|
ˇ@
Protecting cyberspace from China
By Brahma Chellaney
Sunday, Feb 07, 2010, Page 8
The world now accepts that protecting our atmosphere, hydrosphere, lithosphere
and biosphere ˇX the ˇ§global commonsˇ¨ ˇX is the responsibility of all countries.
The same norm must apply to cyberspace, which is critical to our everyday life,
economic well-being and security.
At a time when cyber attacks are increasing worldwide, US Secretary of State
Hillary Clinton was right to declare that an attack on one nationˇ¦s computer
networks ˇ§can be an attack on all.ˇ¨ Indeed, the attacks are a reminder that as a
new part of the global commons cyberspace already has come under threat.
Cyberspace must be treated, along with outer space, international waters and
international airspace, as property held in common for the good of all. And like
ocean piracy and airplane hijacking, cyber-crime cannot be allowed to go
unpunished if we are to safeguard our common assets and collective interests.
Naming China among a handful of countries that have stepped up Internet
censorship, Clinton warned that ˇ§a new information curtain is descending across
much of the world.ˇ¨ Her statement, with its allusion to the Cold War-era Iron
Curtain, amounted to an implicit admission that the central assumption guiding
US policy on China since the 1990s ˇX that assisting Chinaˇ¦s economic rise would
usher in greater political openness there ˇX has gone awry.
The strategy of using market forces and the Internet to open up a closed
political system simply is not working. Indeed, the more economic power China
has accumulated, the more adept it has become in extending censorship to
cyberspace.
China has proven that a country can blend control, coercion and patronage to
stymie the Internetˇ¦s liberalizing elements. Through discreet but tough
controls, Beijing pursues a policy of wai song, nei jin ˇX relaxed on the
outside, vigilant internally.
Google is now crying foul over ˇ§ a highly sophisticated and targeted attack on
our corporate infrastructure originating from China.ˇ¨ But, despite its corporate
motto ˇX ˇ§Donˇ¦t be evilˇ¨ ˇX Google itself was instrumental in aiding online
censorship in China, having custom-built a search engine that purges all
references and Web sites that the Chinese government considers inappropriate.
Now Google itself has become a victim of Chinaˇ¦s growing cyber prowess, in the
same way that appeasement of Adolph Hitler boomeranged onto France and Britain.
China deploys tens of thousands of ˇ§ cyber-policeˇ¨ to block Web sites, patrol
cyber-cafes, monitor the use of cellular telephones and track down Internet
activists. But the threat to the new global commons comes not from what China
does domestically. Rather, it comes from the way in which the know-how that
China has gained in fashioning domestic cyber oversight is proving invaluable to
it in its efforts to engage in cyber intrusion across its frontiers.
Canadian researchers have discovered a vast Chinese surveillance system called
ˇ§GhostNet,ˇ¨ which can compromise computers abroad through e-mail messages that
automatically scan and transfer documents to a digital storage facility in
China. This is what happened when computers of the Tibetan government-in-exile
in Dharamsala, India, were attacked last year.
Indiaˇ¦s national security adviser recently said his office was targeted yet
again by hackers.
ˇ§People seem to be fairly sure it was the Chinese,ˇ¨ he said.
Officials in Germany, Britain and the US have acknowledged that hackers believed
to be from China also have broken into their government and military networks.
The state-sponsored transnational cyber threat is at two levels. The first is
national, with the hackers largely interested in two objectives. One is to steal
secrets and gain an asymmetrical advantage over another country. Cyber intrusion
in peacetime allows the prowler to read the content and understand the relative
importance of different computer networks so that it knows what to disable in a
conflict situation. The other objective is commercial: to pilfer intellectual
property.
The second level of cyber threat is against chosen individuals. The most common
type of intrusion is an attempt to hack e-mail accounts. The targets also can
face Trojan-horse attacks by e-mail to breach their computers and allow the
infiltrators to corrupt or transfer files remotely.
If a cyber attack is camouflaged, it is not easy to identify the country of
origin. Through the use of so-called ˇ§false-flag espionageˇ¨ and other methods,
attacks can be routed through the computers of a third country. Just as some
Chinese pharmaceutical firms exported to Africa spurious medicines with ˇ§Made in
Indiaˇ¨ labels, some Chinese hackers are known to have routed their cyber
intrusion through computers in Russia, Iran, Cuba and other countries.
But like their comrades in the pharmaceuticals industry, hackers tend to leave
telltale signs. There are many cases in which the attacks have originated
directly from China.
It seems unlikely that these hackers, especially those engaged in cyber
espionage, pilferage, and intimidation, are private individuals with no links to
the Chinese government. It is more likely that they are tied to the Peopleˇ¦s
Liberation Army (PLA).
In war, this irregular contingent of hackers would become the vanguard behind
which the PLA takes on the enemy. Systematic cyber attacks constitute a new
frontier of asymmetrical warfare at a time when the world already confronts
other unconventional threats, including transnational terrorism.
With security and prosperity now dependent on the safekeeping of cyberspace,
cybercrime must be effectively countered as an international priority. If not,
cyberspace will become the new global-commons battlefield.
Brahma Chellaney is a professor of strategic studies at the
Center for Policy Research in New Delhi.
ˇ@
|
