China would probably scream to high heavens should they prove that they’re on the receiving end of a hack attack from the US. But for the US, the government doesn’t seem to have a clue. The hack on the Office of Personnel Management where information of over 21.5 million federal employees was stolen should have been a clear signal that whichever country was the culprit should be on the receiving end of an ICBM.
“We’re still working our way through that issue… It has to be something that’s communicated that generates… a sense of consequence…”
–U.S. Navy Admiral Mike Rogers
According to early investigations, many of the high profile hacking attacks the US has suffered originated from China. That the attacks were state sponsored, coming from hackers in the employ of the People’s Liberation Army. US Intelligence has even narrowed it down to one building in Shanghai. But of course, the whole thing can be denied by China and without solid evidence, the US can’t do much. I recall a discussion on CNN about US accusations of hacking by China but the Chinese representative just threw the accusation back, and what was supposed to be an intelligent discussion turned into an exchange between two children on which of them farted. China has repeatedly slammed further accusations of hacking.
Now, there hasn’t been any further high profile hacking news since the attack on the OPM. Either US government agencies beefed up their security or they stopped disclosing further attacks to the public out of embarrassment. But one thing’s for sure according to U.S. national intelligence director James Clapper, the attacks are ongoing.
“Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact…What we could expect next is data manipulation, which then calls into question the integrity of the data, which in many ways is more insidious than the attacks we’ve suffered thus far…”
–U.S. national intelligence director James Clapper
Please sir, don’t give them any ideas. They might actually pull it off. We’re reminded of two movies with such a scenario. Live Free or Die Hard (Die Hard 4) and Terminator: Rise of the Machines. Both movies detail what could happen should the US suffer a major hacking attack on its agencies, businesses and connected infrastructure. While the US won’t probably get nuked anytime soon, any manipulation of data in financial institutions such as the stock market could easily end up in disaster. If anyone decides to mess with bank balances, banks will no longer be trusted. Hackers could mess with American 401Ks and riots could ensue. The show Fear the Walking Dead also discussed and showed how quickly society can break down when communications and utilities go offline. It’s only a matter of time before someone actually does mess with the system or data, not just steal it.
So if some hostile country does such a thing, will the US consider it as an act of, or declaration of war? But wouldn’t it be too late by then if hackers gain access to power grids, weather data, military data or nuclear launch codes? Aren’t stolen federal employee data and defense contractor blueprints not sufficient grounds to go on Defcon 5? Someone needs to quickly draw the line and issue a very stern warning to any hostile nation not to mess with US systems and data. The country could sure use another George W. Bush post-9-11 statement and treat the next high-profile hack as a missile attack, then discreetly whack the offending nation where the sun don’t shine.
The threat of severe consequence to hacking is needed because everything will soon be connected once the cloud and the Internet of Things is fully realized. Hacking then could reach a whole new level. Everything can be used to spy on people or be turned off to cause chaos. Driverless cars could be controlled into Maximum Overdrive and actually hurt someone.
The holdup is because there must be definite proof that any hostile nation is truly the one responsible for a hack attack. The US can’t just use a satellite-based rail gun to vaporize that PLA building in Shanghai. As it stands, the government isn’t 100 percent sure because of differing degrees in confidence and China will just keep with its rhetorical denials. The investigators could have been misled by the hackers to wherever their IP trace led them. But if the trace was definite, what then? The big question is, is the United States of America still the badass country it used to be? Is it tough enough to issue sanctions to a country such as China and endanger an already fragile geo-political and economic status quo?
In cyberspace, the opponents are invisible and real-world finger pointing against a strong suspected opponent is probably the most that can be done. Like it or not, an invisible war may already be going on in cyberspace and the best the US can do is beef up its defenses against increasingly clever foreign (and domestic) hackers. Fortify the walls and build a keep. But the US can always bare its teeth when threatened. The US can still write a bill and draw that line, and like any intruder seeing the bared teeth of a large barking guard dog, foreign hackers might just think twice before crossing it.