Former U.S. government security official addressed Chinese attacks

Reports from two U.S. Congressman this week claiming that hacks into U.S. government computer systems in 2006 originated in China echoed a keynote address at Source Boston 2008 given by Richard Clarke, a computer security expert who has served in advisory roles for the Federal Trade Commission, the National Science Foundation, the Treasury Department and the Department of Defense.

During his kick-off keynote at the March conference, Clarke spoke in detail about the reported instances of Chinese parties hacking into U.S. government systems and similar government security issues in Estonia. Clarke also discussed how digital photo frames manufactured in China were found to be downloading Trojan viruses onto customers' computers. The examples played into a bigger theme Clarke addressed on whether or not the government, ISPs (three of which recently agreed to block access to online child pornography) or anyone could succeed in policing the Internet.

"The Chinese government has gotten into classified networks," he said at the time. "Chinese attacks have been taking place over many years and it appears very much to be the Chinese government."

Clarke discussed U.S. government plans to prevent such "state-sponsored cyber threats into classified systems" from taking a country down. "If we don't get cyber-security right, the country could ... freeze up because someone has gotten into its software," Clarke said.

He mentioned the Washington rumor mill and talks of "billions of new dollars" being invested in several cybersecurity initiatives to enable the U.S. government to go on the offensive against other countries looking to engage in cyber war.

"In cyberspace, who knows what capability anyone has? If you really launched an attack against the U.S., how much could you shut down and what impact would that have?" Clarke said. "We may be less able to attack our enemies and more vulnerable. There is no degree of certainty about cyber capabilities."

Clarke suggested the U.S. isn't China's only target. The Asian country appears to have other Western nations in its sights as well. Nearly 300 U.K. government departments and businesses critical to the country's infrastructure were the subject of Trojan horse attacks, many reportedly originating in the Far East, according to Sophos which assisted the U.K. government in analyzing a series of Trojans designed to steal confidential and sensitive information. 

"We need to protect our own networks. We need to tell everyone as soon as we know about threats. The first duty of government is to protect and defend its own people," Clarke said.

He suggested government-sponsored efforts to improve the quality of software code and put in place regulations to ensure code is safe as a means to protect against cyberattacks.

"Somehow we can solve this, but it has to be by going on the offensive. Regulation is a dirty word, but we may want to have regulations about the quality of the computer code the government buys," he said. "Many people are applying cold war strategic nuclear doctrine thinking here.

"Securing the government networks stems from the idea that the government traffic is segregated from the Internet. It's not. How can we secure government networks without looking at all the traffic on all the networks? That raises questions about privacy. We can no longer assume that our government is not violating the law or our privacy rights,” he said.