Xi Jinping’s Visit Amidst a Rattling of Cyber Sabers

Being a sequence of quotations from contemporary articles contextualizing the visit of the rising Vice President of China amidst a conspicuously timed introduction of unprecedented domestic cybersecurity legislation.

National Post Full Comment (Feb 14) – “From bitter gruel, Xi Jinping to ascend to China’s top job” by Peter Goodspeed
http://fullcomment.nationalpost.com/2012/02/14/xi-jinping/

He arrives in Washington Tuesday on the first stop of a week-long tour of the United States in one of the final diplomatic rituals he must undergo before becoming China’s next leader.

Now vice-premier, Mr. Xi is widely expected to replace President Hu Jintao as secretary-general of the Chinese Communist Party in October, when China will change 60% of the members of the party’s Central Committee and replace seven of the nine members on the ruling Standing Committee of the Politburo.

By spring 2013, he should replace Mr. Hu as president, then become chairman of the Central Military Commission.

Meanwhile…

Hillicon Valley (Feb 13) – “Senate cybersecurity bill would let firms appeal Homeland Security regulations” by Gautham Nagesh
http://thehill.com/blogs/hillicon-valley/technology/210349-senate-cybersecurity-bill-would-let-firms-appeal-regulations

The legislation would task the Department of Homeland Security with determining which sectors of the economy would be covered by new cybersecurity regulations, after risk assessments in consultation with the private sector, the intelligence community and others.

But designated sectors would have the right to appeal whether the regulations apply to them. Several groups representing portions of the private sector considered part of the critical infrastructure have expressed concern about the impact of the regulations on both security and the bottom line.

“Passing the bill is crucial for national security, but not if the provisions on critical infrastructure regulation are watered down. This will be a real test for this Congress,” said James Lewis, senior fellow and director at the Center for Strategic and International Studies.

James A. Lewis is one of the star witnesses for the Senate Homeland Security and Governmental Affairs Committee’s hearing this Thursday on what has been termed “comprehensive” cybersecurity legislation being unveiled by Majority Chair Joe Lieberman and co-sponsor Minority Chair Susan Collins. Senator John (Jay) Rockefeller IV is the other primary co-sponsor, and will be the first witness at Thursday’s hearing.

Examples of sectors considered likely to fall under the new regulations are utilities, water treatment plants and transportation providers. Some sectors, such as major financial institutions and telecom providers, may ask for exemptions based on a demonstrated ability to secure their systems.

After determining which firms are critical infrastructure, DHS would then, in consultation with the private sector, determine cybersecurity performance requirements for firms in the covered sectors.

…

“There would be a huge market incentive for designated sectors to meet the security standards. But if they don’t DHS and the AG would decide on penalties,” said the spokesman.

What about international cybersecurity standards and practices?

WSJ (Jan 27) – “China’s Cyber Thievery is National Policy—And Must Be Challenged” by former NSA Director Mike McConnell, former Secretary of DHS Michael Chertoff, and former Deputy Secretary of Defense William Lynn.
http://online.wsj.com/article/SB10001424052970203718504577178832338032176.html
This appears to be a copy liberated from between the lines of Rupert Murdoch’s curious digital divide:
http://defense-technologynews.blogspot.com/2012/02/dtn-news-defense-intelligence-news.html

The bottom line is this: China has a massive, inexpensive work force ravenous for economic growth. It is much more efficient for the Chinese to steal innovations and intellectual property—the source code of advanced economies—than to incur the cost and time of creating their own. They turn those stolen ideas directly into production, creating products faster and cheaper than the U.S. and others.

Cyberspace is an ideal medium for stealing intellectual capital. Hackers can easily penetrate systems that transfer large amounts of data, while corporations and governments have a very hard time identifying specific perpetrators.

Stewart A. Baker, another witness for Thursday’s hearing, on the metaphorical wall isolating domestic and foreign intelligence gathering: “I thought that the civil liberties dangers it was supposed to ward off were probably more theoretical than real.”
http://www.skatingonstilts.com/skating-on-stilts/tired-of-reading-chapters-backwards.html

Continuing with the perspectives expressed in the WSJ:

The report to Congress notes that the U.S. intelligence community has improved its collaboration to better address cyber espionage in the military and national-security areas. Yet today’s legislative framework severely restricts us from fully addressing domestic economic espionage. The intelligence community must gain a stronger role in collecting and analyzing this economic data and making it available to appropriate government and commercial entities.

Congress and the administration must also create the means to actively force more information-sharing. While organizations (both in government and in the private sector) claim to share information, the opposite is usually the case, and this must be actively fixed.

National Journal (Feb 13) – “Feinstein Introduces Information-Sharing Bill Ahead Of Senate Cybersecurity Debate” by Josh Smith
http://techdailydose.nationaljournal.com/2012/02/feinstein-introduces-informati.php

Feinstein’s proposal would require the government to designate an agency as a “cybersecurity exchange” to coordinate information sharing; allow the government to share classified cybersecurity information with certain private-sector organizations; and provide liability protection for companies that share information.

“Alongside terrorism, cybersecurity is perhaps the number one threat facing our nation today, but many obstacles exist that prevent the cooperation and coordination needed to deter this growing threat,” Feinstein said in a statement.

NextGov (Feb 13) – “DHS budget would double cyber spending to $769 million” by Aliya Sternstein
http://www.nextgov.com/nextgov/ng_20120213_7454.php

There is bipartisan support for improving computer network defenses, so the outlook may be positive for obtaining much of the proposed $769 million from Congress. The funding would go toward the National Cyber Security Division for protecting federal networks and coordinating with the private sector on safeguarding critical infrastructure systems such as utility grids.

For perspective:

U.S. Department of Defense (Feb 13) – “DOD Releases Military Intelligence Program Requested Top Line Budget for Fiscal 2013”
http://www.defense.gov/releases/release.aspx?releaseid=15058

The Department of Defense released today the military intelligence program (MIP) requested top line budget for fiscal 2013. The total request, which includes both the base budget and Overseas Contingency Operations appropriations, is $19.2 billion.

The department determined that releasing this top line figure does not jeopardize any classified activities within the MIP. No other MIP budget figures or program details will be released, as they remain classified for national security reasons.

What is the mood of the Senate, and the posture towards the private sector?

United States Senate Democrats (Feb 9) – ‘[Senate Majority Leader Harry] Reid Outlines Process For Cybersecurity Legislation, Including “Fair and Open” Amendment Process [in letter to US Chamber of Commerce CEO Tom Donohue]’:
http://democrats.senate.gov/2012/02/09/reid-outlines-process-for-cybersecurity-legislation-including-%E2%80%9Cfair-and-open%E2%80%9D-amendment-process/

I was struck by the testimony of the leaders of our Intelligence Community at recent Intelligence Committee hearings. Director of National Intelligence James Clapper called cyber security “a profound threat to this country, to its future, its economy, and its very being.” And Robert Mueller, Director of the Federal Bureau of Investigation (FBI), stated that, “stopping terrorist attacks with the FBI is the present number one priority, but down the road, the cyberthreat, which cuts across all programs, will be the number one threat to the country.” Think about that: in the years to come, malicious cyber activity will pose a threat to our country greater than terrorism. We simply cannot afford to repeat the mistakes of the past by failing to prepare for the leading threats of the future.

Yet, addressing cyber security is not simply a matter of staving off a future threat; it demands that we stop the hemorrhaging of national security secrets, intellectual property, and jobs already underway. In a recent letter to Senate Republican Leader McConnell and myself, eight former high-ranking national security officials led by Secretary of Homeland Security Michael Chertoff and Secretary of Defense William Perry pointed out that, not only are critical infrastructure such as power plants and hospitals at risk; moreover, “foreign states are waging sustained campaigns to gather American intellectual property – the core assets of our innovation economy – through cyber-enabled espionage.” They counseled that the “constant barrage of cyber assaults has inflicted severe damage to our national and economic security, as well as to the privacy of individual citizens. The threat is only going to get worse. Inaction is not an acceptable option.”

At this point, all signs indicate informed consensus for this legislation to pass quickly through Committee into an opportunity for debate culminating in passage through the Senate.

In closing, witness Stewart A. Baker from his text Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism, (Stanford, California: Hoover Institution Press, 2010), p. 5-6.
http://www.skatingonstilts.com/skating-on-stilts/tired-of-reading-chapters-backwards.html

In the 1990s, after a term as the National Security Agency’s top lawyer, I spoke out in favor of keeping a wall between spies and cops. The idea was simple enough. Agencies like the National Security Agency (NSA) gathered intelligence on a global scale, and they rarely observed the legal constraints that applied to domestic policemen. To protect the civil liberties of Americans, it only made sense to separate intelligence gathered in that way from evidence assembled in a criminal investigation. With a wall between the two, criminal investigators from agencies like the Federal Bureau of Investigation (FBI) would be forced to observe the legal restrictions that went with criminal investigative tools. They wouldn’t be tempted to take the shortcut of using intelligence that had been gathered with less attention to civil liberties.

That was the theory, anyway. In practice, the wall crippled our last, best chance to catch the hijackers before September 11, 2001. In August of that year, the wall kept the FBI from launching a fullscale criminal search for the hijackers—even though all of our security agencies were expecting an imminent al Qaeda attack, and even though both the FBI and the Central Intelligence Agency (CIA) knew that two dangerous al Qaeda operatives had entered the United States. The failure to track those operatives down wasn’t a matter of incompetence or a failure to communicate, at least not in the last weeks. FBI criminal investigators spent the last part of August begging for a chance to track the terrorists. They were shut down cold—by lawyers who told them the wall simply could not be breached.

I wasn’t the most enthusiastic proponent of the wall. I thought that the civil liberties dangers it was supposed to ward off were probably more theoretical than real. But I saw no harm in building in an extra margin of protection for civil liberties. If nothing else, the wall would reassure privacy advocates in the courts, in the newspapers, and on Capitol Hill that intelligence would not be misused. It was insurance, not just for civil liberties, but for the intelligence agencies themselves. For both reasons, I thought, it was best to keep the wall high.

It made eminent sense inside the Beltway.

Until the world outside the Beltway broke through, just a few yards from where I’m standing.

Will the world outside the Beltway be heard in the composition of these new laws and during the creation of these new authorities? Are the new cyber sabers already rattling?