I wonder how much space in the president’s daily brief, perhaps the government’s most secret compendium of global threats, is devoted these days to cyberattacks. The Internet affords the weak power to attack the strong. North Korea, Iran and al-Qaeda fit into this category with their disruption of financial-services Web sites. And cyberespionage is also a tool of China, which has used it to probe and steal information from leading U.S. corporations and news organizations.
It remains to be seen how intelligently we will respond to this new and classically asymmetrical threat. I worry that on cyberterrorism we are today where we were on its physical predecessor in the late ’90s: a lot of discussion in academic, think-tank and government agency circles but no fully coordinated response. The attacks can still be viewed as isolated and not that serious, as were the attacks on our embassies and the initial attack on the World Trade Center. Corporate America would like to downplay them, and government is perhaps more focused on physical terrorism. Moreover, the openness of the Internet is its very strength, and the net-roots, a powerful political constituency, rises up against any effort it sees as restricting that freedom and has been effective in killing any kind of comprehensive cybersecurity legislation.
This week, however, an interesting and little-noted provision slipped into the bill President Obama signed to allow continued funding of the government. From now on, government purchases of any technology from Chinese companies must go through a cyberespionage review process. The United States imports more than $100 billion in Chinese technology every year; much of that is purchased by government agencies. Indeed, Lenovo, the Chinese hardware company, has taking market share from Dell as a main goal of its growth.
This is clearly a retaliatory move, but hopefully an effective one.