Graham Webster, who researches US-China relations at Yale Law School, has published a timeline of what he considers to be the media’s (and US government’s) tendency to hype the threat of cyber-attacks from China. Webster thinks that, by turns, the bureaucrats and the media have a tendency to run away with the narrative of China waging a concerted cyber-war on America. Intentionally or not, Webster argues, this is amplifying the message coming from Washington in ways that could be dangerous.
Here, for example, is a problematic line from a recent New York Times piece on the testimony of James Clapper, US Director of National Intelligence (emphasis mine):
James R. Clapper Jr., warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy, and suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.
But this is not really what Clapper said. While he highlighted cyber attacks as an important threat (and they are discussed at length in the March 12 Worldwide Threat Assessment (pdf) released by his office), both his public comments, as far as transcripts are available, and the report he referenced says that in the next two years there is a “remote” possibility of a cyber attack on the US that would damage infrastructure—as the Times story acknowledges.
I called up one of the reporters on the story, Mark Mazzetti, who explained that, when it comes to reading the tea leaves in Washington, the order in which threats are listed in the Worldwide Threat Assessment report is significant. This year, for the first time since 2009, “Cyber” came first in the report, before terrorism and nuclear proliferation.
That certainly suggests that intelligence officials want Congress to know that cyber attacks are an emerging threat, likely to grow more serious in the near future while the threats of, say, al-Qaeda bombings or an Iranian nuclear weapon remain more stable. But that’s not the same as saying they are “the most dangerous immediate threat”, especially not if the chances of a significant cyber-attack in the next two years are “remote.” (Even trying to compare such disparate threats and say which is “most dangerous” seems a contentious exercise.)
Is this just nit-picking? No. It matters because, as security guru Bruce Schneier told Quartz, the US is not presently, nor has it ever been engaged in a cyberwar. As Webster notes, in coverage of hacking emanating from China, “the difference between stealing secrets and threatening military systems or life-supporting infrastructure is often glossed over, allowing fear of economic espionage to bleed into fear of military battle.”
While bringing the issue of cyber attacks into the open could lead to a more open dialogue about the problem, the way in which it’s raised is crucial. Too much alarmism will color both public perception and politicians’ actions on the issue, perhaps dangerously. Webster again:
If more people in the US start seeing China as a Cold War-like enemy, they may find themselves fulfilling their own prophecy, an outcome far worse than the loss of corporate secrets.