When Cyber Threats Become Cyber Attacks

Comment | Print | RSS

• Login to Rate

The second was a Wall Street Journal article that quoted the FBI's top cyber official saying US companies were failing to protect corporate networks from exploitation, including from hackers in China. The two are connected.

China believes that its time has arrived -- that it will displace the US as the world's largest economy in a matter of years, not decades, said Wang Jisi, an advisor to the Chinese Communist Party. The national policy of "keeping a low profile" will end with the departure of China's President Hu Jintao at the end of this year, Wang was quoted as saying in The New York Times.

As China flexes its muscles and the US responds, relations could devolve to "open antagonism," according to the Brookings Institution.

Increasingly US OEMs will be caught in the crossfire. Competition from Chinese companies has been intensifying in recent years in virtually all markets from automotive to communications to medical -- even military and aerospace hardware. A deterioration of relations will impair manufacturing operations and disrupt global supply chains. It will be important for companies that have international operations to develop contingency plans.

Case in point is the deployment of 180 US Marines to Darwin, Australia, this week, ahead of 2,500 Marines that will be stationed there as part of a US-Australian agreement. China is not happy with the show of force in its regional backyard. It's worth keeping an eye on China's reaction in the coming months.

As for countering cyber-threats, Shawn Henry, the outgoing executive assistant director of the FBI's Criminal, Cyber, Response, and Services Branch, said in an interview earlier this week that the US was "not winning" the war on cyber-crime and that companies need to change the ways they protect, police, and use computer networks, The Wall Street Journal reported.

In one corporate case, hackers stole 10-year's worth of intellectual property valued at over $1 billion, the FBI's Henry said.

Many of these threats are alleged to be coming from China, and US companies remain clueless. According to one source that tracked intrusions back to Chinese hackers, 94 percent of the targeted companies didn't realize they had been breached. The median number of days between the start of an intrusion and detection was 416.

Henry believes the way companies are fighting cyber-attacks is unsustainable: "Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security."

Needless to say, CEOs and CFOs need to lead the charge to change their strategies and tactics to protect networks and company IP. Given the stakes, they need to arm CIOs to the teeth with tools to protect their corporate assets.

Rising tensions between the US and China are potentially going to lead to more cyber-espionage -- in both directions -- and will require new strategies and more resources by companies to protect their assets.

But there's a more sinister prospect lurking in the shadows, one that companies should not ignore.

Consider a cyber-attack, traced to China, on a US government agency, defense contractor, national lab, nuclear power plant, or other facility that has "national security" implications.

Up till now, according to one IT security expert, the US government has been very specific about classifying such breaches as "exploitation." It has never classified one as an "attack." But if it were to do so, it raises questions about the prospect of military retaliation -- either physical or cyber, or both.

This is a very gray area. And no one knows what exactly a cyberwar would look like. But given the news of the week, it's worth thinking about the impact it would have on your business.

Related posts:

• Defense Agencies to Congress: Cybersecurity Expertise Lacking
• Cybersecurity Takes a Serious Turn
• Chinese Official Talks IP Security – So What?