Few are as qualified to speak, or as outspoken, as retired Gen. Michael Hayden on the topic of cyberespionage. Gen. Hayden, after a career in the U.S. Air Force, became the only person to have served as director of both the National Security Agency and the Central Intelligence Agency. Today he is a principal at the Chertoff Group, a global advisory firm focused on security and risk management.
The Wall Street Journal’s editor in chief, Gerard Baker, spoke with Gen. Hayden about his views on Chinese hacking, the security risk to companies globally, and a U.S. political climate in which the general says Americans haven’t decided how they want the government to respond to cyberthreats.
Edited excerpts of their conversation follow.
How serious?
MR. BAKER: How serious a breach of security was the recent hacking of the Office of Personnel Management? [Hackers stole millions of personnel records from the agency functioning as the federal government’s human-resources department.]
GEN. HAYDEN: The current story is this was done by the Ministry of State Security—very roughly the [Chinese] equivalent of the CIA. Those records are a legitimate foreign intelligence target. If I, as director of the CIA or NSA, would have had the opportunity to grab the equivalent in the Chinese system, I would not have thought twice, I would not have asked permission.
So this is not shame on China. This is shame on us for not protecting that kind of information.
This is a tremendously big deal. And my deepest emotion is embarrassment.
MR. BAKER: How does it happen? We always hope America has greater sophistication.
GEN. HAYDEN: There are three layers: the government system, the political system and popular culture. So, the governmental system: Raw incompetence is the best explanation I can offer you. That’s at the executive-branch level. At the political level, we began last week in Washington with reining in the renegade National Security Agency for actually having phone bills—yours and mine—up at Fort Meade. Wednesday, we have the Boston Police Department shooting someone who is committed to behead people. And Thursday, we learned that OPM had lost four, make it 14, million sets of records.
At the level of popular culture, we Americans have not yet decided what it is we want or what it is we will permit our government to do in this cyber domain. And until we make those decisions, these kinds of events are more likely.
MR. BAKER: If the federal government can be infiltrated in this way, what hope can you offer to companies?
GEN. HAYDEN: American military doctrine says this cyber thing is a domain. There are no rivers or hills up here. It’s all flat. All advantage goes to the attacker. That’s one reality.
Then, all of us just fell in love with the ease and convenience and scale, so we decided to take things we used to keep if not in a safe, at least in our desk drawer, and put it up here, where it’s by definition more vulnerable.
No. 3, we still have a bunch of scrimmages down here in physical space about what it is you will let your government do to keep you safe. We have no consensus whatsoever up here in the cyber domain.
What’s the impact for you? The impact is the next sound you hear will not be a digital bugle signaling the arrival of the digital cavalry to come save the day. The government ain’t coming. You’re not quite on your own, but you are more on your own up here [in cyberspace] than you in your lifetime have ever experienced being on your own down here.
Asymmetrical threat
MR. BAKER: One thing the U.S. government won’t do: China and other countries use their intelligence agencies to obtain commercially valuable information to benefit their companies or state-owned enterprises.
GEN. HAYDEN: We only steal stuff to keep you free and to keep you safe. We do not steal stuff to make you rich. I know of four other countries that can say those last two sentences. Everyone else steals for commercial advantage.
I’ve met with PLA 3 [the People’s Liberation Army, Third Department], the Chinese cyberstealing thing. I never had this conversation with PLA 3, but I can picture it as: “You know, we’re both professionals. You steal stuff, I steal stuff, but you know, fundamentally, you’re just stealing the wrong stuff.…You can’t get your game to the next level by just stealing our stuff. You’re going to have to innovate. And as soon as you start to innovate, you’re going to be as interested as we are in people not stealing your innovation.”
MR. BAKER: Do you think that Chinese companies, especially in the technology fields, are routinely operating essentially on behalf of the Chinese government and using whatever means they can in the U.S. market to obtain intelligence information?
GEN. HAYDEN: All enterprises and major players need to pay attention to the needs of the government of the country of which they are a part. At one level, it would be unconscionable for a company like Huawei not to be responsive to Chinese national-security needs.
MR. BAKER: That doesn’t seem to apply to Apple, does it?
GEN. HAYDEN: Apple and Google want to create encryption for which they could not provide you the key. Their business model will not survive if the American government has a special relationship with them that requires them to surrender this kind of information.
As Baidu and Huawei become international companies, they won’t survive either if they’re seen to be tools of the Chinese government.
MR. BAKER: Does the U.S.A. Freedom Act, phasing out bulk collection of phone records by the NSA, make Americans safer than they were before or—
GEN. HAYDEN: They are definitely not safer. They are more comfortable, but they are definitely not safer. It remains to be seen if they are less safe.
View the original content and more from this author here: http://ift.tt/1I9gAVA
from hacker samurai http://ift.tt/1CnEING
via IFTTT
No comments:
Post a Comment