by Mitch Kokai
Senior Political Analyst, John Locke Foundation
Nina Easton‘s latest Fortune column focuses on the threats of cyber attacks from bad actors in places such as China and Russia.
In May, the Obama administration tried to regain the upper hand in the propaganda war with the Justice Department’s grand jury indictment of five Chinese military hackers. While the indictments won’t go anywhere—the men are in China—the effort helps the U.S. build a case should it decide to sharply escalate the conflict by going to a court that Beijing actually cares about: the World Trade Organization. Meanwhile, America’s new ambassador to China, Max Baucus, has publicly warned Beijing that the U.S. won’t stand by while “state actors” commit cyber theft.
So where does that leave companies here and abroad? Sadly, diplomacy is a slow and uneven slog. Unless China can be convinced there is a painful price to pay in the long run, companies in the U.S., Europe, India, and elsewhere remain exposed.
Now is the time to consider ways to help the private sector develop more robust defenses. In today’s environment, executives are reluctant to share information after cyber attacks occur. Therefore, as [American security expert Kevin] Mandia often says, “no one gets smarter.”
[Cybersecurity author Peter] Singer proposes an approach like that of the government-backed Centers for Disease Control and Prevention—where anonymous data provided by the private sector is deployed on behalf of public health (or in this case, cyber health). “We need a trusted clearinghouse that examines trends, threats, overall ecosystems,” he says.
Costly cyber theft, of course, goes beyond China. Hackers out of Russia staged the largest retail hack in history, stealing 40 million credit card numbers from Target. Retailers like Neiman Marcus had their own costly episodes last year.
Chinese hackers typically don’t steal directly from customers. That’s a signature Russian heist. Neither do they destroy computers or files. You won’t see angry customers boycotting or suing because their credit cards were hacked. Chinese commercial espionage is quieter—but just as nefarious. Which is why we need to get beyond [Edward] Snowden and make a vigorous case against Chinese cyber theft, even as companies bolster their defenses.