June 9, 2015 | The New York Post

To Beat China’s Cyberattacks, America Needs to Fight Back On All Fronts

Last week’s revelation that the personal records of 4 million current and former federal workers was accessed by a massive hack traced to China was a wake-up call we shouldn’t have needed.

The target of the cyber-hit was the Office of Personnel Management, and US officials pointed immediately to Chinese hackers.

And it was yet another sign of the vulnerability of the digital era: The speed of technological advancement outpaced our ability to secure information, giving hackers — and the governments they’re often sponsored by — a head start.

The networked systems that transfer, process and store information, including our personal and national secrets, are falling prey to our cyber-adversaries.

The West is especially vulnerable: We simply rely on the Internet more than those in developing countries.

And unlike human intelligence or conventional warfare, cyberwar boasts a relatively low barrier to entry.

The underdog can thrive.

The OPM hack revealed some of the failings of our cyber-defenses. (These failings were not new to the Chinese, obviously, and shouldn’t have been to us, either. “The mystery here is not how they got cleaned out by the Chinese,” one former official told The New York Times. “The mystery is what took the Chinese so long.”)

Yet it would be a mistake to divorce the latest hack from its strategic context. We need to understand what China is doing — and what we can do about it.

The OPM hack is yet another example of a wider ongoing cyber-campaign that targets both US core capabilities and its economic interests.

Data stolen from this hack and from the earlier intrusions into Anthem and Blue Cross insurance databases allow the Chinese to build detailed profiles of federal employees, including those with security clearances.

On top of the damage caused to our intelligence capabilities, the hacking campaign against US companies has inflicted an estimated $250 billion in annual losses from intellectual-property theft. This is a serious extra burden to the recovering American economy.

And aside from better cyber-defenses, the United States must also prioritize deterring the Chinese — or other adversaries like Russia, North Korea and Iran — from conducting operations against the United States.

The way to do this is for the Obama administration to convince our adversaries that the expected benefits from successful cyber-attacks would be dwarfed by the price paid for conducting them. That doesn’t only include hitting back with our own cyber-attacks.

The White House has already introduced a sanctions program targeting those who conduct cyber-attacks against the United States. President Obama should go further.

The administration should also comb through the long list of collaborative programs with China and defund those that can be seen to benefit the Chinese more than US interests.

Furthermore, forging strong collaborative ties in cyber-defense with key partners and allies, such as Japan, would send Beijing and other adversaries a strong message of ending the Wild West era of digital attacks. We already have traditional defense agreements with allies; it’s time to beef up our cyber-alliances too.

The OPM hack should not be seen as an isolated, one-off case, but as the tip of an iceberg, one piece of a larger ongoing Chinese campaign in cyberspace against the United States and its interests.
It is a persistent, multi-pronged and low-intensity campaign, which does not aim at simple “shock-and-awe.”

The campaign’s long-term goal is to improve China’s strategic standing vis-a-vis the United States without — and this is the key — provoking a military response.

The Chinese and their collaborators hope to compromise America’s core intelligence capabilities and erode the source of US global power: its economic dominance.

Both to safeguard its global standing and to establish more sustainable rules of the road for cyberspace, the United States needs to lead the technologically advanced — but still highly vulnerable — Western world and reclaim its cyber-security.

We must start making our adversaries pay a steep price for their attacks.

Pasi Eronen is a project researcher for the Foundation for Defense of Democracies. 

Read in The New York Post