This week, we had the Pentagon both admitting that they had a major breach in multiple systems in March and putting forth a strategy for stronger response to future attacks. Deputy Defense Secretary William Lynn said that over 24,000 files were stolen from the Pentagon in a single intrusion alone. Add this to the legion of breaches and attacks that have been escalating in recent years and months. The CIA, NSA, and even the White House and the Congress are among many federal entities that have been victims of these attacks. Missile system plans, airplane avionics, satellite protocols and network security plans are amongst the pilfered documents. It isn’t a mystery who is perpetrating these attacks either. “We have a pretty good idea who did it” says Lynn. Given some leaks and other attacks that have been made public, we can guess that its China or other regional state actors.
Imagine if a gang of state sponsored hoodlums physically attacked federal buildings and carried out boxes of documents. Would our response be as weak as it has been in the past to these assaults? The bad digital actors of the world are literally treating us like the scared convenience store owner that they can rob at will, with risk of little more than a shaken fist as they run away.
So far the due process of American style justice has come up mostly empty. They occasionally collar a few of these criminals, when they reside in an extradition friendly country. But the truth is that the most prolific attackers are out of our jurisdiction and beyond the long arm of US law.
In some poorly policed former iron curtain countries, there are whole towns of fraudsters thumbing their nose at our investigations. And attacks on major companies and our institutions are routinely traced to China where the trail goes cold. The most recent attacks on Google pointed to a town that is known as Chinese military training facility. It doesn’t take a digital Sherlock homes to see what’s going on here.
It looks like we might finally be getting fed up of being treated like the digital neighbor wimp whose lunch money is up for grabs and is always willing to take a pounding. Based on Mr. Lynn’s statements and other highly placed officials off the record comments, it seems the US posture on digital defense is about to change. Recently, the State department made a statement that digital attacks could be taken as acts of war and would be responded to accordingly. It seems that they are setting the stage for more forceful responses to future incursions. And they have indicated that these responses might include more than just digital counter-attacks.
And rightfully so. As long as digital thieves and spies can attack our sovereign networks with little cost and no risk of any retribution, they will try again and again till they are successful. On the other hand, if there is more at risk than just their hard drives, they might think twice and pick on someone else. I’m not saying that some black ops teams should start visiting the Eastern European spammers (on the other hand..), but things like the now barely deniable joint US/Israeli Stuxnet virus attack on the Iraqi nuclear program seem like a really smart way to deal with certain problems. No bullets were fired, no one got hurt and a major foreign policy objective was partial achieved.
The plan is light on details so far, and rightfully so. They don’t want to let the enemies know ahead of time what to expect. But watch out computer criminals… the men in black might be knocking on your door some day soon. And they don’t need a subpoena.