In response to a flurry of news and commentary reports on Chinese hacking, James Joyner posts:
This seems to go beyond normal, low-level “competition below armed conflict,” in the current Defense Department vernacular, into something more like preparation of the battlespace. Cyber operations are inherently murky compared to traditional “kinetic” operations, making drawing lines difficult. But we seem to be at a point where China is more than a “strategic competitor” but rather an adversary. Which would seem to portend a considerably different economic relationship.
Here’s my question: is it the activity that is “beyond normal” or is it the reporting on the activity? There has been an enormous amount of Chinese state-sponsored hacking activity being carried out over the last several decades. Is what’s going on now different in kind from what’s gone on in the past?
On the one hand I think it’s good that people are finally noticing just how much Chinese cyberespionage is going on. It constitutes a ridiculously large amount of total Internet traffic. At one point I made a regular practice of blocking Chinese IP addresses. I was shocked at just how much of my total traffic consisted of what were mostly probing attacks originating in China. I once saw a log in which you could see the attacker going systematically through a list of known vulnerabilities.
On the other hand I find the prospect of raising the temperature when nothing has actually changed troubling.
It’s the same situation that you regularly note vis-a-vis the war in Ukraine: it’s impossible to know what’s really happening absent access to the Top Secret intercepts. My strong sense is that China is getting steadily bolder in its flouting of conventions, probing the limits of what it can get away with. But there are strong incentives in the national security community to contribute to that sense.
How would this compare to the Office of Personal Management data breach in 2014?
Recall during the Obama years the agreement was to refrain from cyberespionage theft of intellectual property or confidential business information for competitive advantage.
Left out was anything related to national security.
Why should the Chinese respect US security? The US sure as hell doesn’t.