Every day the Pentagon is attacked 3 million times. They’ve infiltrated our banks. They’ve ransacked our technology industry. They’ve breached the networks of the Chamber of Commerce. They’ve read our email by taking down one of America’s pre-eminent technology companies, Google. It’s already World War III, people. And all we do is smile at the enemy.
Last Wednesday, The New York Times announced that its computers had been hacked. That passwords had been stolen. That its private networks had been traversed with impunity by a bunch of brazen hackers. We’re not talking Anonymous here nor a bunch of ethical hackers. No we’re at war with China.
To paraphrase an old newspaper joke, “what’s black and white and red all over?” The Chinese Red Army, that’s who.
How do we know that? As William Gibson might bark, “Pattern Recognition!” Computer security experts consulting with The New York Times identified the malware “as a specific strain associated with computer attacks originating in China.”
There other telltale signs. Like the fact the hackers broke into The Times’ computers starting on Sept. 13, as the newspaper was putting its final touches on a report that the relatives of China’s Prime Minister Wen Jiabao had accumulated a fortune worth several billion dollars through business dealings.
The Definition Of War
In May 2011, the Pentagon promised it would announce a formal strategy to deter cyberattacks by declaring foreign computer hacks an act of war. But despite mounting evidence that Chinese attacks continue relentlessly, there has been no further action. In view of all the recent happenings, that’s tantamount to raising the white flag.
The New York Times was not the only company hacked. That same day, The Wall Street Journal admitted it too had been infiltrated by Chinese hackers who apparently were trying to monitor its China coverage. And Bloomberg computers were infected by Chinese hackers after the company published an article on June 29, 2012 about the wealth accumulated by relatives of Xi Jinping, China’s vice president at the time.
But media companies are not the only ones being breached. An Air Force Cyber Command Recruiting video on YouTube urgently proclaims, “This building will be attacked 3 million times today,” while hovering over the Pentagon. Those are blatant acts of war, people, and the daily siege of the Pentagon is just part of today’s cyber-warfare landscape.
Cyberattacks are exploding. In Jan. 2010, Google, Intel, Adobe and and more than 30 other companies were attacked in a coordinated terrorist campaign. Google said the attacks originated in China, which lead the company to abandon the Chinese market. If Google leaves the world’s largest market, what does that say about the enemy?
In January 2011, Morgan Stanley admitted it too had been hit by the same China-based hackers who attacked Google’s computers, an operation dubbed “Aurora” by cyber-security firm McAfee. Terremark Worldwide estimates that the number of companies known to be hacked in Operation Aurora now exceeds 200.
While government organizations and companies spend vast amounts of money on security precautions, the situation is so dire that the Defense Department, whose Advanced Research Projects Agency (DARPA) developed the Internet in the 1960s, “is beginning to think it created a monster,” reports Bloomberg BusinessWeek.
What Should We Do?
Let me repeat that again, the inventors of the Internet you like and use so much think they’ve created a monster! So what should we do?
I believe we need a serious dose of innovation and reinvention to stem this monster tidal wave.
America today spends about $718 billion on defense and security. Most of that money is spent on resources and equipment designed for old-fashioned warfare.
The reality is that World War III is being fought in cyberspace and most real-life interaction will be handled by robots. And in both sectors our public and private capital spending priorities are completely misaligned.
The global cyber security market was valued at $64 billion in 2011, or less than 10% of what the U.S. spends on defense and security. Major U.S. players include CA Technologies, Cisco Systems, Fortinet, IBM, McAfee and Symantec. International security firms include Check Point Software (Israel) and Kaspersky (Russia).
Our venture capital scenario is not much better. In 2011, VCs collectively invested $935 million in tech security companies, nearly double the $498 million they invested in 2010, according to a MoneyTree report compiled by PricewaterhouseCoopers, the National Venture Capital Association and Thomson Reuters.
Clearly, the U.S. cyber security market is woefully underfunded. As Delaware Senator Thomas Carper puts it, “The issue of Cyber Warfare is not science fiction any more. It’s reality.” Here’s what I believe we should do:
* U.S. Defense Budget – America should reshape its defense budget to reflect the reality that World War III is already here and it’s being fought in the cyber trenches. This means the Pentagon should officially declare Chinese cyber attacks as foreign warfare and treat the matter with the utmost urgency.
* Robotics - The worldwide robotics industry today is a $25 billion global industry, with most R&D activity taking place in South Korea and Japan. How can America allow its next-generation cyber-soldier technology to be based on foreign know-how? My recommendation: put the U.S. on a robotics fast-track with a combined government-private sector investment budget of $20 billion annually.
* Cyber Security – Like the robotics industry, cyber security is in dire need of more attention, but it’s not very sexy. VCs are falling all over themselves to fund the next Facebook or Snapchat, but what if those services could no longer function because the Chinese brought the Internet to its knees with relentless denial-of-service attacks? That $1 billion VCs invested in 2011 in cyber security is a drop in the bucket compared to the Pentagon’s $718 billion budget. We need to ratchet this up to $5 billion, preferably $10 billion, by next year.
* Internet 2 – As the pronouncements of DARPA suggest, the Internet was not designed for what it’s doing today. Please take some time to read this Bloomberg Businessweek story, it’s downright scary. We need to insulate this country from the enemy, and that means designing an all-new Internet, one created from the ground up for secure operations, and preferably one that insulates the U.S. from the rest of the world.
I’m sure this last bit of advice will have free-thinkers around the world cringing. But when the Chinese decide that you’ve had enough freedom, it might be too late to come to your senses. I fully expect to be hacked by the Chinese this week.
I’ve added Mandiant to my address book. I rather be safe than sorry. And please do contribute to my crowdsourced ideation engine to suggest more ideas on how we can protect ourselves in this brave new world.