US Secretary of State Hillary Clinton has called for cooperation in defending against cyber-attacks, but remains cautious in her comments about the recent Gmail hack
US Secretary of State Hillary Clinton in a speech on 21 January took a strong stance in favor of promoting cyber-security partnerships and ending Internet censorship, but stopped short of using harsh language against China in connection with the recent cyber-attacks reported by Google.
China has been at the center of accusations of attacks on Google, Adobe Systems and more than 30 other enterprises. Direct evidence of government involvement in the attacks has been lacking – however, systems used by the attackers were linked to China and the main Trojan used in the attacks included code with a cyclic redundancy check originating in China as well.
“We have identified that systems in Taiwan were involved, as were systems in the United States,” said Dave Marcus, director of security research at McAfee’s Avert Labs. “That said, cyber-espionage and state sponsored cyber-attacks are nothing new and we have said in the past that China is one of the nation states that conducts such activities, as does the United States and other countries.”
Perhaps it is no surprise then that while Clinton addressed the idea of state-sponsored cyber-attacks head-on, she avoided placing blame directly on the shoulders of the Chinese government and spoke about the importance of building international relationships.
“The most recent situation involving Google has attracted a great deal of interest,” Clinton said. “And we look to the Chinese authorities to conduct a thorough review of the cyber-intrusions that led Google to make its announcement. And we also look for that investigation and its results to be transparent.
“We’ve worked to address this challenge at the [United Nations] and in other multilateral forums and to put cyber-security on the world’s agenda,” she continued. “And President Obama has just appointed a new national cyber-space policy coordinator who will help us work even more closely to ensure that everyone’s networks stay free, secure and reliable.”
Still, she added, states, terrorists and their proxies need to know the United States will protect its networks.
“Countries or individuals that engage in cyber-attacks should face consequences and international condemnation,” Clinton said. “In an Internet-connected world, an attack on one nation’s networks can be an attack on all. And by reinforcing that message, we can create norms of behavior among states and encourage respect for the global networked commons.”
Scott Crawford, an analyst with Enterprise Management Associates, said he was not surprised by Clinton’s remarks, but he expected her to draw a stronger connection between Google’s threat to pull out of China and the reason for that threat – it was attacked.
“Moreover, her comments miss some conclusions that could be drawn from the event: that if intellectual property was the target, then competitive advantage may be the strategic target,” Crawford said. “Should further incidents (or past incidents that may come to light) indicate a more protracted strategy, then it should alert our senior policymakers that the target is not short-term commercial gain, but longer-term economic advantage.
“There are a lot of ‘shoulds’ in that paragraph, I know, but if senior policymakers are to take the long view, they may want to consider that the strategic objective of cyber-offense may not (or not only) be military or political advantage, but – particularly in the world’s largest market – economic advantage, which in the long run would fuel strategic advantage elsewhere,” he added.
Gartner analyst John Pescatore was also not surprised Clinton did not make a bigger deal of the attacks on Google, noting that the United States “is still just as big a source of attacks as China,” meaning there is a danger of “the pot calling the kettle malicious here.”