nations with competing interests, and it should be no surprise that it continues.
It should be noted that every nation that I’ve mentioned has routinely denied that they’re conducting cyber-espionage. This should also not be a surprise. Pro-forma outrage at the suggestion that we or anyone else is doing something as unsavory as spying is also part of the game. You don’t dare admit to intelligence gathering because it would be well, tacky. Or maybe undiplomatic.
But we are, and we should be, gathering intelligence through cyber-espionage. It’s in the national interest of the U.S. and it’s in the national interest of all those other countries.
China is a special case. That country has taken cyber-espionage to a whole new level and is using the information it gathers for more than its national defense. It passes vast collections of stolen intellectual property to the companies in China that compete with the outside world so that they can make things better, cheaper or get them to market sooner.
The Chinese integration of their military with their companies is analogous to sending the Chinese army to U.S. companies to break into their buildings and steal documents. Of course, the Chinese don’t do that-probably because they think we’d notice. But what they are doing is no different.
Fortunately, companies can implement security measures that will slow down if not defeat Chinese attempts at intrusion. But to do that, companies have to take security more seriously than they do now. When big companies with supposedly good security are being hit by viruses and Trojans, there’s no reason to think that the Chinese can’t also get in.
So yes, it’s true that foreign governments are trying to steal your data. You have the means to prevent it, and the U.S. government will even help. But you have to take the problem seriously first and spend the effort and money to have actual security for your data systems.