A report being released Tuesday by a U.S. computer security firm has tracked members of China’s most active and sophisticated computer-hacking group to the headquarters of a Chinese military unit in Shanghai. If the report is accurate, which it seems to be, this means the Chinese government is responsible for years of malicious cyber attacks on American and Canadian corporate and government computers. This is a watershed moment in relations between China and the West, with stakes that are critical to the future security of Canada and the United States.
President Barack Obama alluded to the growing menace of cyber espionage in his State of the Union address last week when he said “our enemies are ... seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems.” His words parallel what the security firm, Mandiant, has reported in great technical detail, as well as recent findings of the House Intelligence Committee in Washington: that dozens of cyber attacks that targeted North American military contractors, chemical plants, mining and pharmaceutical companies, satellite and telecommunications firms, media companies and public utilities since 2006 can be linked to the Chinese military.
According to the New York Times, which commissioned the Mandiant investigation after being hit by cyber attacks from China, the most serious incident involved the Canadian branch of an American company whose software lets oil and gas pipeline companies, as well as power-generating utilities, open and close valves and turn switches on and off, remotely.
President Obama has been prophetic on this issue, warning in an op-ed piece in the Wall Street Journal last July that “an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.”
This is the nightmare scenario for a world now inextricably linked by computer networks. And it is not just China that is dangerous. Iran targeted American banks in an effort to damage the U.S. economy as retaliation for economic sanctions imposed as a result of Iran’s ongoing nuclear program. The United States, meanwhile, damaged Iran’s nuclear program in 2010 through the use of a virus developed by the government.
The response from Canada and the United States must be a sharp rebuke of the Chinese government. Its past denials of any involvement in China-based cyber espionage have a hollow tone to them now. China should immediately de-escalate its “digital war,” as some have called it.
As well, American and Canadian companies need to invest in cyber security and make it a top priority. Most importantly, the world’s major economies need to work together to battle the threat of cyber espionage through friendly relations and joint efforts to reduce its use. Cyber espionage is not a prelude to anything but trouble.