The title of this post is a record for my longest post title ever. But I had to get everything in there lest you think this blog post is only on one topic.
The story of Stuxnet occurred in 2010 and it seems like forever ago. And since that time there have been numerous theories as to who was behind it.
The Smithsonian Mag has a great article today with an interview with Richard Clarke, former director of counter terrorism for the United States, serving three presidents. You really should read the article. I would quote more excerpts from it but I don’t know Microsoft’s policies towards bloggers commenting on the authors of the Stuxnet worm and I wish to avoid drawing attention to myself (fully realizing that with this post title I have drawn attention to myself).
Instead of Stuxnet speculation, I will talk a bit about espionage and hacking:
“The U.S. government is involved in espionage against other governments,” he says flatly. “There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that.”
“I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong,” he tells me. “Every major company in the United States has already been penetrated by China.”
“My greatest fear,” Clarke says, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you can’t compete.”
Well, this is just bad news, now isn’t it? Every time I read something about China and their hacking capabilities, it always says that Chinese are very, very good at what they are doing and are stealing American secrets. They are giving it to their own companies and this will give them a leg up. It’s like being permitted to use steroids at the Olympics while others cannot.
But what is refreshing is to get a blunt assessment about what the US and China are doing:
- The US spies on China, and China spies on the US
- The US does not steal from Chinese companies, but China steals from US (or western) companies and gives it to their domestic companies.
This is also something that I have written about in the past and that is that westerners and the Chinese have differing views on the role of technology and the role of government. Westerners have a laissez-faire view of government and technology. China, by contrast, views internal security as critically important and giving their companies an advantage anyway they can (and therefore controlling unemployment) is central to that.
But on the other hand, the US spends more on its military budget than any other country in the world. Its capabilities in cyber offensives are (most likely) beyond what many people believe. If it wanted to steal secrets from Huawei and give it to Cisco, it could. But the problem is that Cisco has better stuff than Huawei has. That’s why they are a target.
But on the other cynical hand, Clarke now works in private industry. He has his own motivations for saying that the threat is huge. As I said, the military's budget is very large and it lacks expertise in cyber espionage. There’s a big part of that budget up-for-grabs for companies that have that sort of expertise to provide to the military, and Clarke no doubt is willing to provide it.
Anyhow, it’s an interesting debate.
In a semi-related point, here’s an interesting part of the article:
Clarke, who served three presidents as counterterrorism czar, now operates a cybersecurity consultancy called Good Harbor, located in one of those anonymous office towers in Arlington, Virginia, that triangulate the Pentagon and the Capitol in more ways than one.
Remember my previous post? The one where I quoted another article where “[Former FBI cybercrime director] Shawn Henry, who is leaving government to take a cybersecurity job with an undisclosed firm in Washington…”
Hmm… I wonder what undisclosed firm Henry could possibly be going to?