The U.S. Government has issued its annual report on the state of China’s military activities. Most notably, for the first time, the government has directly accused the Chinese military of engaging in cyber attacks on American interests. As the report states:
In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military.
This is an important step. Even after the detailed forensic report issued by the cybersecurity firm Mandiant, there were some who tried to downplay its conclusion that the People’s Liberation Army (China’s military) was behind the series of attacks. Their argument, in effect, was that there was no smoking gun—only circumstantial evidence (however conclusive). Thus, it is welcome that the Obama Administration is willing to identify the problem by name—that’s the first step to solving it.
Now, of course, we need to take the next step and identify a solution. As The New York Times points out, the Department of Defense report is long on accusations and short on responses. Perhaps that’s unfair; the report isn’t supposed to have an answer in it. But it is time, and past time, for the government to develop a strategy for dealing with Chinese cyber adventurism.
We would expect that the strategy would use all levers of government power: military, intelligence, diplomatic, law enforcement, information operations, financial, and even economic, in some mix. We would also expect that some portions of the strategy would need to be covert. Congress should do what it does best and use its oversight function to push the Administration into developing a calculated and thoughtful response to the Chinese cyber offensive.