- Special Reports
- Maps & Data
- 2015 In Review
- Dear Abby
- Games & Puzzles
- Events & Exhibits
- Food & Drink
- Arts & Music
- Movies & TV
About one year ago Sen. Joe Lieberman, 10 months from the end of his Senate career, sat down with The Day's editorial board and said his greatest concern was not the budget or economy, but the increasing threat of cyber attacks and cyber espionage targeting both the U.S. government and private corporations.
The then-chairman of the Homeland Security and Governmental Affairs Committee likened the threat to the danger the nation faced prior to Sept. 11, 2001. Back then the country did not heed the warnings or react aggressively enough to intelligence information showing there was reason for concern. He warned of making the same mistake again by not taking cyber security seriously.
At the time he was pushing for passage of the Cybersecurity Act of 2012, which called for the government setting cyber-security performance standards for companies responsible for critical infrastructure or involved with classified government operations. It also would have created a clearinghouse in which industries and government agencies could securely share information about cyber threats and the means of addressing them.
"I think this is maybe the last really significant contribution I could make to my country's future economic prosperity and national security," Sen. Lieberman told us then.
Unfortunately for the now retired senator and for national security, the Senate did not enact the bill, or any alternative legislation, largely due to overwrought fears in the corporate community about government interference and exposure of privileged information.
Back then the senator was coy about what information he was seeing, but recent revelations show he had good reason for his concerns. This past week came reports on the findings of Mandiant, an American computer security firm, which conclusively tracked extensive hacking of corporate and government data bases back to a unit of the People's Liberation Army of China. Mandiant traced the skullduggery right to the hackers' hive, a 12-story office tower in Shanghai.
Chinese officials replied with shock, indignation and denial, but the evidence is clear and overwhelming.
Stolen have been technology designs, internal negotiation tactics, manufacturing procedures, clinical trial results and other proprietary information that can allow China to cut corners and gain unfair economic advantages by benefiting from the inventiveness and labor of others.
More alarming were the reports of the Chinese hackers getting access to companies providing security control to defense contractors, U.S. intelligence agencies and corporations. The New York Times reported on Mandiant's troubling findings that hacking has also focused on critical North American infrastructure, including the power grid and targeting one company with remote access to valves controlling 60 percent of oil and gas pipelines.
The Obama administration must do more to impress upon the Chinese government that these actions are not acceptable, that they endanger the economic cooperation between the two countries. Perhaps so publicly outing China's behavior will have some influence on its behavior.
Of course the United States also uses cyber espionage. But a line is crossed when that technology is abused to steal information from private companies and tamper with systems vital to a nation's security.
The greater concern is that if China has done this other nations and organizations can, and almost certainly have, done likewise. A terrorist cyber attack on critical infrastructure systems is a genuine threat. Out-going Defense Secretary Leon E. Panetta has warned of a cyber Pearl Harbor attack.
President Obama recently signed an order that the government share with American Internet providers and corporations information it collects on the digital signatures of hackers who pose the greatest security threat. But that is not enough. Congress needs to pass the kind of legislation Sen. Lieberman pushed for before leaving office. The external threat is far more serious than concerns about sharing information or government interference in the private sector.