Cyberthreat Posed by China and Iran Confounds White House

Sep 16, 2015 · 217 comments
Dryly 41 (<br/>)
Yep. This would not have happened if John McCain or Mitt Romney had won. Obama is weak. He didn't start any wars. He tried to end the Bush II-Cheney wars. Big mistake. War is good for us.
otherwise (here, there, and everywhere)
Mitt Romney? Oh, sure. He would have solved the problem of Iran by purchasing that country for his own account, and then firing everybody.
director1 (Philadelphia)
If I was playing chess, I would not tip my strategy to my opponent, I would try disinform, cover my intentions to achieve my ends. Why would we indicate to Iran or China what we know or don't know. We certainly did not tell the Germans or the Japanese that we broke their code during WWII.
Kevin Friese (Winnipeg)
The Americans are not really the ones who should be complaining about other countries cyber attacks. The American cyber offense is just as capable as any other country. Just look at Stuxnet, the virus that destroyed a number of Iranian centrifuges, it was an amazing piece of engineering, and in many ways the first of it's kind. We just never hear about the US cyber attacks because it would be then be obvious the level of hypocrisy.
Any country can do cyber offense. Cyber defense is incredibly difficult, maybe impossible.
AmateurHistorian (NYC)
Propaganda piece that tries to portray the U.S. as innocent victims while every other strong nation as aggressors. Read between the lines, U.S. know about the SONY attack and Chinese cyber unit how? By penetrating other nation's network. If China have 22 million names of federal employees, where do you think the U.S. got the name of 5 Chinese cyber agents?

Until U.S. ceased all attack on other nation I see no reason why those nation wouldn't want to attack the U.S. Voice support for Taiwan, Hong Kong, Tibet, Xinjiang anti-government groups, funding occult, Fascist, Islamist groups to carry out attacks isn't building relationships with other nations.
Larry (Chicago, il)
Too bad American students don't learn math and science anymore. All they learn is that America is evil, racist, and to blame for every problem on the planet. The 3Rs are now reduce, recycle, reuse, and you wonder why American kids can no longer read, write or do math.
Robert Burns (New York City)
This entire article was a waste of space because under Obama the country has become toothless and a non threat to the real powers. I don't think there is one country in the world that doesn't consider us a joke under him.
Change Iran Now (US)
Iran has a long and dubious history of cyber-attacks as it has gone after US businesses, utility networks and government agencies. Now there are new revelations of even setting up fake social media profiles and news sites in order to befriend lawmakers, staff, journalists and others online and introduce malware to capture passwords and gain access to new networks. The broad effort is more evidence that Iran tries to project a “moderate” image on the one hand, but is really focused on manipulating nuclear talks in order to get crippling economic sanctions lifted without giving up its weapons capability or without any linking to improvements in brutal human rights violations. For anyone online, the worst thing we had to worry about with the NSA was getting recorded, in Iran’s case, the worse thing to worry about it actually becoming friends with a stealth Iranian Revolutionary Guard member.
MLB (cambridge, ma)
After years of China's unrelenting theft of intellectual property and espionage on an unprecedented scale, which included the theft of the 22 million security dossiers from the Office of Personnel Management, which contained detailed information on all the federal employees with "Top Secret" clearance, we hear breaking news today that "China Building Airstrip on 3rd Artificial Island, Images Show."

President Obama's central fault has been an almost pathological need to govern and make policy from the wishy-washy middle ground. As Obama critic Cornel West correctly observed, the wishy-washy “middle ground is not the place to go if you’re going to show courage and vision. And I think that’s [Obama]’s M.O. He always moves to the middle ground.”

Unfortunately for us, that personal trait gave the Chinese government the courage to harm the United States.

Mr. Obama must now wake up and change his approach to China. Mr. Obama's response must now be consistent, coherent and backed by swift action aimed at immediately stopping the cyber attacks and removing the airbases from the South China Sea.
AmateurHistorian (NYC)
China is building an airstrip on its territory. Do you want Obama to remove the airstrip on Guam in exchange for China moving this new strip?

China isn't Taiwan. U.S. order means little. You have to quid pro quo like U.S. did with the Soviet if you want China to do something you want.
NYT Reader (Virginia)
Have we so completely lost our grit that we are helpless? Sadly, I do not see any candidate now running for President with the right qualifications to be our next President.
Kirk Weir (Folsom, CA)
Oh come now - the President has been in office for almost 7 years.

Our National Labs (you know, the places where nuclear weapons are designed and tested - somem of our most closely guarded secrets) were successfully hacked (you mean you didn't read about it in the New York Times??) over 5 years ago and have had their networks severely clamped down in an attempt to limit further damage.

This has almost nothing to do (despite the Presidents remarks) about being able to trace back the attack - and much more to do with making systems secure in the first place. The knowledge and tools exist - what is lacking is an executive who gives a rip about competency. Who can blame him? If you can be elected to the Presidency twice with absolutely no track record beyond winning a few elections?
Alex (Indiana)
It would be helpful if more information was revealed about the nature of these cybercrimes. In virtually all of the reports I have read, the vulnerable piece of software (or, in rare cases, hardware) is not revealed.

I'm guessing that it's usually MIcrosoft Windows that lets the hackers in. Microsoft Windows, when it was first introduced, was not designed with security in mind. Microsoft has done a lot to fix this in the years since then, but the software is still far from perfect. Other operating systems, most notably the many versions of Linux, or it's close cousin, Unix might prove to be more secure..

If it's Windows that's at fault, we should be told. And perhaps alternatives should be considered, or, for especially important tasks, maybe even mandated by the government. If Windows is not the problem, by all means lets keep using Windows.

Now, this is a very simplistic suggestion. Microsoft will argue, with considerable merit, that the only reason WIndows is cyber-attacked, is because Windows is so prevalent. If LInux (or Unix) is used in target systems instead, these operating systems might prove just as vulnerable (or not).

And more importantly, there's an immense Windows "ecosystem" in place; using alternative OS's will often be difficult, time consuming, and expensive.

But, depending of how the hackers are doing their malevolent deeds, it may be time to consider operating systems other than Windows, at least for some tasks.
DaveN (Rochester)
Maybe the NSA could do something about cyber defense if they weren't so busy monitoring Skype calls between grandmothers and their grandchildren. Our priorities are a disaster - we're so worried about the possibility of a terrorist attack that we've placed inadequate focus on real threats that are happening today. While I certainly don't advocate stopping monitoring for terrorist activity, it is a serious blunder to let our focus on potential terrorism be the excuse for ignoring real cyber attacks. I just had my personal data stolen from Excellus, along with over 10 million others. That stands to have a real effect on my life, unlike terrorism, which thankfully does not (rude Customs officials aside).
MadSang (Irvine, CA)
The conundrum for American negotiators in setting the rules of cyber-war is that they want to protect the offensive capability of the NSA and CIA in service of US foreign policy while preventing China/Russia/Iran/North Korea from conducting cyber-attacks on US interests. In the case of nuclear weapons, we have mutually assured destruction but that works only where the number of players is limited (2) and barrier to entry is high & enforceable. However as Obama put it well, cyber-attack is cheap & open to nearly all actors and cyber-defense near-impossible. A few years ago, the US tried to create some rules by getting China to agree on allowing cyber-attacks for state level espionage but not for stealing IP & business secrets. This would work to US advantage since NSA's capabilities in espionage are much greater than all foreign foes. Hence, China Iran etc.. are smart to disagree and try to retaliate asymmetrically by stealing US business interests and not playing by American rules. At this point, the US being more technology dependent has more to lose in all out cyber war but a time will come soon when China, Iran etc.. will also be more vulnerable, at which point some common rules might be agreed on. Till then, it is likely that American cyber espionage against rivals (like Stuxnet) and asymmetric response from China, Iran etc.. will continue to escalate.
not nearsighted (DC)
As some commentators have pointed out, defense is much more difficult than offense when it comes to dealing with hackers. Therefore our solution to the problem cannot be greater and more complex defenses against these attacks - we will only be setting ourselves up for greater failures in the future. As alarming as it may be to consider, our best response to this might be to retaliate, and retaliate hard.

Despite the impression that these attacks have created, the US continues to have one of the world's strongest capabilities in the cyber-warfare sphere (Stuxnet, which was used to attack an Iranian reactor, is widely considered to have likely been a US/Israeli project). It is not that the US is incapable of responding to these attacks in kind, but that it has been deemed unwise to do so, due to the risk of militarizing what should be a civilian-dominated arena. However, if China is doing just that already - and all they are - then it is in our interests (and indeed those of the world at large as well) for the US to show them that this will not work out well for them and that this pursuit should be abandoned.

It is difficult not to view this as analogous to using a nuclear weapon to promote nuclear non-proliferation, however this comparison is a false one - in effect China has been regularly using their "nukes" (hacks), yet without triggering any deterrent. This Cold War is already becoming a Hot War, and it will be our own fault if we fail to do anything to stop it.
MLB (cambridge, ma)
People only act to harm you when they think they can get away with it. This is especially true in international affairs.

How did the Chinese government correctly predict Mr. Obama’s wishy-washy response to unrelenting intellectual property theft and espionage on an unprecedented scale including the theft of the 22 million security dossiers from the Office of Personnel Management, which contained detailed information on all the federal employees with "Top Secret" clearance? (The OPM hack must hold the world record for blowing the cover of more Top Secret federal employees than any other computer hack job).

President Obama's central fault has been an almost pathological need to govern and make policy from the wishy-washy middle ground. As Obama critic Cornel West correctly observed, the wishy-washy “middle ground is not the place to go if you’re going to show courage and vision. And I think that’s [Obama]’s M.O. He always moves to the middle ground.”

This is why his "administration’s response [to massive Chinese hacking] has seemed inconsistent, and to many incoherent."

Unfortunately for us, it's that personal trait that gave the Chinese government and other enemies the courage to harm the United States.

Unfortunately for us, Mr. Obama doesn’t realize that a great leader...doesn’t just occupy a wishy-washy middle ground especially in international affairs.
Ancient (London)
Let's face it, US opened this Pandora's box by FIRST USE of Cyberattack to attack Iran, their Nuclear and many other industries...
Now that the rules of the game have changed, its a free for all.....on the Cyberattack front!
Hal (Washington)
I wonder if "confounds White House" is the proper headline here. Is it the White House or the Defense and Intelligence apparatus that is directly responsible for deterring security threats?
Michael F (Yonkers, NY)
You do know where the buck stops, right? Or is that another pass we are supposed to give Obama.
Leo (Long Island/Brazil/Shanghai)
And then came Snowden, last time the US tried to say something to China !
Title Holder (Fl)
The US is powerful enough to develop an "INTERNET WEAPON OF MASS DESTRUCTION" OR IWMD.

This IWMD could for example cut off the Internet for a week or so in the city where the attacks came from. Imagine an Iranian, Chinese or Russian city without internet for a week or so. Local people will be angry at their government and they will think twice before launching any major cyber attack against the US again.

This is the type of research the US should be spending and investing money in, instead of wasting money building F35 fighters jets or getting involved in civil wars in the Middle East.
Phil (Tampa)
You can't ask other nations to stop doing what we do ourselves. And our media reports this issue as if we were just victims of attacks and not perpetrators.

For anyone who believes that we allocate funds rationally, look at the trillions wasted since 9/11 essentially creating the jihadist threat we sought to minimize, verses our complete inability to hold anyone accountable for theft of personal data on a staggering nationwide scale: The Target and Anthem hacks, were essentially declarations of war on the entire populace, and our leaders have done nothing, repeat NOTHING.

Our corporate overlords have either foisted pathetically bug-ridden insecure software products on us just begging to be exploited, or refused to take adequate defensive measures to safeguard data for reasons to do with penny pinching or just plain neglect or negligence. Financial companies lobbied against embedded chips in credit cards. Target and Sony couldn't even be bothered to keep their anti-virus products current. The CEOs who so recklessly and casually endanger our financial and personal wellbeing should be in jail, instead of being handed golden parachutes.
Daniel Yakoubian (San Diego)
Thanks to Snowden and others we know that the US is the worlds biggest espionage threat. If the US had some boundaries when it comes to espionage and undermining other nations, it could expect perhaps some cooperation. But its all attack, attack, threaten, attack. We can only hope the US doesn't further destroy relations with two of the worlds largest countries over its pathetic need to make the rules and then act as judge, jury and executioner.
zhouchris (tongling)
After reading your comment, I cant stop writing some my thoughts. Your opinion regarding this Cyberwafare is different from other comments I find here. With all due my respect, America always has double standard on what other countries did ,especially China,in international affairs and they wish everything can be seen through american lens, which is not right. One-sided criticism do no good to solve the problem facing China and United States.
W.Wolfe (Oregon)
ANYTHING that President Xi Jinping says in his visit to Washington will be a lie. I am amazed and insulted that he would be invited to Washington. Just because Bush 2 allowed China to buy our massive and obscene National Debt from his phony, Halliburton-fueled War in Iraq - thus making China our "Banker" - that doesn't make continued "politically correct" dialogue between the US and China to be of any worth.

For Chinese Government hackers to steal vital US Intellegence comes as no surprise. China steals Oceans that are not their's, and Countrys that are not their's. In China, any freedom of speech, or thought, or faith is completely repressed. America has no business doing "Business" with such a blood-thirsty and cruel Communist Government.

What use is dialogue when you know the other side could care less? I would cancel Jinping's visit, and get our best and brightest computer technicians to make a solid firewall around our data - NOW. Quit talking about it. Do it.
Bill Stones (Maryland)
Why the Internet is so insecure? Because (the US) don't want it to be: for the government, it is a network that we can put the world under our surveillance, prepare and launch cyberwars. For the companies that sell hardware or software, it pays to have broken products, as then they can sell support to their clients as well. Obama keeps saying we are under attack by China and Russia, not saying a word what NSA or CIA are doing to them, so we need to pump more money into NSA, Pentagon and CIA. So it's a win win win for US,
or are we just fools?
John (Sacramento)
Those who think a "better defense" will have any affect on the rate and consequence of attacks is fooling themselves. While we've whined, the Chinese have compromised most of our government and almost all of our corporate computer systems, with no consequences at all. They've already demonstrated using all of the data they've stolen in economic warfare, and we've responded to the bully with "that's not fair."

There are two possibilities, either we abdicate and lose our standard of living and place in this world, or we respond aggressively. The schoolyard bully will back down when punched in the nose. We, however, continue to telegraph weakness, practice cowardice, and lose ground.
Student (New York, NY)
er, i'm afraid that many would consider the US that schoolyard bully. maybe it looks like we're backing down because we got our punch in the nose.
seriously, it is difficult to hold the moral high ground after the last decade or so. for example, how can we talk about legal or fair when we have been participating in torture and illegal global surveillance. we may finally have come to the realization that we can't bomb everybody into submission or there'll be no world left.
Syed Abbas (Dearborn MI)
“we can choose to make this an area of competition, which I guarantee you we’ll win if we have to.”

We won WWII, the Sputnik war, and the Cold War. All required resources and capital on which we then had a monopoly. Cyberwarfare the global equalizer, pits mano-a-mano, brain-to brain, soul-to soul, where we DO NOT have monopoly. Our adversaries have a distinct numerical advantage 10-1 and worse, of better quality and more educated youth.

At the end of WWII it was said in capitals of Europe – in London, Paris, Berlin, Rome – that America was so rich that Europe could live on its garbage, and Asia was so poor that it could live on Europe’s refuse.

Today while we here in north America are mired in mount of debt and self doubt, and the geriatric ward of Europe ekes out an existence by not having children, a youthful Asia sits on a pile of cash.

Our foes do cyberwarfare because we do. The best strategy is to change our own behavior. If we take a combative stand we sure will lose. A Chinese or Iranian Stuxnext II can be our undoing, then Ed Snowdon will be rightly seen as a prophet that he is.
gary misch (syria, virginia)
If China is such a bad actor, why is Obama meeting with its president? Does he have such a great need to be liked? **No spine**
Michael F (Yonkers, NY)
"Then he [Obama] issued a warning: 'There comes a point at which we consider this a core national security threat.'
----------------------------
Is that a point on a red line. Sorry Barack old buddy bit nobody believes your rhetoric anymore. You can't fool all the people all the time and you never had Putin or Iran fooled.
pepperman33 (Philadelphia, Pa.)
It kind of lends creedence about what Mr Trump says of our government when dealing with China. China Is much to clever for our government to deal with.
Matt (NJ)
A lot of hand-wringing going on here when countries do to us what we do to them.

If Obama doesn't like it, is he willing to lead by example? Nope.
Kimbo (NJ)
It is one thing, and perhaps understandable, to be stumped by these continued attacks. It is unfortunate that the President has "vowed" to do something about them. If he and the IT security folks are stumped, then it kind of renders his "vow" useless. This is partly a problem of his own doing. He makes a point to say very little publicly. Therefore, he defers to the media to do a so-so job of trying to interpret his actions, even though he has the media's support. Lost in the translation is whatever he is doing behind the scenes. No more red lines. Action, please.
Joe Yohka (New York)
The headline says it all. The response seems to be tepid. The threats from Russia, Iran and China on land, air, ocean and cyberspace are flummoxing the White House
Steve Fankuchen (Oakland, CA)
The issue is not primarily political. Rather, it is that, as with nuclear weapons, once out of the bottle, the genie cannot be stuffed back in.

The selling -- and I do mean selling -- of the internet as God's gift to a poor, unequal, fractured world has loosed a monster, connectivity that allows for mischief on a scale previously unparalleled by anything other than nukes and, possibly, biological weapons. No more than Reagan's Star Wars A.B.M.s could solve the problem of a nuclear attack, will any "defense" stop the possibility of online attacks.

The enemy, whether criminals or politically motivated groups and countries, is likely to be as bright as the people we have working on defense. Arguably, they are even more motivated, as they tend to be narrowly focused. We kid ourselves at our own peril, if we believe we can safely continue to become more electronically interconnected.

Americans have so bought into the consumer culture, that they allow themselves the transient luxury of choosing convenience over security. The internet is getting less, not more, secure. And as connectivity increases, the ability to disrupt and destroy massively increases. In addition, a generation dependent on interconnected gadgetry, will be lost, deer in a headlight, when it doesn't work.

We welcome drones so Amazon can deliver toilet paper to our front door. That same drone in the hands of others can deliver explosives anywhere.
Coolhunter (New Jersey)
hard to strike back? Not really. Our 'ace' is to block any country from which these attacks occur from use of the global 'swift' financial system. Since the US controls the 'swift' system, we can do that instantly. That will get the attention of these countries. Remember, money flow is the life blood of most countries financial systems. Without it, as the Iranians have found out, creates real pain.
DD (Los Angeles)
Bush/Cheney hired Amit Yoran, a renowned Israeli expert in cyber security, in January 2006. Government officials then proceeded to completely tie his hands, only trotting him out to hold occasional press conferences. Yoran quit in disgust less than four months later, in April 2006.

We can't repeat that remarkably stupid performance. Head of cybersecurity needs to be a cabinet level position, with all the budget and power that entails. And it needs to be a hands-on expert, not some apparatchik being rewarded for loyalty.

Otherwise, we may as well kiss our networks and data goodbye.
Nate (NYC)
The essential distinction was elucidated by Mr. Clapper: "attack vs. espionage". Spying by China, Russia, Iran, etc. on our military, foreign policy elites, etc. is part of espionage. Political/military espionage has serious downsides for us which we need to protect against, but it's a permanent feature of international relations. The only thing to do is better protect our communications and data, and to spy on them better than they spy on us.
Economic espionage by state actors yields "unfair" economic advantage and should lead to consequences: if your company benefited from state sponsored sanctions then your company is open season to government sponsored sanctions or even sabotage. Sanctions especially should be applied liberally as its clearly a matter of Chinese state policy.
Attacks are what North Korea did to Sony, where information is released in order to cause a policy change. That should be answered in kind; if the North Koreans fear insults to their leader and thus threaten our people and companies, then we should blast in insults of their leader into North Korea, perhaps by smuggling propaganda, dropping leaflets, temporarily taking over their TV, etc.
timoty (Finland)
Mr. Obama has, according to the article, issued a warning that if China and other nations cannot figure out the boundaries of what is acceptable, the U.S. will respond and it'll win.

Based on material leaked by Mr. Snowden and other people, the U.S. is pretty active in the cyberspace, it is not a playground for America only. The sooner the U.S. accepts that, the better it is for all of us.

Besides, there's a lot of hacking going on by government agencies. A while ago it was revealed that BND of Germany has hacked European companies and they did it in close co-operation with NSA.

By the way, was releasing the Stuxnet worm a fair and patriotic thing to do? In my opinion it was not, it was dangerous.
W Traveler (Waitsfield, VT)
The U.S. government has the largest cyber warfare capability in the entire world, and uses it most aggressively and frequently. The NSA and CIA (in coordination with Israel's Mossad) has already attacked Iran's nuclear enrichment facilities with the Stuxnet virus, and the NSA has also penetrated much of the Chinese national computer networks. Why should we be surprised that these nations are doing the same to us?
Those who live in glass houses should not throw stones.
Posa (Boston, MA)
Get off your high horse Obama.. you and the Israelis were part of a sabotage and assassination campaign in Iran a few years back... you permanently lost the high ground. Send the bill to Bibi.
Larry (Chicago, il)
Good! The Israelis have every right to protect themselves!
Steve Rosenberg (Chicago)
Does this Admin have a foreign policy? Countless red lines, countless shoulder shrugging, an attempt to blame the killing of an Ambassador on a film, a Secy. of State with a private email server, 250k dead in Syria, 1mm plus Syrians on the run, Russia spreading its wings over its neighbors, China hacking us relentlessly, signing a deal with Iran that brakes historical NPT norms that the American pubic overwhelmingly rejects, very low troop levels......Let's just all agree this Admin has no effective foreign policy.
Jonathan Ariel (N.Y.)
Instead of cementing cooperation with Israel, which has arguably the most advanced cyber warfare capabilities in the world, Obama is doing all he can to weaken what should be our number one ally at this time.

Israel already has a national cyber authority under the command of the ISA (Shin Bet), and the IDF is in the process of creating an independent Cyber Command, to be headed either by a Major or Brig. General.
znlg (New York)
The NYT has finally awakened to the reality that Obama and Co. are the worst administration for strategic security in our lifetimes.
Why has this taken seven years?
Thanks to Obama's complete lack of understanding of the real world or the value of US military supremacy, only if we are very lucky will we avoid a great deal of bloodshed because we are perceived everywhere as being hollow.
Dear NYT - your favorite President Obama will go down as one of the all-time worst.
Posa (Boston, MA)
Is this a brief to return the neo-Cons overtly to power? 'Cause if it is, I prefer Obama... at least he won't start WW III
JW (New York)
I recall Libs predicting the same thing about Ronald Reagan starting WWIII (remember Ronald Raygun?). Instead, the Soviet Union collapsed. Do we have to go through this hysteria again?
Posa (Boston, MA)
Actually I recall two incidents withing a dew days of each other when the USSR thought it might be under a preemptive attack thanks to the rhetoric and bluster from the Reagan Administration.

"Some historians have since argued that Able Archer 83 was one of the times when the world has come closest to nuclear war since the Cuban Missile Crisis of 1962. " (Wikipedia)

So I was right. It's all about regime change in Moscow.
seeing with open eyes (usa)
let's see.

1. America welcomes and trains Chinese IT engineers and coders at it's best universities and then they go home.

2. American tech companies -ie Apple, Intel - move manufacuring of fully functiong devices like Iphones (which are now really computers) and memory chips to China because it's cheaper.

3. Chinese hack US government and corporate data bases and probably processing .

And we are surprised ??????
Argyris Papasyriopoulos (Athens, Greece)
the major predator presents itself as the innocent, fragile victim...
NYChap (Chappaqua)
Everything stumps the White House.
DCBarrister (Washington, DC)
As someone who works on Capitol Hill and has been in the Obama WH, saying that everything stumps this President and his administration is the understatement of the year.

I may be a young man, but I have never seen more people who have no clue what they are doing in the same building than I see in the White House.
bill (NYC)
Why do you say Obama sounds "uncharacteristically combative", as though he had never spoken aggressively before, which we all know is not true? You characterize the White House as confounded, but in contrast to whom? And who is this David Rothkopf? He wrote a book. So what?
jacobi (Nevada)
"the administration’s response has seemed inconsistent, and to many incoherent."

This will be the Obama administration's epitaph with respect to foreign policy. It is a result of a president who obviously thinks he is smarter than everyone else, even though he doesn't know that he doesn't know what he doesn't know. I have worked with folk like that before and it is a nightmare.
Samuel Markes (New York)
Quantum computing - DNA based computing - these are the ways to establish encryption that "can't" be breached.
drollere (sebastopol)
it's pretty shocking to see the NY Times run such a vague, scaremongering and evasive article on such an important and pressing issue.

1. what's to be done? the article neither defines this question nor describes the specific remedies under consideration. yet the necessary remedies that have not yet been taken define the problem: the article makes it appear that the problem is solely foreign governments.

2. who's standing in the way? the article implies that all the solutions are in solely the hands of the executive branch. congress is not mentioned once. yet congress can fund the programs, pass the authorities, and legislate the enforced compliance of businesses and utilities. it hasn't done so. why not?

3. what's the current status? the article alludes to a "deterrence deficit" but does not indicate whether that is technical or simply a matter of political will and consensus.

mr. sanger needs to go back to the well with a bigger bucket and pull up some information that gives us readers a real view of the problem. yes, iran is bad, china is amoral, the russians are crooks. so what? there is nothing here to help me as a reader understand the problem in a way that allows me to address it via my representatives.
John (Hartford)
drollere
sebastopol

Totally agree. This is another one of those NYT when did you stop beating your wife stories. It's an enormously complex issue and almost totally shrouded in secrecy for very good reasons. I'm quite sure our cyber intelligence operations are quite equal to anything the Chinese or Iranians deploy. We didn't invent sigint but we were reading Japanese cyphers in 1941 for godsake. No doubt we win some and lose some but we're never going to find out or at least not for long time.
A Goldstein (Portland)
I doubt that any nation's foreign policy (i.e., whether it supports, opposes or looks the other way) can effectively control cyber-terrorism. The problem is not unlike other terrorism - physical violence - which can be committed by lone wolves or loosely connected organizations having little to do with governments.

The increasing complexity that our technologically advancing world has bestowed on us is a major cause of this cyberthreat and one which is being poorly addressed. Like climate change, the question becomes how catastrophic a cyber attack has to get before we make the necessary financial commitments to control the problem.
Brent Jones (Oak Park, IL)
If we don't disrupt the infrastructure of enemies, then we are weak fools. Our government and private enterprises should offer cash bounties for hackers that can prove that they have disrupted the work of criminals and enemies. We have several million hackers that would be able to do quite a bit of havoc and mayhem if directed at suitable targets.
jon (ohio)
This may be the biggest failure of the Obama administration. They came into office saying, "We're hip. We're progressive. We're tech savvy. We get technology. We understand it. Trust us."

Obviously, they don't get technology. Our enemies have successfully launched breaking cyber attacks on the United States -- even getting into CIA and FBI personnel records.

This failure has received relatively little attention from the mainstream Democratic party press. But we will be living with the consequences for decades.
Me (NYC)
OBVIOUSLY, they don't get technology? That's so amateur. I'm pretty sure "they" get technology. Cyberattacks aren't regular technology.
Kimbo (NJ)
Hip, progressive, and tech savvy when it comes to reading your and my e-mails and texts.
HealedByGod (San Diego)
Obama could make a statement to China by cancelling their state visit. but he won't. Obama is great with his teleprompter telling him what to say but he's done nothing about the cyber threat posed by Russia either. Why doesn't he hack into their computers? Oh that's right. We import so many of our good we could produce here and also because China is the largest holder of our debt. Imagine if Obama could not go to the very bank of China that he mocked Bush for going to in the name of our children when he doubled the debt in 7 years.
Does anyone remember Obama telling Medvedev over that hot mic that he would have more flexibility in a second term? Did that mean refusing to send Ukraine lethal weapons against Russia because he didn't to offend his buddy Vlad?
China openly mocked Obama is the press before his first official state visit and in total Obama fashion he just took it.
Obama could put an end to this but he won't. He will publicly posture his outrage but in private he will do nothing.
Why are our climate change people meeting with China's when they already know our position from hacking our computers?
If ignorance and stupidity were a disease Obama would be on life support with no hope of recovery.
Jack (Illinois)
Repubs are complete losers when it comes to anything resembling proper governance, which does include national security. Repubs have no right to counsel Americans on what to do with foreign policy. Idiots when it comes to a logical foreign policy, cowards when any kind of courage is required and are completely blinded by right-wing ideology. It should be at least 100 years before any Repub of these types be allowed to speak about foreign policy!
S.Texan (S.Texas)
This is what happens when you elect a Wimp- IN- Chief instead of someone with a backbone and the good of the people at heart!
Zeke Dombrowski (Connecticut)
I'll keep it short and simple. We have to do anything and everything to protect our internet vulnerabilities that could cripple us i.e. power grids, DOD etc. It's really not as complicated as it's made out to be. Governmental policy has been way out of touch in getting this issue resolved.
otherwise (here, there, and everywhere)
It is not "off-topic" to note the relevance of this "cyberthreat" to the larger issue of President Obama's overall inability to deal with foreign policy. I voted for him twice, and I voted for Kerry in '04, not because I was thrilled with either of those candidates but because any Republican in the White House would be disastrous in terms of domestic issues. I will probably vote for Bernie Sanders next year, as I am hoping he gets the nomination, but a Trump victory might not be as much of a disaster as one might fear it to be. Actually, I might write in Pamela Geller this time.
miken (ny)
Obama has no backbone and does not get any respect does not deserve any. Left wing-nuts who think its ok because we hack them too are just so pathetic - no understanding of the fact that in those totalitarian countries many are filled with jealousy and contempt for our democracy and at any time could use the security failures to take down our power grids and markets. Your life will change overnight. If you have ever been to Eastern Europe then you understand Russia and China have virtually nothing to lose and so much to gain from a first strike. China built their F35 copycat and stealth based on info stolen from us - what technology could we possibly gain from them - they can't even get to the moon or Mars where we have been for decades. In the streets of Russia people still use the abacus. Get real.
otherwise (here, there, and everywhere)
I agree with you, but with one slight modification. You speak of "left-wing nuts," but I would argue that there is no "Left" today. What passes for the "Left," and what the Media (especially the right-wing Media) calls the "Left," is merely a style, a ready-made caricature for the Right to poke fun at. At the undergraduate level, it is all about where an individual fits in --as in, "am I a Frat Boy or am I a Rad"? At the adult level, it is social posturing by affluent types who choose "Left" positions mostly on trendy issues which are non-threatening to their affluence. As they only converse among themselves, the ideology that lends a patina of false authenticity to what is merely social identity bonding is all they hear. Placard-Speak and unified denunciation of anyone who challenges their ideological dogma (such as "never blame the victim") thus pass for unquestionable truth in their perception.
pnut (Austin)
What I take away from this was Obama's early quote in the article, about being forced to win the cyber war, if other nations insist on provoking one.

That would be a major change in reality for these other countries - they're currently throwing rocks at the castle walls. But if they continue, there will be boiling oil poured on their heads, and the US will unambiguously take responsibility for a crippling level of economic disruption to their home countries.

Obama is trying first to avoid this eventuality because nobody wins in a scenario like that. But America does what it has to, and if it means militarizing the internet, they'll do that too.
David B (Tennessee)
Welcome to the 21st century where a few smart hackers in a remote country can create almost as much fear as a country with trillions of dollars in military equipment. Unless we plan to bomb those breaking into our computer systems (if we can even find them), it's time to redirect a lot of money and effort into better cyber attack and defense programs.
Mark Shyres (Laguna Beach, CA)
I believe this was Obama's point in the presentation. He is looking for more funding and more power.
cyclone (beautiful nyc)
In a risky but bold move, the US could adopt a new M.A.D. doctrine, Mutually Assured Disruption.
Ron (San Francisco)
Xi is going to have a private meeting with our top tech companies
(Facebook, Apple Twitter etc etc) before he meets with Obama A slap in the face. These tech companies are crying for the US to do something about the attacks that keep coming to them from China but yet want to do business with them. Sanctions would be best now after 15 years of cybercrime. This will also make our companies choose on which side they want to be on. Be bold and send a message to China we will not tolerate this anymore. They always make nice right before a big meeting. I'm sick of their lies! Do something! Sanctions!
Mark Shyres (Laguna Beach, CA)
Please remember that the tech companies also sell cyber protection programs. They want it both ways.
LW (Austin)
Maybe they're cyberattacking/espionaging us because we've been cyberattacking/espionaging them?
We say we do espionage and they mostly do attack while NSA wants us the public to know the difference between the two activities
The solution is to agree to limits on both sides but that's the problem, right? We don't want to give up our edge on espionage to trade for whatever it is that they do (which is probably deemed "lesser" by NSA)
sh (Brooklyn)
The GOP has been obstructive. Do you remember how dismissive McCain was?
Paul (Washington D.C.)
How hard is it to take a 5 dollar pair of wire cutters to the computer room and sever the connection to the Internet?? Why were the 22 million government security records connected to the public internet? And power grids and nuclear facilities? And private and military technology companies? How stupid are we?
Joren Maksho (Hong Kong)
Don't hold your breath waiting for anyone to be investigated for criminal violations or management incompetence. The forcing out of the hapless OPM director means nothing. The incompetence was, and possibly remains, in the CIO, career IT staff, and longstanding IT support contractors, who include some major names.
Matt (NJ)
How hard would it be for you to stop using the internet and phones? How would you would you like a world that operates only with paper, including money?

If you like slow and expensive, then OK.
Peak Oiler (Richmond, VA)
We need to follow the excellent advice given in Richard Clarke's book Cyberwar, namely 1) Protect our critical infrastructure by taking some of it out of contact with the general Internet 2) Rely less on commercial software on critical servers and instead use more secure OSes such as government-developed "flavors" of Linux 3) State clear consequences and 'red lines' for cyber-attacks, including non-violent or "kinetic" response that could range from freezing foreign assets to a declaration of war.

Given the stakes--the US power grid going down for weeks as we enter a conflict with Russia or China, or a nuclear reactor going critical after ISIS hacks it--we need to beef up defense. Despite his accurate predications of an attack before 9/11, Clarke's lonely warnings of a new threat were ignored by the Clinton and Bush White Houses.

The Obama Administration seems to be listening, belatedly.
Phil Z. (Portlandia)
Peak Oiler makes an important point about the continued use of commercial software, particularly in the SCADA systems that control much of our water, waste disposal, pipeline, and other crucial infrastructure. SCADA runs mostly on Microsoft Windows platforms and that alone should raise alarms all over the country.

SCADA defenders insist that those systems are stand-alone installations, but that is what the Iranians thought with their centrifuges before they were brought down by the STUXNET worm.

I recently drove by a group of large pipeline valves that had a satellite dish in their midst indicating that they were cross-linked through the "cloud" or the Internet in other words.

Several years ago, I sent photos of unprotected elements of the power grid and one photo of a Barrett 50 calibre semi-automatic rifle with a silencer to Col. Kevin Kirsch, then head of the Science & Technology Directorate at Homeland Security. He responded with a declassified report that verified my warning about the vulnerability of the grid to low level attacks, which is made critical by the fact that there are very few spare transformers to be had in case of such an attack.

Such an attack took place recently near San Jose, CA where two or more individuals broke into a large sub-station and used high power rifles to destroy something like 17 transformers. The FBI declined to call it a terror attack, but it certainly wasn't random target practice either.
Peak Oiler (Richmond, VA)
Phil, I've a family member who is in a senior position at DHS. He and several other higher-ups flew out to San Jose. The experience left my relative very sobered. He said the job done to shoot up the sub-station was very professional and was not an attack per se, but in his opinion training for an actual larger-scale attack. I agreed with his assessment that we simply cannot cover ever aspect of our infrastructure before someone hits us again, for real.
Robert Dana (NY 11937)
No one fears us. To Obama and Kerry it's very un-21st Century to posture the country to be feared. Problem is, the rest of the world operates in the 20th.
Howard Tanenbaum M.D. (Albany, NY)
"Lord, what fools these mortals be. How did Shakespeare know what our Obama administration would be like? Cyber attacks by Iran now ramping up. Think what billions of dollars will do for that effort. Russia poking us in the eye with a new airbase in Syria. China building a new island base to intimidate our "allies". I know if I was relying on the U.S. for security support, I would be hesitant about its reliability in a crunch.
But we musn't interfere with the President's quest for a ' Legacy'. After all as long as this is satisfied, what matter that the lives of our children and grandchildren and those of the Israelis will be in greater jeopardy from a nuclear Iran, a Russian base in the Mediteranean, and Chinese hegemony in all of Asia.
As the clairvoyant Mr.Shakespeare wrote:"Lord what fools these mortals be"
thomas (Washington DC)
As someone who was subjected to numerous data breaches, including the OPM, Anthem, and Target breaches, I am appalled at the response of our cyber security officials. These are not "attacks" but "espionage"?

Feels like an attack to me, and I expect our government to do something about it. If diplomacy works, great, happy to give it a shot, if not, then drop the cyber bomb on whomever is responsible for the next ATTACK.
AK (Seattle)
Iran is not a threat - stop with the hyperbole. The people's republic is. Too bad american business is in bed with them.
Joe Yohka (New York)
AK, if you don't think Iran is a threat, perhaps read their leaders words about the west, about the United States, and his intentions. Also, the massive military buildup there says a lot. their missile capability is powerful now.
Air Marshal of Bloviana (Over the Fruited Plain)
Yet Obama will babble about and collude with them on defining the climate.
CKent (Florida)
There are those who act and those who react. Those who react are, by definition, always on the defensive, always behind the curve. That's us, under Obama. For centuries the French, for example, have specialized in defensive tactics (Vauban's elaborate fortresses) and the Maginot Line. That didn't work out for them. Let's hope the next president is one who will act first and let others do the reacting for a change. And let world opinion go hang.
Jesse Marioneaux (Port Neches)
The most technological nation that put the man on the moon cant even stop China and Iran cyber attacks. Where is the R and D in this country.
Leicaman (San Francisco, CA)
remember the ancient maxim "Those who know do not talk; those who talk do not know"
don shipp (homestead florida)
Is anyone else bothered by the potential of Cyber attacks to create a massive Shakespearian irony when the home of Silicon Valley and computer innovation is chaotically damaged by its own creation?
mabraun (NYC)
The companies and government agencies all want to have their cake and eat it too. The most basic of any computer protections is to never allow your private information to be attached to open telephone lines. The West teaches all comers, from anywhere, how to get past the firewalls and to get into the secret and private files of almost anyone. This is part of our education systrem. By the same token, business needs to recall that because there are so few-perhaps there aren't any defenses, it must learn to stay off the internet-the internet was designed to be open-it was created in the event of war and blackouts affecting local computers-long before any kind of commercial system. It was used to communicate scientific material and send e mail. Never was it for super-dooper secret research.
You want secrecy--you need 2,(two) computer systems. One that is for communications and another , totally secure and unattached one, that is for work. Security means it is dead to outside lines. The real work is done on the second system INSIDE the offices, the communications are done outside ,where no one cares who calls and leaves messages. Just keep your sensitive material OFF the 'Net, and then no Chinese, no Russians or third world lone wolf programmers can steal what that they cannot get access to.
Phil Z. (Portlandia)
That is exactly the strategy the Iranians employed with their secret centrifuge facilities and we all saw how well that worked out once the STUXNET worm had penetrated their "secure" systems.
weniwidiwici (Edgartown MA)
China's business model is to steal all the intellectual property and manufacture everything in the world.

Russia's (and the other former SSRs) business model is simpler. They simply want your money via your credit cards and bank accounts.

China is playing a long complex game. Russia is playing a game John Gotti would understand very well.
cyclone (beautiful nyc)
This is analogous to the weak effect we have at protecting our borders. Another part of the problem is the US probably threw the first stone without considering it also lives in a glass cyber house. This is a continuing tradition of cold war espionage. Hit them where it hurts, and consider, most New Yorkers have 2 locks on their doors.
Howard64 (New Jersey)
Maybe if we just say and do.. you guys (russia, china, Iran, NK) are a problem and you purposely hide who you are. So we, the US, will treat any attack as if it came from all of you and respond against all of you. So it is up to you to identify yourself and police the others who are doing things in your name because they remain anonymous.
Boston_youth (Boston)
we cyber-nuke your facilities, hack you with StockNet and terror four of your nuclear scientist in broad daylight in streets of Tehran,BUT you do nothing please... nowadays this is how the world works...
Query (West)
This propaganda piece is so depressing.

First, the idea deterrence now is not possible is absurd. Apparently there is a split in the WH about whether to beg rather than deter as Obama and his key advisors deeply believe aggressive action by the US just leads to evil.

Second, the spate of NYT stories about containing Iran reflect its own editorial pivot to its prime dirctive, the Israel first issue, since the treaty it decided to lobby for was a fait accompli, but the idea that there is anything new there, or that Iran is remotely as important to the US as a remilitarized Japan and an arms race by feckless and reckless, the left right of american politics, is absurd. Iran aint gonna be "contained." Nor is Turkey, Saudia Arabia, The UAE, Pakistan, India, Vietnam, China. Singapore, probably can be contained. Engage in conflict where and when it suits the national interest, or please please please, shut up.
K Henderson (NYC)
It will 20 years from now but eventually all of the larger countries will have to build networks for their own use using different protocols that are not IP based. Uses same hardware to transmit but different software infrastructure under the hood. Just a matter of time. It is very likely already happening with some military needs.
OSS Architect (San Francisco)
What's left out of this whole piece is the responsibility of private companies and private networks to provide the requisite levels of security. The ISPs and CSPs can provide very secure network connections but a depressingly small percentage of companies will pay to implement it.

Part of the blame for this situation has to to do with the high cost charged by Telco's to install the shared hardware and do the provisioning. This is in large part because Telco's and data network providers have consistently under-spent on their infrastructure upgrades. Profits for investors come first.

At least half of my job as a global network architect is arguing with CFO's and CIO's on the necessity of changing their networks, and the other half is trying to figure out how to implement the required network overhaul into 3-5 years (typically) of too small annual CAPEX budgets.

You can build a secure network for authorized communications, but as long as companies have "M&M security" (hard candy shell, soft gooey center) for their data centers, the job is less than half finished.

Business tries to punt responsibility for this to President Obama and the Cyber Warfare command. This is a flat out evasion of responsibility. Short of physical occupation of data facilities by US government Cyber Security technicians to do the work that companies should be doing themselves, the problems of hacking will remain.
K Henderson (NYC)
You are wrongly conflating private networks with USA govt networks. The worst and most detrimental USA govt hacks were on USA govt networks. I agree with you that all networks of any type should be more secure, but otherwise I think you misunderstand the core issue here. You are shifting blame to private networks which makes no sense when -- for example -- talking about the theft of the 22 million security dossiers from the USA govt Office of Personnel Management.
Peak Oiler (Richmond, VA)
K, that's because the government bought server software Microsoft instead of developing their own. See Clarke's book Cyberwar. As for the big ISPs, they need support, and, frankly, a mandate to beef up their security. Clarke's data does indeed support OSS' claims about M&M security in the private sector.
Peter (Metro Boston)
The "cultural" issues are the same in both types of networks though. Users want easy and ubiquitous access to information regardless of the security implications. The OPM break-in wasn't fundamentally different from that at Sony. The real problem is limiting access to sensitive information and having the guts to enforce the policy when the CEO complains he can't access a personnel file from his iPhone.

The Federal Government has some unique problems with its reliance on subcontracting, its use of old, outmoded systems, and its lower IT pay scales compared to private industry. Congress hasn't been willing to pony up the billions of dollars it will take to secure government systems either.

I read this article and thought that none of the reporting has much to do with the real issues about government data security. It adds a touch of glamour to talk about scheming foreign powers and our pitiful defenses, but those aren't the issues that matter. What matters is convincing the Office of Personnel Management to upgrade and secure its database systems, install two-factor authentication, and restrict access to the data to only a small number of trusted persons. Those kinds of actions don't make the front page of the Times, but they are infinitely more important in the long run than worrying about what to say while meeting with Xi Jinping.
jsladder (massachusetts)
HINT TO PRESIDENT: find out what Google and Apple are paying engineers, and then see what the government pay is for engineers.
Brock Stonewell (USA)
Any solution will require raising taxes to pay for it - so forget about that option, let's just wave the white flag because "we just can't afford it."

Thank you Grover Norquist for destroying America!
manapp99 (Eagle Colorado)
How about we cut some of the duplicitous, wasteful and obsolete other programs to pay for it. Then we can have our solution without raising taxes.
AlanR (Manhattan)
Obama did raise taxes.
Michael F (Yonkers, NY)
That is funny. We have a behmoth of a federal government that wastes money by the ship load on a daily basis and you think we need more taxes. I work fully a third of the year to pay my taxes and you eant more. Go to blazes.
HJR (Wilmington, NC)
Time to simplify our thinking in the defense area. We always buy looking backwards and with the interest of the infamour militar industrial complex up front. This is a both parties we, both are infiltrated by the cozy incestuous Washington revolving door. Watch each general admiral, senator, congressman retire and reappear in a government contractors guise.
Cheney Halliburton is a big one but it is universal to both/all.

Time to cut programs like the Gerald Ford carriers at 15 billion each and growing, rethink the F35 at 200 mil each average
Small, light robotic drones, internet security, not the sexy past but the future.

Our government is out of date in the internet, visit any website and you realize underfunded out of date, SS, FCC, IRS all are sad and about 5 to 10 years dated.
Tom (Somewhere, USA)
The problem is that the US wants:
1) to surveil everyone, and
2) to secure its computer networks from everyone.

Guess what? You can't have both.

Number 2 is a solvable problem. Encryption and secure software practices will head off the vast majority of hacking without having special cyberdefense forces or a magical switch to turn the internet on or off. Computer scientists know how to do this today. All that is needed is for the government, industry, and academia to head down the same path.

But if you do that, number 1 is off the table.
Paul (Northern Cal)
Exactly that. What went around came around. Few people really understand that this is an easily fixable architectural issue that the government brought on itself (and therefore all of us.)

Government just needs to stop hounding private cryptographers, and creating or leaving holes in commercial products and standards, and work for secure standards and protocols from the base architectures up. Yes, it will take a while, but it is not rocket science, and communications companies are building newer, more advanced product architectures all the time.

But that means the internet goes dark to snooping. As you say, there is no hierarchical privacy. Frankly, an obsession is an obsession. I think, they are just not going to do it, and we are going to darken the network ourselves.

The real issue is will the government make it illegal for commercial technology providers to provide true privacy.
David Keller (Massachusetts)
Tom,
It's not merely a lack of coordination. The NSA has actively blocked any effort to effectively encrypt. You are correct, it is doable. It's just that our government is intentionally blocking such efforts.
otherwise (here, there, and everywhere)
Oh, really! And the Iran deal, which Obama has rammed down our throats? Is Iran to be let off the hook for distributing U.S. $100 bills printed in North Korea? Is Iran to be let off the hook for the 1979 takeover of the U.S. Embassy, and the detaining of U.S. citizens as hostages for 444 days?
J Sowell (Austin, TX)
Is the US off the hook for the 1953 coup that deposed Iran's democratically elected prime minister?
otherwise (here, there, and everywhere)
Now, how did I know someone would bring that up -- again? Maybe because folks of a certain ideological persuasion recite it like parrots every time the stimulus-response cue is given to them?

Briefly, subsequent events have amply demonstrated that Iran is not fit for self-determination. The fact that the "Iranian People" replaced the Shah with an Islamist regime instead of a Marxist one is sufficient reason why the "Left" -- if in fact there is an authentic "Left" anymore, and I maintain that there isn't -- should write Iran off as hopeless and unteachable.
Wrighter (Brooklyn)
A report this year stated that not even half of the positions in the NSA or CIA cyber task force are filled; largely due to the draconian background check policies. Some of the most talented hackers in the nation who actually have some invested interest in putting their potentially illicit skills to work for their own government are being turned away for smoking pot 5 years prior. How many large-scale hacks and billions of dollars need to be lost before this country wises up and loosens up.
Brock Stonewell (USA)
These thieving countries invent nothing and steal everything. Their only contribution to the world is the advancement of predatory techniques at the expense of the intelligent & creative people of the world, who play by the rules and have ethics and morality.
otherwise (here, there, and everywhere)
Well, "ethics and morality" are fluid concepts, but I understand what you mean. :)
Tullymd (Bloomington, Vt)
An impotent feckless fool is no match for Chinese intrusion.
Satire & Sarcasm (Maryland)
I really don't understand why the Chinese state visit isn't cancelled. The Chinese government, which controls all-things-China, is obviously behind the recent high-profile hack attacks against the United States. Having President Xi Jinping over for dinner isn't going to change things, especially given China's recent buildup of military hardware. I do understand that you can't simply break off all diplomatic relations with China, but you don't have to invite them to the White House, either.
joy (Poughkeepsie)
I found the whole finding that Chinese government trying to steal US secret by getting records of tens of million federal workers absurd. How does China increase their bargaining power with the US through knowing flexible spending of federal workers? The answer is apparent and abundantly clear, but some politicians refuse to see-there are large criminal organizations have used China's massive and defenseless IT infrastructure to hack the US for criminal use while direct US attention to China! Please get some common sense into your foreign policy!!!!
Todd (Boise, Idaho)
"And the intelligence agencies do not want any agreements that would limit their own ability to use cyberweapons for covert purposes, as the United States did against Iran in an operation aimed at disabling parts of its nuclear program." Seems a bit naive and perhaps arrogant for us to think we can impose rules on other countries and exempt ourselves? On the other hand it also seems naive to think any country is going to follow such rules. So the solution seems to be building secure networks which can't be hacked but this would require proprietary products which could not be commercially sold to other nations because once they have any network technology there will be a way for someone to figure out how to hack it. Certainly, however, government networks could be built this way given the right resources and talent.
Arnie (Jersey)
The way to stop it is on Jan. 20, 2017, when this President leaves office. Simply put Obama is incapable of taking any military action nor diplomatic action protective of U.S. interests and so the Soviets, China and Iran, knowing this fact, take advantage.

I don't believe this story about Obama being combative as its just there to make him look presidential.

He is incompetent and a poor leader, whose only accomplishments where obtained w/o congressional consent as required by our Constitution.

He's a weak President at that.
tom (bpston)
Okay, Arnie; you will be the first commando we parachute into Beijing to sabatoge the Chinese computer network.
Koobface (NH)
Cyber warfare protocol ends up being pretty close espionage's protocol. That is, espionage as carried out by human agents during the 20th Century. No one admits to doing it but everyone does it. Because espionage is illegal in virtually every country, those who are caught are punished. Except of course, no individual cyber attacker is ever physically captured.

Like espionage, cyber warfare will continue as long as there is a cyber space, and there is nothing anyone can do to eliminate cyber warfare. Don't even bother trying to get a nation to stop.
AACNY (NY)
President Obama seems to be "struggling" on many fronts in the cyber war. Perhaps his "vow to confront" and back-and-forth about whether to even take action doesn't instill fear in anyone.

If only the president had put as much effort into our own cyber security as he did into Iran's nuclear capability. It's clearly not where his priorities lie.
mabraun (NYC)
Obama probably can't use a computer. Most politicians can't-they hire people to do the computer work for them just as executives once hired pretty, female HS and college graduates in short skirts and high heels, to do the typing and filing . Politicians have no idea how computers work and none know the differnce between a hard drive and a an old CD or a floppy disk.
Our politicians-all-GOP or Democrat are totally ignorant and unable to protect what they don't understand. America would do well not to trust to it's highest elected officials to do the technical thinking for the nation. Otherwise we will really be in trouble.
K Henderson (NYC)
Almost everything Obama says about tech is an "IT platitude" that means almost nothing actionable. He seems to think that there are meaningful IT defenses but that is not how it works. Every action escalates to another to another plateau, then there is another different action -- perhaps even the very next day, and so on. THAT Mr President is how IT security works. There is no magical 100% IT defense and it is preposterous to posit such a thing.

His advisers are the NSA, which is course is a large part of the problem because the agenda of the NSA is "grab all the data" from all over the planet and then mine that data 24 hours a day. Hence, the NSA doesnt actually want anything secure for obvious reasons -- domestically or in China.
serban (Miller Place)
The US has not mobilized the necessary resources to confront this very serious threat. It is a difficult problem that requires a massive response. Immense sums have been spent on Homeland security tracking phone conversations to trace terrorists but nothing comparable to defend against cyber attacks, which are causing much more damage than terrorists.
The US needs a dedicated army of computer security specialists to combat this threat. Sometimes the best defense is offense, track down and go after the computer networks from where these attacks originate and disable them. If our systems are vulnerable so are theirs, surely there is enough brain power in the US to combat them effectively.
K Henderson (NYC)
"The US needs a dedicated army of computer security specialists to combat this threat"

Actually "serban" there is already exactly such a federal agency and for almost 10 years now. Google to verify. However, whatever they are doing, it doesnt work.
serban (Miller Place)
Obviously it is not large enough and does not include the best minds available. There is a lot of software brainpower in the US
that could be mobilized if properly compensated.
Jim (Wash, DC)
Corporate America has complained for decades about trademark theft, copyright infringement, and intellectual property theft by China and often to no avail. US govt responses have been to complain or scold, but not to implement any effective penalties or sanctions mostly out of deference to corporate opportunists. Overall, in spite of the thefts, corporate America cautioned restraint for fear of jeopardizing expanding trade and investment opportunities. Now though the theft is wholesale, not piecemeal, and so the complaints have grown louder, especially as China seems to have become less worthy as an investment and manufacturing site.

From early crude physical product copycatting and imitation to today’s increasingly sophisticated cyber intrusions to steal intellectual property and intelligence, China has demonstrated little respect for ownership rights or privacy, especially with regard to foreign interests. They are seen as inferior, alien, and unworthy of genuine respect, and thus the rationale for deceitful exploitation.

Now this behavior has extended dramatically to include the theft of US govt intellectual material, from intelligence and military secrets to information about more mundane govt activities. Everything is up for grabs. China knows no bounds. It is going for all it can get while the getting is good; before the US manages somehow to slam the door shut. However, the horse may already be out the door and we may be closing it on a nearly empty barn.
Tullymd (Bloomington, Vt)
We richly deserve this result just as if you left your car unlocked with valuables clearly visible inside.
Phil Z. (Portlandia)
The Chinese don't even have to steal technology covertly when you have the duplicitous head of General Electric exporting all its medical imaging technology to China. BTW, their CEO is/was Obama's jobs creation czar at the time of this technology giveaway.
Rocky (CT)
We reap what we sow. From the early days, a mostly free and open internet has been fostered here in the United States and made perfectly decent enough sense when it was all in its infancy and relatively few of our significant interests were tied up in it. Now, everything is dependent upon it, and everything goes through it, and everyone has key elements of their lives bound by it whether they choose it or not. We've taken and wasted too much time not defending something that we've allowed to become so integral to our personal and collective existence. Hate to say it, but: Time to build our own Wall.
Donriver (Toronto)
Chinese intelligence hacks US computers. The NSA hacks Chinese computers (and Germany's, Brazil's, France's, or any non-English-speaking country's.) Sorry, but I still don't see what the big deal is?
Roach of Manassas (Saint Augustine, FL)
Buy Obama Red Line Virus Fire Wall Today! Guaranteed to work better than the Trump wall ! Obama has been a huge disappointment, particularly for those who voted for him 2008.
Astone (Needham, MA)
The best way to deter future cyber attacks would be to make Chinese access to US real estate markets contingent on them cracking down on all cybercrime, from government and private entities. If it worked that would help solve the issue covered in this article; if it didn't, it would at least go towards making our cities more affordable.
Phillip (New York)
In reading all the comments, I thought there must be a simple, yet effective explanation for this issue, which is called: "Cost of Globalization in a Connected World".

Rightly or wrongly, how can we expect other nations to sit idle and not want to supersede the United States in many facets, being technology, intellectual property, business acumen and education? Ironically, cyber-terrorism is just another method of enhancing one's desire to enhance their power, which is an age old art of war tactic. We have provided the training to allow such nations to now attack via both domestic and foreign policy decisions over the last two decades and now it’s a cost to bear again.

A quote from the Art Of War:

"When able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near"

This quote is the essence of what's truly taking place, as although we seem unable and act as though we can't fight the fight, in the shadows the US is doing what the US does best, fighting a necessary evil.

Overall, this is the new norm, of an ages old human nature facet; enhance your power by stealing your enemy key assets. Expect things to continue and possibly get worst, not better unless all nations agree to a leveled playing field via an enforceable cyber-terrorism treaty that includes harsh penalties for violations. Something has to give.
Katmandu (Princeton)
"Then he [Obama] issued a warning: 'There comes a point at which we consider this a core national security threat.' If China and other nations cannot figure out the boundaries of what is acceptable, 'we can choose to make this an area of competition, which I guarantee you we’ll win if we have to.'"

Why is this not already a core national security threat? China has been accessing data in the deepest recesses of our government and business IT infrastructure, stealing secrets and data and there are no consequences. Virtually every American - unless living virtually off grid - has been hacked one way or another (most do not even know it, but yes, you've been hacked). And we continue to allow it to happen.

Let's stop talking and start taking action. We are well past that point.
Martin (CT)
Spending more on "defense" is needed, along with intelligent coordination among government agencies and the private sector. You can plug obvious holes and pick the low-hanging fruit. But this won't solve the problem. Our information networks and operating systems are fundamentally insecure, being designed for cheap processing and storage and easy access. Most of the hacked services we read about are running on equipment that is technically indistinguishable from what you have available on your PC -- and not much more secure. We have 100s of millions of desktop PCs, each of which can be used for attack.

It's hard to see how adding another layer of software or adopting better operating practices is going to bring security. A new Internet design, built with privacy, authentication, and security as requirements, may be necessary, but one wonders how that can happen given our huge investment in current technology and our propensity for distributed decision making. So it's no surprise the Obama administration is confused on the subject.
DD (Los Angeles)
Spending more on "defense" is needed?

We currently spend more on defense than the next 7 countries combined.
More than a third of the ENTIRE annual budget of the United States is not enough money to spend on the endless stupidity that is the spook community spying on Americans and our war machine?
Slann (CA)
It's absurd to suggest more "defense" spending is needed. We currently spend more on "defense" than the next 7 countries in the world, combined! Our pattern of "privatization" of government functions is bankrupting us. We are just giving away at least 25% of our "defense" dollars to a layer of profit-taking corporations. And, for that, we have porous, poorly overseen computer systems.
So much data has been taken, not "hacked", as we have had no security protocols in place. Remember Gary McKinnon, the Brit who just logged into NASA computers, on dial-up, and found most were not even password-protected? That was in 2002, and yet we see no real progress has been made by the Pentagon in securing government data.
We need to stop hiring private corporations ("hiring" is a misnomer, as huge contracts are regularly just given to "suppliers"). and bring the IT security functions "in-house". Train and retain the best minds, and we can do that within the current bloated budget.
Martin (CT)
Defense as in cyber-defense. We do a poor job (govt & private sector) of defending our IT systems, as is evident from the headlines. More spending is clearly needed in the form of infrastructure development, monitoring, and mitigation for IT systems. (Military spending (soldiers and bullets) is not what I was referring to!)

Still, the point is that better IT practices and defensive spending can't secure our systems without fundamental changes, technical and political.
Wade Schuette (California)
They are at least as bright as we are. There are 5 times as many of them as us. They "try harder" with a stronger work ethic while US is saddled with unjustified self-satisfaction. Their culture respects education and the US culture respects sports and music stars.

The symptoms: http://techland.time.com/2012/07/16/can-we-fix-computer-science-educatio...

The results: http://icpc.baylor.edu/worldfinals/results

On a collective basis we cannot focus IT efforts even when we really want to. The highly-visible "Obamacare" web site fiasco bore way too much similarity to a number of recent DoD efforts to develop ships and aircraft. Our procurement system is very broken.

Added edge -- with OPM's files, they have a huge advantage over us in bypassing all software-based security by compromising trusted humans.
We can expect repeats of the US tendency to collect information on its own citizens simply doing the prep work for "them" to come and harvest it all.

Inescapable conclusion -- neither strong directives nor executive will-power is going to overcome this gap. They have been winning, and they will continue to win into the foreseeable future.

The expected policy response is a short surge of ill-considered programs, followed by total amnesia, resumption of more comfortable exceptional thinking, failure to address our own failings on the individual and national level, and repackaging failure as "success".

We are exceptionally good at that.
Stephen J Johnston (Jacksonville Fl.)
I should think that the spectre of cyber warfare with China is a comforting thought to our Foreign Policy Elite, when one considers that the biggest series of economic bubbles in the history of Western Civilization is in the process of deflating. The Chinese have panicked, because all they have left is the granny police to bawl out Chinese traders and regulators, and further unacceptable devaluation of the renminbi.

Surely the President knows that the Central Banking Systems of the WEST, which have chosen to inflate financial assets with no commensurate improvement in GDP, have no possible interest rate response to the impending downturn, which is implied, because the ZIRP had become indispensable.

Monetary policy has run its course, and the Fed has lost its ability to control the stock market. Perhaps the necessary diversion will become don't fight the fed, fight the Chinese, and cyber warfare will become the necessary pretext.

No doubt the last thing that anyone will imagine is cooperation in order to avoid financial armageddon? We don't do that at all very well.
Ed (Honolulu)
Cyber-security and the protection of intellectual property are primarily corporate concerns because they are necessary to the proper functioning of the global economy. Of secondary importance to the ruling class and to the government which serves it is the safety of the people which is often used merely as a pretext for diminishing our Bill of Rights. Unfortunately Obama reveals himself as a corporate tool in taking up the corporate cause. In this respect he is only carrying on what Bill Clinton began in espousing intellectual property as if it is the highest value of mankind only Obama with his typical bumbling and indecisiveness is not as useful or adept in advancing corporate interests around the globe. So here we are preparing to fete the Chinese at a state banquet while Obama frets about their refusal to follow corporate rules. Evidently China's sorry record on human rights is not even on Obama's radar.
Majortrout (Montreal)
To think that the US can't solve this problem is mind boggling.

The country that has more inventions, more Nobel Laureates,found more cures, the inventors of the computer, computer languages-need I say more?

How about getting the greatest minds in the computer world
(most in the USA) to work on a reverse strategy-hack the hackers in kind.

Sending a few diplomatic letters just does not work anymore!
Roach of Manassas (Saint Augustine, FL)
UNIX may be an answer but it requires more work to run. That may be the problem.
Peak Oiler (Richmond, VA)
It's not that easy, but one thing would be fairly simple: the pay the best I.T. talent to work on this problem, using pay-scales that don't have a G in front. Then pay them to stay.

Now tell me this: if you were going to work your guts out long hours on cyber security, would you rather it be in a Silicon Valley "campus" or NYC startup with Nerf Ball fights, lots of paid leave, and free pizza, or make a third as much with 3x as much bureaucracy, doing the same thing in a sunbaked concrete cube of a building in Metro DC?
ejzim (21620)
Then, start doing to them what they are doing to us, only worse, I hope. I think they call it fighting fire with fire.
jb (weston ct)
"Cyberthreat Posed by China and Iran Confounds White House"

There seems to be quite a long list of issues that 'confound' the White House, aka President Obama, these days. All the decisions, or non-decisions, of the first term are coming home to roost in the second term. Reset with Russia. Withdrawal from Iraq. Intervention in Libya. Non- intervention in Syria. Non-confrontation with China in Asia sphere of influence. And so on and so on.

Maybe the lesson for the next president is that even if you want the U.S. to disengage from the world, the world doesn't want to disengage from the U.S.
codger (Co)
Mr. President. I am a teacher. When you tell a child "if you do X there will be consequences and the child does X...and you do nothing, it emboldens the child to do more. Please stop threatening retribution if you aren't going to follow through.
jeff (earth)
Our opponents' built in capacity to cut their populations off from the rest of the internet gives them a switch to flip that the USA does not have. They have a built in defensive wall we lack.

Other countries mandate or provide cyber security for critical infrastructure entities even if they are privately owned. We leave it up to individual banks, electric companies etc.
John (Nanning)
The U.S. federal governments computer ability is non-existent. It's been gutted by the Republican commitment to 'starve the beast'. We only excel at military hardware because of profit-making defense contractors. Imagine Microsoft and Google in partnership with the U.S. to cyber-attack China. Good screenplay but fantasy in a new-world-profit-order driven by Chinese consumers.
John (Hartford)
@ John

Don't be ridiculous. There are over 5 million people (government and contractors) with top security clearances in this country. What do you think most of them are doing?
thomas (Washington DC)
Good question, but we don't know, do we?
We certainly do know what they are NOT doing.
John (Hartford)
@Thomas

Actually we have no more idea of what they're NOT doing than what they ARE doing. They're not going to broadcast either. God preserve us from the simple minded.
Joker (Gotham)
Call it the Snowden Rule: The big problem in all this is the US government has done and wants to be able to continue to do what they don't want others to do unto them.
Nathan an Expat (China)
This article hints at towards the end the key distinction that must be made when discussing hacking by whomever and proposed regimes and responses. You have to distinguish between intelligence gathering and espionage on one hand and actual "attacks" on the other hand. Just about every country on the planet that is capable is using the cyberespionage to seek useful intelligence whatever that might be. Gathering intelligence has never been an act of war or reason to stop trading with another country or we would all be at war with everyone all the time and trading only with ourselves. Cyberspace is just another frontier within which intelligence is gathered. Every government on the planet with the capacity will be and is testing the accessibility of other key countries network and information systems -- both friends and foe. The US recently engaged in cyber espionage targeting the Germans and the Brazilians etc.etc. for both private sector and gov info. The US also had back doors embedded in US tech with US company collaboration in some cases. Not too long ago the US was caught bugging the plane the Chinese were buying from Boeing to be used by the Chinese leadership. Did the Chinese start squawking about never buying another plane from the US? No they were realists. They like all other mature countries dealing with espionage just put their big boy pants on and set out to protect their information cyber based and otherwise the best they could.
Query (West)
Putting on your big boy pants here is more quaintly called, deterrence.
jeff forsythe (montreal)
Apple, Walmart,Time Warner, Disney, CocaCola, the list is endless. None of these companies want the truth to be known concerning the true nature of the heinous Chinese Communist Party and these greedy corporations control the Western media. The CCP is a gangster regime that has murdered eighty million of its own people since 1949 and is now attempting the blood-thirsty genocide of the tens of millions of Falun Gong practitioners who live in Red China. This genocide consists of torture, slavery, organ harvesting and murder. The weak U.N. even appointed the vicious CCP a seat on its Human Rights Council last year. Shameful. All thes atrocities never mentioned because of insatiable greed.
kingdavid (china)
There is a way to stop hacking. Think of a "double agent".
Mark Jeffery Koch (Mount Laurel, New Jersey)
China has stolen valuable information from our businesses and government and continues to hack into our countries computer networks on a daily basis. Instead of asking what punishment should be enacted how about the average American asking why we are bothering to give the leader of China a State dinner when his country has wreaked havoc on our nations government and industries and continues to do so?

What kind of message does that send? That we are weak and you are welcome to continue with your attempts to steal, obstruct, and damage our nations businesses and our government?

If the Obama administration wants to finally show some backbone to those who seek to undermine our way of life the first step would be cancelling the State dinner. Send a message that we do not give the honor of a State dinner to those countries who want to do us harm.
Bates (MA)
Wow, no state dinner, that's going a bit far. How about we don't offer desert?
Kris (NY)
Wait, if Iran and North Korea have the ability to carry on cyber attacks on the US, isn't it only a matter of time before other ruthless countries and terrorist networks decide to take down one of our nuclear plants or power system? It goes without saying that we need to do whatever it takes to protect our energy, water, chemical, and transportation sector. I doubt that enough is being done by these sectors, and the enforcement is weak.
Nathan an Expat (China)
Further on my last point "cyber attacks" such as disabling an energy grid or disrupting air navigation are a much different animal than "cyber espionage" or intelligence gathering and cyber attacks which cause real damage have to responded to and can reasonably be seen as equivalent to a physical attack especially when the ultimate results -- real world damage and injury are the same. The important point in establishing a response regime not to confuse the two.
dEs JoHnson (Forest Hills)
Strange that it is the White House that is confounded. What's on trial here, but isn't a great commercial sell, is a widespread American failure. My bank was hacked at least twice. So was the Pentagon, the Bank of America, LifeLock, Target...

Is it American exceptionalism and, therefore, arrogance, that assumes we're secure, as on 9/10? Is it the echo effect, resulting from an early entry into the cyber world, and therefore sooner to sclerosis than others?

It's Obama's job to plug the gaps left by our "experts?" So much for the vaunted free market.
Larry (Chicago, il)
Thanks to the free market, you're not starving to death at age 25 in a cave
Rich (Chicago, IL)
This crisis can be solved with one word: Mac.
And give the President an iPhone, for God's sake!
Peak Oiler (Richmond, VA)
This otherwise loyal Mac zealot begs to differ. If we really want to make our systems safe, the servers running in military settings and for critical infrastructure need to run NO commercial operating systems at all, esp. Microsoft product (Apple seems to have left the server business).

We need a government-coded-and-encrypted version of Linux, with different versions for different agencies, with ever-changing security. That would take paying IT talent real $$ and giving them some creative freedom to lure them to national service.

We need to make it harder for employees to load sensitive data to thumb drives and then move it to a non-secure computer or while working at home. We may simply need to forget about a "Smart" grid connected to the broader Internet or silo it on its own network.

See Richard Clarke's excellent book, Cyberwar, for all these bits of advice. He wrote this years ago. Only now are we starting to realize the possibility of a Cyber 9/11. Clarke was right about that other 9/11, too, and no one listened.
Chris Adams (Washington DC)
The reason offense is moving so much faster than defense is simple: you get what you pay for. The NSA has had an almost unlimited budget dedicated to offense, not to mention avoiding the Congressional limitations affecting most other agencies. Defensive work has been hampered by continued budget cuts, inability to hire highly-qualified staff (the non-executive federal pay scale maximum is under the industry medium for security professionals), and having to work within the antiquated federal procurement process.

Similarly, in the private sector we have chosen to subsidize corporate negligence. A company can use terms of service to disavow responsibility for failing to protect sensitive information (HIPAA being a welcome exception) or responsibly following secure software development practice and responding quickly to vulnerability reports. As most Android users know, a security update can be available for years with no recourse if a negligent vendor or carrier decides not to allow you to install it. We don't allow car manufacturers to opt-out of recalls and software should be held to the same standard.

I was pleased to see talk earlier this year about forming a “Cyber UL” (cheesy name, great concept) headed by one of the top security people in the world with the mission to fix weak products before they're subject to widespread exploitation:
http://www.darkreading.com/endpoint/underwriters-laboratories-to-launch-...
Larry (Chicago, il)
Sorry to impose reality on your false narrative, but government revenues are at all-time highs. The notion that government is underfunded is an obscene lie
Chris Adams (Washington DC)
Notice that I said “budget cuts”, not government revenue. U.S. government spending is dominated by non-discretionary spending such as Social Security, Medicare, etc. The Heritage Foundation, hardly a fan of big government, have a chart where you can see for yourself that discretionary spending peaked in 2010 and is currently trending downwards:

http://www.heritage.org/research/reports/2014/12/federal-spending-by-the...

The reason I said “budget” is because government agencies can only spend the money which Congress gives them on the things Congress specified. If you're an IT manager trying to hire good info-sec people, the only part which matters is your budget and permission to hire staff – it doesn't matter how much money anyone else got if you're not allowed to spend any of it. Unfortunately, that's common because it's easy to freeze staff counts and call it a cost-savings measure and much harder to actually review the operations of an agency to learn that in 2015 they need more IT people (and presumably fewer clerks processing paper forms) or recognize that contracting out core services often costs more than doing them in house and means that managers don't have in-house experts guiding decisions.
norman pollack (east lansing mi)
The US is guilty of practicing global cyberwarfare even against its allies, not to say, most important, it has engaged under Obama is the most massive surveillance program in American history, its NSA SPYING on the American public in flagrant disregard of vivil liberties that makes the Alien and Sedition Acts through HUAC pale by comparison.

Hypocrisy thou has found a loveliest in the present administration.
BioBabe (Seattle)
Is Barack Obama promising in turn not to cyber-attack other countries systems and refrain from spying on them? Or are we expecting unilateral disarmament from others so we remain the worlds sole cyber-bully?
Grady Ward (New York City)
The real question is not who are the "attackers" and who are the "defenders,' but rather, who is closer to the center of the web?

Regardless of aspiring to a Black or White hat, If you need to move with speed and sensitivity, you need to be constantly testing and probing from the best vantage point using all available tools.

That center is not geographical. It is how your tools can be used to incorporate the greatest relevant information about the world and act upon it decisively.
ConAmore (VA)
It's difficult to see how a treaty addressing surreptitious cyber attacks [or as General Clapper defines them " espionage"] could be effective to defend against the kind of "espionage" that could take down our electric utilities and defense infrastructure.
The only things wrong with the incumbent administration's approach to cyber "espionage" is it's mantra that words, negotiations and treaties can protect from cyber "espionage" when, according to Clapper's definitional dodge, it is a legitimate undertaking.
comeonman (Las Cruces)
Or....we could remove from the hands of every Government worker any device that is capable of sending data. Then, every Government worker would be in a building sitting at a terminal that is on a secure network server. If you need to send an email, you have to be at work seated at your desk. Apple stocks would fall, but really, who cares?

Hillary's emails? Petraeus' emails? Many more you don't know about. These were all sent by hand held devices and would not have been so loose if the person thought they were on a network that could be monitored.
penna095 (pennsylvania)
Hacking rings, and the traitors who run them for outside interests, are a lot closer to home.
Rebecca Rabinowitz (.)
This cyber threat is very real and omnipresent - but this nation is stymied by a large segment of one national party absolutely dedicated to slashing taxes on the wealthiest, rather than making the requisite investments in our entire infrastructure, and creating millions of long term jobs in the process. Cyber security is a major element of Republicans' manifest failure to upgrade and strengthen our woefully obsolete, decaying infrastructure, but it is hardly the only one - bridges, roads, our electrical grid, our railways, etc. are disintegrating while the TGOP is screaming about shutting down our government over lies about Planned Parenthood. The President cannot fix all of this on his own, but clearly the Republicans are more focused on denying him any political "victory" than in assuring the security and well-being of the nation.
David Keller (Massachusetts)
"You reap what you sow"
"What goes around, comes around"
"Those who live in glass houses shouldn't throw stones"
etc.
Societies are replete with such aphorisms, and jingoistic articles such as this fail to balance the issue with mention of the aggressive nature of the NSA's penetration of everyone's privacy, domestic and foreign. If the NSA took seriously it's mission to protect the US and it's citizens from hacking instead of ensuring we remain vulnerable to their prying, we'd likely all be better protected. I'm confident these "adversaries" are merely trying to catch up with our own hackers.
mfo (France)
If "anonymous" American hackers were to steal and publish the bank account information of top Chinese, Iranian, or Russian -- and maybe information about their personal lives, including dalliances -- I'd imagine this problem would quickly resolve itself. Making this arms race personal might seem petty but, in countries where leaders aren't used to being exposed and insulted, it'd be a non-violent, effective, and inexpensive way to de-escalate this arms race. Since Western government officials are already used to being watched closely by the press they'd be all but immune from counterattacks.
Shaboon (Rapid City, SD)
It has been said: "what is good for the goose is good for the gander". So is our situation - in collaboration with our "allies" - trying to dismantle other countries' nuclear plants or destroy others' national infrastructures dependent on the Internet. Something that stunned the civilized world. What we did not take into account was that those same countries can do the same to us and we found out that it really hurts! Have we been more discreet and civilized about application of hacking threats against others, we probably would be in a stronger position to impose rules which others would follow. The fact remains that given our behavior around the world (unfortunately under influence from very unreliable "allies"), there aren't too many sympathetic voices on our side.
WM (Virginia)
From first-hand experience, I will say that the single greatest vulnerability is the unwillingness of all data-holding entities to design-in, fund, and operate effective security controls.

The biggest offenders are agencies of the US government, and especially the OPM. Systems development and operation practices are slipshod, hasty; the development process is driven by pressures of unreasonable schedules and demand for early implementation. The usual reasons given are lack of funding and lack of sufficient design and testing time.

There always seems to be money to scramble to repair damage and plug holes, but never enough to prevent them.
David Keller (Massachusetts)
VM,
It's not just sloppiness or laziness, the NSA is actively blocking efforts to encrypt, even though their enabling legislation instructed them to do so.
JW (New York)
“There comes a point at which we consider this a core national security threat.” If China and other nations cannot figure out the boundaries of what is acceptable, “we can choose to make this an area of competition, which I guarantee you we’ll win if we have to.”

In other words, Obama will issue a "red line" ... one of these days. In the meantime, hacking into supposedly secure Defense Department databases, looting American technology corporate secrets, looting the records of countless government employees is not enough for a red line yet. So for the time being, we're still in "Don't do stupid stuff" mode.
TyroneShoelaces (Hillsboro, Oregon)
When it comes to cyber-sleuthing, no developed nation is without sin. The U.S. would be nuts not to be as knee deep or deeper in this as everyone else. Trying to claim the moral high ground when there isn't any to claim is hardly atypical of our diplomatic mise en scène.
Gregory Latiak (Amherst Island, Ontario)
As China has discovered with the Great Firewall as have many folks in the Middle East, it is really, really hard to have monolithic controls on Internet access. But this problem is ancient... even back in the days when people were just starting to access computers remotely there were concerns expressed, largely by the technical community, of the potential dangers. But faced with new carpet and panelling for the executive suite or more staff and better firewalls, pretty much everyone went with the former -- after all, it wasn't going to happen to them. The never ending stories of databases being hacked in both commerce and government show how well that worked out. However much Obama might want a magic wand, the traditions and attitudes of management everywhere almost guarantee a failure. The magic wand of government simply cannot make it anything other than the responsibility of individual groups to protect themselves. It is this failure that is the root of the problem.
Maria (NY, NY)
Really? This mandate coming from an administration that can't even build a secure healthcare website?
Chris Adams (Washington DC)
Have you visited healthcare.gov in the last year? The first version was a mess – typical of large contract software projects – but it's been working fine for long enough that some states are considering scrapping their own sites in favor of using the federal one.
mathguy (Omaha)
Actually, it was a private sector contractor that failed on the health care website.
Doug Tarnopol (Cranston, RI)
What they do to us is a threat; what we do to them is defense. It was ever thus.

Meanwhile, back in the real world, it's pretty clear that there needs to be an international treaty on all things cyber. It would probably necessitate the dismantling of much of the NSA's infrastructure. Ergo, it will never happen.

But watch out for [insert today's official enemy]!
Santos-Dumont (PA)
Here is the key sentence in the story: "And the (U.S.) intelligence agencies do not want any agreements that would limit their own ability to use cyberweapons for covert purposes, ..."
Oh, I see. It's OK when we do it. Maybe that's what they mean by American Exceptionalism.
DR Hyatt (Carefree)
There is a long timeline on computer hacking history. Today we have a threat from North Korea whose military in fact are exceptional hackers. The East Coast is vulnerable and a primary target not unlike what happened during 911. As you know, satellites can be hacked and satellite missiles can carry a nuclear ware head. As a Cyber security guy this connotes North Korean expeceptionalism and not an unusual perception for a patriotic American.
John (Hartford)
Does anyone really think that we are not hacking into Iranian and Chinese networks
Richard Luettgen (New Jersey)
The solution will need to be one adopted by ALL nations or closely allied groups of nations. We will need to develop a national firewall, through which ALL communication into and out of the U.S. will need to pass. A serious number of people will need to be dedicated, in one of our intelligence operations, probably NSA, to maintaining its safeguards.

The challenge, of course, will be in finding a contractor to build it for less than we could otherwise use to cure cancer.
Grady Ward (New York City)
If you can find such a contractor, I am sure they would be also capable of building the wall around the United States effective at excluding undocumented migrants.

But I don't think we ought to inhibit the interplay of any of the worlds' people, whether physically or electronically. We just need to to be the baddest kid in the sandbox.
Peter (New York, NY)
Really, how well is our government doing at protecting us? Our government personnel have had their personal data hacked. Our businesses have had their valuable innovations stolen. Once again, this administration is ineffective and floundering.
Peter (New York, NY)
Maybe we are. Clearly it hasn't stopped our adversaries in Russia, China and ISIS for example, from obtaining confidential personal information about e.g. government personnel engaged in high security operations. What the administration is doing is not effective in stopping them -- even if we are doing some of the same.
Mark Rogow (TeXas)
Do you think maybe they should have protected our networks better? Of course after the fiasco that was the healthcare roll out I doubt there is anyone capable of protecting them.
Peter (Metro Boston)
If you think the problems of data security in both the government and the private sector are something the Administration can control, you have no idea where the problems lay. There is no magic wand here, and all the solutions are expensive and require serious changes in who has access to information and what they can do with it. These are enormous organizational obstacles that have no easy solutions. I wish the Administration had moved faster and more ambitiously on information security, but no one gets kudos in government or politics (or the private sector) for strengthening the authentication system on a database server.
Raj (Long Island, NY)
A free and open society like these United States will always be at a disadvantage when dealing with closed, top-down controlled regimes like Russia, China, Iran, North Korea etc.

However, the same American openness can be harnessed to protect the cyber borders of the nation. The United States should invite the vast pool of American talent to come up with new and innovative solutions. That is where the best solutions will come from.
minh z (manhattan)
Like many of the other actions of the Obama administration this will be too little, too late.

The only action to take with the Chinese and others, but especially the Chinese is to start making that economy pay for its transgressions by limiting trade.

It would come at a bonus. There will be lots of growth as companies move out production out of China to other Asian, Latin American and African countries.

The elites, business and others won't like it, but if China wants to play in the global market, then it needs to understand there are consequences for making mischief.

The Obama administration is, like the rest of the Republicans and Democrats running for president, Corporatists, ready to do anything and everything to support the needs of big business so I don't expect anything to happen until Trump is President.
Ann (New York)
A trade war with the owner of two trillion dollars of US debt. Brilliant!
Peak Oiler (Richmond, VA)
Honing their skills now, other nations prepare for all out attacks if a shooting war erupts with us. I don't like it, but we are not the only nation with national security interests. Right now, I suspect China could take down our power grid for months, lurching much of America into the sort of chaos we saw a decade ago in New Orleans.

Thus the President is right to focus as much on cyber-defense as offense, where we are excellent. I hope we have enough time. Clinton and Bush ignored this issue.
Guy Walker (New York City)
Is this a case that the country's best and brightest are busy with something else? Is more money needed to thwart these attacks? In the words of Samuel F.B. Morse: What hath God wrought?
Peter (Metro Boston)
Yes, and yes. I don't have an easy answer to Morse's question.
swm (providence)
Sanctions shouldn't just be against hackers, but also legitimate businesses profiting off US business with the blessing of the same government that's not reigning in their criminal hackers.

Hacking is very disruptive to the economy and personal security, and those in charge of the people who perpetrate such acts have to be forced to take responsibility. Make it their problem too.
Beantownah (Boston MA)
Obama is a thoughtful and committed pacifist. He has a difficult time convincing foreign leaders that he is anything else. That is not a problem, and is even a plus, in dealing with smaller countries posing no threat to the US. But larger countries and/or those with expansionist aims, such as Russia, China, and Iran, sense that the Obama years are a window of opportunity for them to favorably redefine the dynamics of international power. In recent years they have been deftly maneuvering the US into a position of realpolitik irrelevance on the world stage. So far they seem to have succeeded.
Argyris Papasyriopoulos (Athens, Greece)
''into a position of realpolitik irrelevance''? The USA? That would have been a blessing, if it was really true. Unfortunately, it is not.
K Henderson (NYC)
Bean, sorry but did we read the same article? The point here is that all major countries are leveraging similar hacks against each other's core govt systems, including the USA against even the EU and Merkel (big news at the time last year). That isnt "pacifism" and I dont know why you use that word to describe Obama's "realpolitik" as you call it.
Cathy (Hopewell Junction NY)
It is an interesting viewpoint. I believe that it is less the President, and more our escalating economic irrelevance that is changing our position in realpolitik, and that is a process that has been developing since before Reagan.

We no longer make everything the world needs. We no longer are the primary market for everything the world sells. Sure, we consume a lot, but we have degraded wages enough that we are becoming secondary there as well.

Power isn't only military. It is economic. And if you have an economy that national policy has been dismantling and sending overseas for decades, then you end up not being able to play as the biggest boy on the field of big boys. Moreover, that military you depend on to look strong becomes too expensive.

Obama's ability to navigate that reality, whether against the threat of cyberattack or against real violent instability have been reduced because we reduced ourselves. Voluntarily.
Latest
With Western Weapons, Ukraine Is Turning the Tables in an Artillery War
Teens Turn to TikTok in Search of a Mental Health Diagnosis
An ‘Army’ of Volunteer Sleuths Are Out Hunting for Your Stolen Car
Biden’s Agenda Hangs in the Balance if Republicans Take Congress
Twitter, Once a Threat to Titans, Now Belongs to One
Is It Worth the Risk to Sublet an Apartment Illegally?
Spelling Bee Forum
Scarred by War, Ukraine’s Children Face Years of Trauma
For Rishi Sunak, Family Wealth From Outsourcing Adds to a Secretive Fortune
Are Prebiotics Important for Gut Health?
Many Military U.F.O. Reports Are Just Foreign Spying or Airborne Trash
How Radio Powers Ron Johnson, a Many-Time Caller to His Longtime Listeners
Prescribed Burns Are Encouraged. Why Was a Federal Employee Arrested for One?
Beaches? Cruises? ‘Dark’ Tourists Prefer the Gloomy and Macabre
Elon Musk Takes Twitter, and Tech Deals, to Another Level
Still the Biggest Skeleton in the Game?
Why USB-C Is the Meryl Streep of Cables
The Pelosis and a Haunted America
A Compromise on Immigration Is Possible. This Bill Could Make It Happen.
On Affirmative Action, What Once Seemed Unthinkable Might Become Real
See also
The Pelosis and a Haunted America
Scarred by War, Ukraine’s Children Face Years of Trauma
On Affirmative Action, What Once Seemed Unthinkable Might Become Real
With Western Weapons, Ukraine Is Turning the Tables in an Artillery War
Prescribed Burns Are Encouraged. Why Was a Federal Employee Arrested for One?
Still the Biggest Skeleton in the Game?
A Compromise on Immigration Is Possible. This Bill Could Make It Happen.
Are Prebiotics Important for Gut Health?
For Rishi Sunak, Family Wealth From Outsourcing Adds to a Secretive Fortune
Many Military U.F.O. Reports Are Just Foreign Spying or Airborne Trash
Spelling Bee Forum
Beaches? Cruises? ‘Dark’ Tourists Prefer the Gloomy and Macabre
Teens Turn to TikTok in Search of a Mental Health Diagnosis
Why USB-C Is the Meryl Streep of Cables
How Radio Powers Ron Johnson, a Many-Time Caller to His Longtime Listeners
An ‘Army’ of Volunteer Sleuths Are Out Hunting for Your Stolen Car
Is It Worth the Risk to Sublet an Apartment Illegally?
Twitter, Once a Threat to Titans, Now Belongs to One
Elon Musk Takes Twitter, and Tech Deals, to Another Level
Biden’s Agenda Hangs in the Balance if Republicans Take Congress