Cyber Deterrence against China? The only route left is an Open Source Approach
Is there a way to deter cyber attacks?
Yes. Two ways. One takes a moral high ground.
I won't waste any time discussing that option.
Why? After flame/stuxnet, and the unilateral escalation of the cyberweapons arms race by the US, that option is now closed.
The only option that's left is down and dirty open source warfare.
The key is understanding that large cybercrime networks (more) and significant government black ops programs (less) need government permission to operate at any meaningful scale.
Lots of governments (China, Russia, etc.) see permitting these activities as advantageous. They get economic benefit and they develop/perfect a level of expertise that is potentially useful in the future.
So, how do you deter this activity?
You don't do it by building a cyberwarfare capability. Something big and expensive and geared towards fighting a war with China that will never happen.
NOTE: Why won't China launch a cyber Pearl Harbor. Besides the fact we are a major customer of theirs, it's because we have nukes and they have nukes. A big attack on the US would only cause minor damage in comparison to the nuclear war that would follow.
So, how do you deter cyber espionage, crime, etc.?
Counter grief. Make it painful to be permissive.
Right now, it doesn't cost China or Russia much of anything to permit cybercrime and espionage directed against US targets.
That needs to change. How?
Small tier one black ops groups that conduct attacks against Chinese targets. Attacks that grief the systems of the opposing government and their leading corporations in minor, but embarrassing ways.
For example:
Capture Chinese IP and government conversations and liberate it on Wikileaks.
Cut the personal net worth of a Chinese bureaucrat in half. Leak a story to the NYTimes about it.
Spread a rumor that causes a riot at a factory.
Public grief.
To attract an a larger group of co-griefers, slow/stop the investigation of hackers operating inside the US if they restrict themselves to Chinese targets.
Don't threaten. Do. And post the results publicly.
ROBERT STEELE: General Keith Alexander at NSA/Cybercom is a good man out of his depth. He has no clue and is simply administering tens of billions of dollars to buy corporate vapor-ware. Most of the claims of success are bald lies on a foundation of grotesque exaggeration. Most of the payroll is butts in seats muddling around. In short, at best a disgrace and at worst outright treason. The Service C4I and Cyber chiefs are no better. Also good men and women, they also do not have a clue. They rose through the rnaks on the basis of being well-behaved, not on the basis of what they actually knew, most of it learned 20-30 years ago. None of them has a grasp of the alternative paradigm pioneered by Robert Garigue (RIP), and none of them has bothered to think seriously about the Open Source Everything alternative — not just Open Source Security as called for by Admiral James Stavrides at NATO, who does have a clue, but Open Cloud, Open Hardware, Open Software, Open Standards, etcetera.
John Robb is normally very balanced, and his suggestion that we declare “Open Season” on China to cause China pain is completely uncalled for and totally at odds with ethics and the culture of Open Source Everything (OSE). One should not throw stones when one lives in a glass house. What we SHOULD be doing is going “all in” on OSE, across the US Government, starting with Defense, which might as well burn its house to the ground and start over, it is so badly entangled in legacy systems that provide a NEGATIVE return on investment. It is at the CODE level, working strictly within the OSE mind-set, that gains are to be made. These gains in code can be accompanied by advances in 3D printing, the proliferation of sustainable products, services, and behaviors, and a general commitment to be open about the true cost of everything. Intelligence with integrity. We know how to do this, and those that ostensibly represent us have chosen to be criminally insane instead. The Republic is comatose.
See Also:
1994 Sounding the Alarm on Cyber-Security
Robert Garigue (RIP) Body of Relevant Work