Countries accused of harbouring criminal computer hackers are victims themselves, the new US cybersecurity policy chief said on Thursday, suggesting that the US would not take a more confrontational tack against China and Russia.
“There’s a perspective that the government is somehow protecting bad guys in one place or another. I don’t know that’s the case,” Howard Schmidt, who took up his post as White House cybersecurity co-ordinator in January, told the Financial Times.
“All the governments are struggling with this,” he said. “It’s a very difficult thing to do because you never know whose fingers are really on the keyboard.”
Mr Schmidt and other White House officials this week rejected Russian calls that cyberconflicts and hacking be handled through arms control treaties, saying that such matters were a law enforcement issue and should be dealt with through co-ordinated police efforts.
“Making sure they are doing a full-blown investigation and conferring with our law enforcement is the biggest thing we can do to help this issue,” Mr Schmidt said in reference to the recent attacks by Chinese hackers against Google and other US-based technology companies.
“We’ve been very clear on the fact that this is not tolerable, not only against our society but also other societies. One of the key things has been going back to the countries that it appears it’s coming from and saying: ‘If it’s not you, you need to investigate this.’”
That comment, a day after Mr Schmidt’s maiden speech at the RSA Conference on cybersecurity in San Francisco, echoes secretary of state Hillary Clinton’s formal request for a Chinese probe into the computer break-ins at Google, disclosed in January, which sought intellectual property and access to dissidents’ e-mail.
US government contractors previously told the FT that the author of the attack code exploiting a previously unknown security hole in Internet Explorer had regularly had his work reviewed by Chinese authorities and that the computers launching the assault were at two schools with military ties. They said there was no credible way Beijing could deny at least immediate after-the-fact knowledge of the intrusions, though the Chinese have indeed disclaimed responsibility.
While Mr Schmidt said that high-level talks among governments on cybercrime would accelerate, his otherwise cautious stance contrasts with the mounting frustration voiced this week by other experts in and out of government.
With Russia and China, “it’s difficult to believe with the control mechanisms they have in place that if they wanted to stop it, they couldn’t,” said Ken Silva, chief technology officer of internet infrastructure powerhouse VeriSign and a veteran of the National Security Agency.
Janet Napolitano, secretary of the homeland security department, said at the RSA Conference on Wednesday that the cybercrime issue was “urgent”, asking attendees to redouble their efforts to deliver more secure software, hardware and services. Her comments came after Mike McConnell, a former director of national intelligence, told Congress late last month that in an immediate cyberwar, “we would lose”.
Get alerts on Technology sector when a new story is published