On the evening of February 6th, I delivered a guest lecture to the local chapter of the Institute of Electrical and Electronic Engineers (IEEE). During the course of my lecture I referenced a very recent quote from Eric Schmidt on cyber security concerns about China. I have great respect for Schmidt, as I worked with him when he was Sun Microsystem‘s Chief Technology Officer, and I was with SunSoft, the division responsible for Sun’s version of the UNIX operating system. The cyber security issue is an area that has concerned me since I first began working in China, representing P-Cube (acquired by Cisco Systems), and its advanced Internet traffic policy engine.
I think it is fair to say that Eric Schmidt, Chairman of Google, has been one of the first to openly and vocally declare our national cyber security threat from Chinese hackers. Just two weeks ago, on February 1st, Wall Street Journal blogger, Tom Gara, posted an exclusive article describing his review of early galley proofs of Schmidt’s new book, planned for release this coming April. Apparently, Schmidt is quoted from the proofs, writing that:
“China is the world’s most active and enthusiastic filterer of information” as well as “the most sophisticated and prolific” hacker of foreign companies. In a world that is becoming increasingly digital, the willingness of China’s government and state companies to use cyber crime gives the country an economic and political edge.”
In late January, shortly before the WSJ blog post, we learned from a blog post by Eric Schmidt’s daughter Sophie, that Schmidt had also just returned from a surreptitious visit to North Korea with former New Mexico Governor, Bill Richardson. Schmidt described the other worldly cyber world of North Korea. had access to North Korea’s mobile network, which allows international calls but has no data service. Schmidt got a look at North Korea’s national intranet, which Schmidt described as “a walled garden of scrubbed content taken from the real Internet.”
Clearly, China and North Korea have become major topics of interest for Schmidt and Google. Something is up.
All week this week, National Public Radio‘s Morning Edition, has featured a series of stories on our military’s growing concern and focus on cyber attacks, and the development of both defensive and offensive cyber strategies.
Sunday night on CBS 60 Minutes, Janet Napolitano, Obama’s Secretary of Homeland Security, revealed that China was at the top of of her cyber threat list, also listing Iran and Russia.
But the most important event occurred this evening, when the New York Times published a Breaking News Alert on a story written by three of the best NYT investigative journalists. The four page detailed article, “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.,” provides extraordinary detailed evidence. The breadth and depth of the cyber attacks on the United States go back as far as 2006, and the article describes attacks on numerous industries and hundreds of U.S. companies. Most concerning, there is now compelling evidence of near-miss attacks seeking means to disable our critical infrastructure. There has been much talk about our vulnerability, but until this NYT article nothing has so explicitly exposed our risk to cyber attack from the Chinese military. For me, one of the more interesting details was that the source of the attacks was a PLA building in Shanghai.
(Since I first posted this story on my blog, virtually all major national and international media outlets have exploded with their own stories: BBC, Canadian Broadcasting, PBS Newshour, NBC, MSNBC, CBS, ABC, CNN, and dozens of others. Tuesday, February 19th is the day that President Obama’s Executive Order to strengthen U.S. government resources, strategy and tactics in the growing cyber war go into effect.)
So it would now appear that the proverbial cat is out of the bag, and we can expect considerably more discussion about this and policies to counter it. Some may argue that Stuxnet worm attack on Iran’s nuclear centrifuges marks the opening of a covert new war. The consensus seems to be that we have no choice now but to respond.
As I spent more and more time in China, and spoke with my colleagues at TDF Ventures in Shanghai, and as we met with officials of IBM Global Services in Beijing, I developed this subjective impression that Shanghai was much more politically conservative, patriotic, and aggressive with foreign companies. Just something about Shanghai that I couldn’t put my finger on. Shanghai has also historically had a kind of separate local culture with the Shanghainese dialect, which is unintelligible to Mandarin speakers. Shanghai locals seem to pride themselves on their differences with Beijing. More recently, others I know who have familiarity with Shanghai have concurred with my sense that the place is the conservative center of China. I can distinctly remember meetings with computer and Internet experts in Shanghai that left me with a very uncomfortable sense of their motives. They also did not seem to be particularly shy about their motives. During my first visit to Beijing in 1999, for the 50th anniversary of the People’s Republic of China, I was deeply impressed by the event, and the obvious patriotism. But as I continued to visit China on business, I became increasingly uncomfortable with what I was seeing and hearing.
It now seems that my gut concerns were well placed.