In view of the amazingly sophisticated and persistent Russian attack on our nation’s computer systems, I agree with this opinion piece in today’s Wall Street Journal that the U.S. government must integrate its cyber defensive and offensive capabilities. We can’t accept a piecemeal approach.
The real challenge, however, extends beyond government. Private sector networks have been compromised by China in other “supply chain” attacks that have been widely documented. As per the piece for the National Interest I co-authored, China may be engaged in an even stealthier assault to penetrate our systems and remain absolutely invisible.
Our government relies extensively on private sector networks, including cloud computing systems, which the Chinese have displayed a knack for penetrating. If American CEOs don’t harden their systems, nothing the U.S. government does will completely protect us from increasingly damaging attacks. The Pentagon, for example, relies on more than 300,000 suppliers in multiple tiers and yet it does not have the legal authority to inspect those companies’ networks for foreign state actors.
I suspect many CEOs have accepted the possibility that the Chinese are inside their networks or else don’t want to look for problems. It’s just a cost of doing business in China. But that’s dangerously naive. They must be involved in hardening all American cyber systems or we will be at the mercy of a monolithic Chinese Communist Party. National security is not just the government’s problem.