This week we cover China’s Great Cannon and its ongoing cyber espionage activities. CSIS Strategic Technology Program Senior Fellow Denise Zheng joins to explain China’s new offensive censorship tool and to discuss what governments and organizations can do to protect their networks. Then we move to India’s economy, with Finance Minister Arun Jaitley discussing India’s plans for equitable growth. We also review the region’s news, profile Natalie Lichtenstein of the AIIB, and share our One to Watch. Hosted by Colm Quinn. Audio edited by Samuel Ellis. Produced by Jeffrey Bean.
Citizen Lab’s report on China’s Great Cannon is available here.
FireEye’s investigation into “APT 30” produced a report which is available here.
The Executive Order issued by President Obama that Denise Zheng mentions is viewable here.
Time Magazine’s Time 100 List for 2015 is available here:
Assuming that it is indeed China that is behind the “Great Cannon” then we should be bracing ourselves for a high degree of concern, anxiety, and uncertainty about cyber-security. This is especially the case since cyber is the new terror but far more insidious because it is far more deniable, plausibly or not, and it is far less susceptible to a proportionate response and hence of less certain deterrent value.
So assuming that the North Koreans attacked Sony and the Americans retaliated by shutting down some North Korean sites, we see the problem starkly. Sony suffered enormously, financially and reputationally. The North Koreans, because they are not all that wired anyway probably were annoyed but mostly unscathed. What happens if the North actually knocks out a financial system or a nuclear plant inflicting big damage?
Move it over to China. The Chinese unlike the North Koreans have an enormous stake in eCommerce and ICT functions. Whether it be Alibaba or TenCent, a lot of Chinese advanced companies are not tied directly to the state. If it turns out that a Chinese state-directed attack hurts a major eCommerce site, what is the response?
The modern economy is both dependent on IT and vulnerable to malware. There are no rules. Certainly governments and businesses can harden their IT infrastructure, but it seems to me it is time for serious talks about rule-making.