Obama’s cy­ber si­lence

A fed­eral records hack points to a trou­bling lapse in the pres­i­dent’s strat­egy.

Los Angeles Times - - OP- ED - By John Bolton John Bolton,

Although many de­tails of the mas­sive cy­ber­at­tack against U.S. gov­ern­ment per­son­nel records are still not public, its strate­gic im­pli­ca­tions are plain. Wash­ing­ton re­mains un­pre­pared in cy­berspace, floun­der­ing and un­able to ar­tic­u­late its in­ten­tions and ca­pa­bil­i­ties on this new bat­tle­field.

China is the likely cul­prit, and its cy­ber­war­fare — added to its near-bel­liger­ent be­hav­ior in the South and East China seas, its ex­pand­ing mil­i­tary as­sets and its use of eco­nomic clout for po­lit­i­cal ends — is part of a deeply trou­bling pat­tern. Un­for­tu­nately, Pres­i­dent Obama’s re­sponse is also ap­par­ently part of a pat­tern of sus­tained in­ac­tion.

The Pen­tagon may be work­ing hard to de­velop of­fen­sive and de­fen­sive coun­ter­mea­sures, but the ad­min­is­tra­tion has done pre­cious lit­tle to ar­tic­u­late what Amer­ica’s strat­egy should be in re­sponse to th­ese chal­lenges. The pres­i­dent’s pol­icy si­lence is chill­ing and in­ex­cus­able.

To be sure, si­lence be­fore or af­ter a par­tic­u­lar clan­des­tine op­er­a­tion is of­ten nec­es­sary to pro­tect op­er­a­tional meth­ods and in­for­ma­tion sources. For ex­am­ple, Wash­ing­ton did not take di­rect credit — in­deed did not con­firm or deny — its prob­a­ble role in tem­po­rar­ily tak­ing down Py­ongyang’s In­ter­net af­ter North Korea hacked into Sony Pic­tures six months ago.

But pro­tect­ing clan­des­tine meth­ods and sources is one thing; Obama’s pol­icy si­lence is an­other. Amer­i­cans un­der­stand how im­por­tant in­for­ma­tion tech­nol­ogy is, and so­ci­ety’s in­creas­ingly com­put­er­ized com­plex­ity and in­ter­de­pen­dence. But they re­quire lead­er­ship to un­der­stand how se­ri­ously we could be hurt if our IT in­fra­struc­ture is com­pro­mised.

In China’s case, based on a long his­tory am­ply doc­u­mented by the Pen­tagon, the Peo­ple’s Lib­er­a­tion Army is al­most cer­tainly the per­pe­tra­tor of the fed­eral hack­ing, which means, to state the ob­vi­ous, that Bei­jing sees pen­e­trat­ing U.S. gov­ern­ment com­put­ers as a mil­i­tary ca­pa­bil­ity.

Right now, our enemies are faced mostly with rhetoric — mere hand-wring­ing — not clear de­ter­rence. This vac­uum must be re­placed by a stated strat­egy, and quickly. For­tu­nately, once Wash­ing­ton concludes to its sat­is­fac­tion that Bei­jing con­ducted the re­cent attack, the re­sponse can in­clude build­ing blocks for a more com­pre­hen­sive cy­ber­war­fare strat­egy.

First, Amer­ica must cre­ate struc­tures of de­ter­rence. Start­ing now, Amer­ica’s cy­ber re­sponse should be dis­pro­por­tion­ate. The jus­ti­fi­ca­tion for such a re­sponse is all too clear: With­out it we are fac­ing re­peated cy­cles of cy­ber in­cur­sions.

To per­suade Bei­jing and oth­ers to de­sist, they must be­lieve their con­duct will re­sult in costs that are un­ac­cept­able and un­sus­tain­able. Mere tit-for-tat re­sponses in­di­cate an in­abil­ity or un­will­ing­ness to re­act more strongly and may sim­ply tempt ag­gres­sors into more am­bi­tious op­er­a­tions.

The White House con­sid­ered the sanc­tions it or­dered in re­sponse to North Korea “pro­por­tional,” but com­pared with the decades-old U.S. sanc­tions regime against the Py­ongyang gov­ern­ment, the in­cre­men­tal new sanc­tions were triv­ial. Nor does Obama’s April 1 ex­ec­u­tive or­der au­tho­riz­ing sanc­tions against other cy­ber­at­tack­ers au­gur any­thing be­yond the North Korean ex­am­ple.

Sec­ond, U.S. re­tal­i­a­tion must in­clude po­lit­i­cal and eco­nomic mea­sures be­yond the cy­ber realm. The lat­est hack was mo­ti­vated by some­thing more than the­o­ret­i­cal cu­rios­ity about how to pen­e­trate for­eign com­puter net­works. China might in­tend to use the gov­ern­ment per­son­nel files for black­mail, or to un­der­stand our se­cu­rity clear­ance meth­ods so as to bet­ter con­ceal its own covert agents. Ac­cord­ingly, Wash­ing­ton’s re­sponse must go well be­yond sim­ply in­flict­ing pain on China’s com­puter net­works.

Bei­jing’s am­bas­sador, and other Chi­nese diplo­mats in Amer­ica (es­pe­cially any­one con­nected with Chi­nese in­tel­li­gence), should be de­clared per­sona non grata and sent home. Travel re­stric­tions should be im­posed on those re­main­ing, and on per­son­nel at Bei­jing’s United Na­tions mission. All mil­i­tary-to-mil­i­tary pro­grams should be ter­mi­nated or suspended in­def­i­nitely.

Eco­nom­i­cally, the U.S. must re­tal­i­ate strongly against en­ti­ties that sup­port or are con­trolled by the PLA, es­pe­cially those re­lated to com­put­ers and com­mu­ni­ca­tions. The lat­est attack ex­poses a re­lated U.S. vul­ner­a­bil­ity: the ex­tent to which our cy­ber in­fra­struc­ture de­rives from com­po­nents man­u­fac­tured in China. That sup­ply chain must now come un­der scru­tiny, with greater re­liance, for ex­am­ple, on com­pa­nies that keep their pro­duc­tion fa­cil­i­ties else­where.

There is ob­vi­ously risk in any strong re­sponse to a cy­ber­at­tack. But if Amer­ica is un­will­ing to de­fend it­self when the costs and risks are rel­a­tively low, there is no rea­son for Bei­jing and oth­ers to think it will do so when the po­ten­tial con­se­quences are far greater.

North Korea’s attack on Sony Pic­tures was a wake-up call. China’s ap­par­ent cap­ture of U.S. gov­ern­ment per­son­nel records is like be­ing up­ended out of bed to the f loor. What else is it go­ing to take?

a for­mer U.S. am­bas­sador to the United Na­tions, is a fel­low at the Amer­i­can En­ter­prise In­sti­tute.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.