The United States is not at cyber war. There, I said it.
Don’t feel bad if this is news to you. It is also news to all the Congress-critters and nearly every journalist who has used the term. "But wait," you say. "What about all the reports and government screaming? Do they mean nothing?"
Pretty much, yes.
It is important to remember that no one really knows what cyber war is.
One thing is for certain, though: Cyber war is not what the Chinese currently appear to be up to. That’s called spying. If you doubt it consider what Rep. Mike Rogers, chair of the House Intelligence Committee, said Sunday on one of those talk shows that no one outside of D.C. watches:
"They use their military and intelligence structure to [steal] intellectual property from American businesses, and European businesses, and Asian businesses, repurpose it and then compete in the international market against the United States."
If stealing secrets is an act of war then America is currently at war with all of its allies. Espionage is what governments do so they don’t have to go to war...directly. What appears to be upsetting the Congressman is that the Chinese are using espionage to make money in a way that the United States didn’t think of first.
"We get [hit] every single day by a whole series … of attacks, everything from criminals trying to get into your bank account or steal your identity, to nation states like China who are investing billions and hiring thousands."
How exactly does this make China different from the United States? Drop the word “America” into the above sentence and it’s still true.
Fortunately, at times like these the press is around to
repudiate fear with facts throw gas on the flames.
Thus, The Washington Post reports:
"A new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness, according to individuals familiar with the report … which represents the consensus view of the U.S. intelligence community."
Does anyone remember how America ended up fighting a war against
Iran Iraq? “The consensus view of the U.S. intelligence community.”
Over at The New York Times the only issue is whether the cyber war is cold or hot. The Times and The Wall Street Journal have already proven how susceptible they are to screaming when a cyber mouse shows itself (see "NYT, WSJ Forget the Facts in Stories About Their Own Hacks" for details).
The Times wasn’t content with using other peoples’ reports based on circumstantial evidence so it went out and got one of its own. The study by Mandiant has come under some fairly withering criticism.
- It doesn’t appear to say anything new. CEO Kevin Mandia: "Mandiant’s not the first company to blame China for the hacks, but it was our turn to carry the ball for a little bit." Translation = “We were working for the NYT and that’s some golden PR.”
- Did I mention it was based on circumstantial evidence? Jeffrey Carr does a superb job of explaining why Mandiant saw exactly what it expected to find and then offers several other equally valid possible perpetrators, including Russia, France and Israel.
(Kudos to whoever decided to turn copies of the report into an attack vector. That's practically art.)
Not one word in this headline is even remotely accurate.
P.S.: Here is my boilerplate response on the security weakness of U.S. utilities in regards to cyber attacks: "Yes, there is a problem. It is not a crisis. To do any significant damage any such attack would most likely have to be associated with a physical attack." (The sky is not falling, Chicken Little, but I bet I could make a whole lot of money convincing you otherwise.)