Saturday, February 06, 2010

Apocalypse Hack: China capable of turning out the lights in the US

Last week, the long-running NPR talk show, Fresh Air, featured two men discussing the topic of cybercrime. One of the guests, a journalist named Joseph Menn (author of Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet) said something that chilled me to the bone. The interviewer, Dave Davies, inquired about China and its involvement in cyber crime:

DAVIES: So what could they do? Could they take down the American electric grid...

Mr. MENN: Absolutely.

DAVIES: ...steal our military secrets? Yes?

Mr. MENN: That they have our military secrets, and they could shut down the electric grid. And if you do that for long enough, then you’re talking about stone age conditions.

After this, the interview more or less was wrapped up. Rather surprisingly, Davies did not follow up on Menn’s comment that A) China could take out our electrical grid, and B) that they have our military secrets. I was gob-smacked. Before this moment in the show, the interview, which also included hacker-turned-cyber-crime fighter Barrett Lyon, focused mostly on issues of crime as we usually construe it: someone stealing something you own. In this case, hackers accessing credit card accounts on one end of the spectrum, to hackers extorting millions of dollars from companies so they don’t have their businesses interrupted. All scary, all concerning. But what Menn had to say about China near the end of the show makes these other crimes seem positively petty. It in fact makes 9/11 seem like playground antics.

Think about it… China has access to the US power grid. They can theoretically (and evidently practically) turn off the lights anywhere they please. No electricity means, among other things, no commerce and no communication. Whose light do they turn off? New York City? Los Angeles? Washington D.C.? How about Silicon Valley? As poorly integrated as our grid is (owned as they are by private, for-profit concerns which may not necessarily have the nation’s security topmost on their list of priorities), and has dilapidated as our infrastructure is, it wouldn’t take too many days in the dark without access to email, cell phones, ATMs, and credit to send us back to a pre-1900 state of affairs.

Could we “muddle through” somehow? We’re great muddlers. We get through disasters and show a lot courage, but we just go back to the same habits that got us there. Airline security is still as porous as a ripe Emmentaler even after 9/11; the levees and flood control systems are still weak and inadequate even after Katrina; our financial system is still looking for a way to rebuild the old hedge fund structures even after TARP and the Great Recession. We love our inertia too much to change. We might muddle through a Chinese cyber attack. The difference being that such an attack would result in an existential crisis like we haven’t know since the Bay of Pigs. This time, there is no duck-and-cover drill or even a clear enemy. China is, after all, a major trading partner.

So we know China could turn off our lights and cause havoc at NORAD, but would they do it? And why? Under what conditions might China choose to launch cyber war? Probably nothing as minor as Obama meeting the Dali Lama, or some other diplomatic insult. To get China to flip the switch they would probably need a major economic or domestic political reason to do so. Taiwan comes to mind. The US is cool on Taiwan and, at least publically, favors a “one-China” policy. But what if, for whatever reason, China or Taiwan escalate the tension? A charismatic uprising in Taiwan led by a Sino Vaclav Havel or Lech Walensa during a worsening economic situation might inspire China to invade the island and “secure” it. What the US would do in such a situation is unclear, but if China got wind of the US overtly or covertly supporting the Taiwanese with intel or weapons, that may be provocation enough for China to fry our grid.

More likely however, is the possibility that China could use the threat of a massive cyber attack to implicitly shape policy in its favor:

Trade tariffs too high? It would be shame if.. San Francisco lost its beautiful night time skyline for a week.

Too many news reports about high levels of lead in children’s toys? Aren’t Chicago’s ERs particularly busy during the winter? And isn’t it terribly cold?

Are Hollywood movie executive still complaining about so-called piracy? Well, the City of Angels requires a lot of wattage to keep Tinsel Town going, doesn’t it?

Such negotiations would never be this shamming or overt. It would simply be understood. Publically denied. Privately affirmed. It is doubtful, however, that China would ever engage in an “all out” cyber war. Simply stated, it would be bad for business. China owns nearly 800 billion dollars, or nearly a quarter, of our debt. (Japan is not far behind. Talk about a Co-prosperity Sphere!) This factor, combined with the still-robust US GDP means that the US is still the best game in town, from an investment perspective. Therefore, any non-military use of the grid for intimidation purposes would probably be pegged to relatively small matters of economic policy. And with the recent Supreme Court decision that opens the door to unlimited campaign contributions from corporations, China and other international players will have more access than ever to the US political system. If Nancy Pelosi doesn’t like China’s human rights record, then perhaps a few million dollar funneled through American subsidiaries of Chinese companies could be direct toward a suitable China-friendly opponent. In other words, the cyber threat and corporate access to the political process is a kind of one-two punch against US sovereignty.

What about fighting back? Surely with our technological know-how we must have guys on our side? Where are our cyber warriors? We almost certainly have them, but we are the ones with the dependencies. China is in a growth cycle, we are in a decline cycle. They are building, we are spending. Decadence has generated a culture of political apathy and cynicism, whereas China, with its lock-down philosophy regarding dissidents, and its rising standard of living has generated a populace that is ready to do what it needs to do to achieve hegemony. They won’t wait their turn, but they will bide their time. Much of the cyber war is about stockpiling and keeping the powder dry. Google may leave China, but China got what it wanted, or at least enough of what it wanted. There is nothing magical about digital technology. They know how to make things work, how to get what they want, and how to make it work for them. The next stage, innovation, will come with time.

And this may ultimately be what keeps the lights on in Dallas and Seattle. What would China gain by provoking the US (and by extension, the West in general)? We (the US) would retaliate against ourselves before we come up with a proper counter-measure against the Chinese. We would first look at our own end-users and draw up policies to “secure” our side of the net. But any draconian, punitive change in the laws of computer usage in the US would mean a slowing of innovation. We would do this in the event of an attack. We have a tendency to absorb the evils of our enemies (Germans build concentration camps… the US builds “internment” camps. Terrorists attack us partly because our freedoms are anathema to them. We reign in habeas corpus and illegally detain our own citizens.) I think China realizes this, or at least has some notion of it. My thought is that instead of a massive attack, we may well see “pin-pricks” here and there. Nothing beyond the realm of plausible deniability, but certainly enough to generate a “I-know-that-you-know-that-I-know” moment between diplomats on both sides. And as China becomes more involved in the innovation side of digital technology (it is just a matter of time) they are sure to realize what backlash could mean for them. After all, an entire generation of average Chinese students have grown up using workarounds to access the net in spite of their government’s best efforts to lock out sites and searches.

Will the sky fall? Will China destroy the US? Almost certainly not. But what is transpiring now over the wires is transference of hegemonic power from nuclear anxiety to digital blackmail on a massive scale. Putting aside for the moment the very real possibility of terrorists accessing our electrical grid , it is clear that our notions of American power are vulnerable not just to the deluded goals of religious extremists, but to the pragmatic, long range machinations of an established nation state.

No comments: