BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Cyber Attacks on Press Reveal Gap in US Diplomacy

Following
This article is more than 10 years old.

On January 30, The New York Times reported that it had been under sustained cyber attacks from Chinese hackers who had infiltrated their system to steal login credentials and information from its reporters and employees.  The Times noted that the attacks coincided with its coverage concerning the massive financial holdings of relatives of China's prime minister, Wen Jiabao, and continued for months.   Using tactics similar to those previously attributed by security experts to the Chinese military, the attackers weaved their communications through U.S. university systems in an attempt to mask their origin.  One day later, The Wall Street Journal reported that its computer systems also have been subjected to ""wide-ranging electronic surveillance" by Chinese attackers in an attempt to gain intelligence on the publication's coverage of Chinese issues.  The articles revealed that Bloomberg LP and Thomson Reuters PLC have acknowledged that they, too, have suffered attacks, but they have not indicated who may have been behind them.

Frankly, none of this is shocking.  Reports of Chinese cyber hackers targeting American critical infrastructure facilities, research and development organizations, major corporations, and the U.S. government have filled the media for the past few years.  The most interesting aspect to the Times story is how the NYT let the perpetrators lurk inside their systems for months to enable them to identify the hackers' access methods, while simultaneously replacing compromised machines and building up defenses.  The company revealed sophistication and patience in its approach and a management commitment to conduct a serious forensic investigation.  Kudos to them.  I hope other companies take notice.

Beyond the news of the attacks, what these stories really do is shine a glaring spotlight on the inadequacies of U.S. diplomacy in addressing cyber threats.  Where is the Secretary of State in these stories?  Where is the President?  Why on earth does our government remain silent while our companies keep getting attacked from hackers in foreign countries?  The silence becomes deafening as increasingly state sponsorship is suspected.  We can track and trace events to a country and often know more precisely who or what organization originated the attack.  Why aren't our government officials publicly denouncing these attacks, even if it means ruffling some feathers?  Why aren't they making these attacks a major focus of diplomatic discussions?  Or headlines?  The State Department has been more than happy to make a fuss with China regarding its Internet censorship and curbs on freedom of expression.  Is the security of our intellectual property, high-value data, and media operations any less important?

There is a void in U.S. leadership in countering cybercrime, and a good starting point would be some strong diplomacy that began holding countries accountable for cyber attacks emanating from their shores.  If countries want to be connected to the Internet and be part of the global society, they have an obligation to investigate cybercriminal events and cooperate in bringing hackers to justice.  Simply denying the allegations and acting offended that anyone would accuse them is not acceptable.  China's attitude of "see no evil, hear no evil, speak no evil" just enables the cyber attackers to flourish....especially if they are state sponsored.  Likewise, Russia's refusal to cooperate in cyber investigations has allowed one of the world's largest cybercriminal rings to continue unabated.

The U.S. Government has been very noisy of late telling businesses what they should be doing about cybersecurity and asking Congress to pass laws forcing companies to take certain security steps.  It would more beneficial if some of that noise was directed at foreign governments whose countries have become havens for cybercriminal activities.  They are threatening our national and economic security.  Diplomatic leadership that called on countries to root out the cybercriminals within their shores and prosecute them, to cooperate in investigations, and to help create a global code of conduct in responding to cyber attacks would be a fine first step.

Related: