Wednesday, May 1, 2013

DOD Using Chinese satellites underscores the need to negotiate a cyber strategy with China

On March 15, 2013 I wrote an article for Slate magazine ("The U.S. response to Chinese cyberespionage is going to backfire") wherein I said:
The anti-China sentiment on the Hill, in the Pentagon, and at the White House clashes with the pro-China business policies of major U.S. companies, including those with very active in-house security operation centers. Beijing surely knows about this disconnect—and that makes the U.S. strategy look weak or inferior.
That was underscored in a big way with yesterday's announcement via the Danger Room blog that the U.S. Department of Defense's need for satellite bandwidth is so great that they have no alternative but to buy satellite time from the China Satellite Communications company.

Leaving aside DOD's justification for it and the steps that they're taking to protect their data from Chinese collection. And also leaving aside the fact that DOD data WILL be collected despite the encryption and that Chinese researchers have compromised 5 of the world's top ten encryption algorithms, the key take-away here is my original point; that sinophobic cold war rhetoric coming from some information security firm officials, western media, and Congress while U.S. businesses and now the Pentagon NEED to work with China makes the U.S look ridiculous and weak. As I wrote for Slate:
A better approach might be for the federal government to quietly encourage U.S. companies to take steps to harden their networks against low-level attacks (which will shrink the attack surface); identify, segregate, and monitor their crown jewels (which will make it harder for any adversary, including China, to steal them); and engage with China and Russia against a mutual enemy (mercenary hacker crews). This eliminates the rhetoric and focuses on collaboration—a requirement, since the U.S. is never going to make good on threats against the single biggest holder of U.S. debt and a vital market for U.S. multinationals.

No comments:

Post a Comment