In the fog of cyberspace, there is no security in silence.
You might imagine that headlines such as these would illicit public outrage from the Bush administration and maybe even a call for U.N. sanctions:
"Chinese spies stole U.S. trade secretary data"
"Lawmakers say Capitol computers hacked by Chinese"
"Olympic visitors' data is at risk . . . China targets secrets in laptops, PDAs"
Add to this public statements by the U.S. counterintelligence chief that Chinese hackers-including those acting on behalf of the government-routinely pilfer data from American executives, research directors and just about anyone the Chinese think could give them a military or business advantage, and you might expect that U.S. officials would line up to demand a full investigation and cessation of these activities.
But in the wake of news that Commerce Secretary Carlos Gutierrez, at least two congressmen and still-unnamed senior business officials have been the victims of Chinese hacking, there has been nary a peep of protest from the White House.
Now, lest you think these revelations are the product of armchair journalists and conspiracy theorists, know that the above headlines came from the Associated Press and USA Today. I also recently reported on Chinese hacking in a lengthy story in National Journal, a sister publication of Government Executive. Almost as stunning as the pervasive nature of Chinese cyber espionage has been the reluctance of U.S. officials to tell the public that it's happening.
In June, Rep. Frank Wolf, a Virginia Republican and a stalwart supporter of Chinese human rights organizations, announced that computers in his personal office were hacked by sources inside the People's Republic of China. On the House floor, Wolf asserted that U.S. officials not only were aware of these breaches and the overall risk posed by China, but he said, "I have been urged not to speak out about this threat."
Notable exceptions to the administration's apparent vow of silence are senior U.S. military officers and the director of National Intelligence, who have shown no lack of willingness to expose Chinese cyber hostilities.
What seems beyond dispute is the intense secrecy that has surrounded these incidents-the Commerce breach occurred last year, and Wolf said he was hacked in 2006-did little to prevent more. Whether it was embarrassment, diplomatic concerns or an underestimation of the threat, it seems rather silly now to pretend that the Chinese are not engaged in systematic cyber actions against the United States. The question is what will the government do about it?
The likely answer is, not much. For starters, it doesn't serve U.S. interests to start a cyber war with China-inasmuch as that's even possible-given its extraordinary importance as an economic and diplomatic partner. Trade and the threat of a nuclear North Korea seem to trump compromised laptops.
But Chinese hackers haven't limited their forays into individuals' computers. They have breached sensitive Defense Department systems, stolen data about the U.S. space program, and, according to several private sector analysts, are actively mapping the networks that control critical infrastructures such as power plants and railroads as well as the nation's banking system.
The White House has been leading an ambitious cybersecurity initiative, yet it has kept most of the details classified. One has to wonder whether the purported $30 billion proposal to improve security of government networks also will include a public education campaign. Present circumstances make one less than optimistic.
Shane Harris, a staff correspondent for National Journal, wrote about intelligence and technology at Government Executive for five years.