ADVICE+DISSENT: Intelligence File Tight-Lipped

In the fog of cyberspace, there is no security in silence.

You might imagine that headlines such as these would illicit public outrage from the Bush administration and maybe even a call for U.N. sanctions:

"Chinese spies stole U.S. trade secretary data"

"Lawmakers say Capitol computers hacked by Chinese"

"Olympic visitors' data is at risk . . . China targets secrets in laptops, PDAs"

Add to this public statements by the U.S. counterintelligence chief that Chinese hackers-including those acting on behalf of the government-routinely pilfer data from American executives, research directors and just about anyone the Chinese think could give them a military or business advantage, and you might expect that U.S. officials would line up to demand a full investigation and cessation of these activities.

But in the wake of news that Commerce Secretary Carlos Gutierrez, at least two congressmen and still-unnamed senior business officials have been the victims of Chinese hacking, there has been nary a peep of protest from the White House.

Now, lest you think these revelations are the product of armchair journalists and conspiracy theorists, know that the above headlines came from the Associated Press and USA Today. I also recently reported on Chinese hacking in a lengthy story in National Journal, a sister publication of Government Executive. Almost as stunning as the pervasive nature of Chinese cyber espionage has been the reluctance of U.S. officials to tell the public that it's happening.

In June, Rep. Frank Wolf, a Virginia Republican and a stalwart supporter of Chinese human rights organizations, announced that computers in his personal office were hacked by sources inside the People's Republic of China. On the House floor, Wolf asserted that U.S. officials not only were aware of these breaches and the overall risk posed by China, but he said, "I have been urged not to speak out about this threat."

Notable exceptions to the administration's apparent vow of silence are senior U.S. military officers and the director of National Intelligence, who have shown no lack of willingness to expose Chinese cyber hostilities.

What seems beyond dispute is the intense secrecy that has surrounded these incidents-the Commerce breach occurred last year, and Wolf said he was hacked in 2006-did little to prevent more. Whether it was embarrassment, diplomatic concerns or an underestimation of the threat, it seems rather silly now to pretend that the Chinese are not engaged in systematic cyber actions against the United States. The question is what will the government do about it?

The likely answer is, not much. For starters, it doesn't serve U.S. interests to start a cyber war with China-inasmuch as that's even possible-given its extraordinary importance as an economic and diplomatic partner. Trade and the threat of a nuclear North Korea seem to trump compromised laptops.

But Chinese hackers haven't limited their forays into individuals' computers. They have breached sensitive Defense Department systems, stolen data about the U.S. space program, and, according to several private sector analysts, are actively mapping the networks that control critical infrastructures such as power plants and railroads as well as the nation's banking system.

The White House has been leading an ambitious cybersecurity initiative, yet it has kept most of the details classified. One has to wonder whether the purported $30 billion proposal to improve security of government networks also will include a public education campaign. Present circumstances make one less than optimistic.

Shane Harris, a staff correspondent for National Journal, wrote about intelligence and technology at Government Executive for five years.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.