Live Q&As

Harder to do than it sounds, and in many cases people don't know they are being spied on until after it happens.

Probably never.  It's like asking why don't banks stock counterfeit money to hand to robbers.  It's nto a bad idea, but it is hard to pull it off.

What we've seen is that it migh be a wash - that if companies took what they spend now and used it a bit more effectively, they could be more secure.  Companies need three things, and there is were some agencies have an advantage: trained people, good rules for "hygiene" and the right technologies to see what is going on in their network.

We can work in a Harry Potter reference by saying the real secret is "constant vigilance."

First example I know of is 1982, with the Russians hiring German hackers to break into DOD networks.  There'sa book on this from the 80s - "Cuckoo's Egg" that's still in print - that says something about the duration of the probem.

There have also been major incidents in the late 1990s, int eh ealry 2000s and we'v put up a list of major incidetns since 2006.  It's not always clear who is responsiblme, even thought hte Chinese often get the blame, but several countries have the necessary skills: Russia, the US, the UK, Israel,  and China, and there are a few others coming up rapidly - my favorites to  watch are north korea and iran

We are pretty good at this, and have done some amazing things in politicla and military espionage, but we don't engage in economic espionage - the US govenrment doesn't take technology form foreign companeis (not everyone beleives that but I think it is still true). that puts us at a disadvantage.  On shooting back, the problem is that spying isn't a act of war under international law.  We might not want to change that since we do some spying ourselves. 

the National  Counter Intelligence Executive (NCIX, part of the DNI) puts out a long list - about 120 coutnries.  That's probably too many.  It' smore liley that there are 30 or so countries that routinely use hacking and five or six at the top of the list - we're one, China is another.  What's interesting to watch is that more countries are looking into developing their own hacking capablities - it's a growth field for military and intelligence action.   

Right now, it is information, but we know that a few countries have probed US networks to find weakneses they can use for an attack, if they ever need to- the eletrical grid is a popular target.  i usually think of it as just another weapons system: its there, and it could be launched, but no country will start a cyber war on a whim.  Once "non-state actors" can launch cyber  attacks, it may be a differetn story, but so far that is not the case.

Passwords don't work at all, especially against a sophisticated opponent.  That's been true for years.  The people who do this kind of stuff for governemtns include people who can do a really hard corssword puzzle in ink in five minutes - they're just really good at getting the right answer from a few clues.  Plus, there are all sorts fo technologies for fidning or guessing passwords. They just don't work.

Some of it is that a few companies that are afraid that China might  retaliate by denying market access.  Some of it is unwillingness to admit to the scope of the damage, and some of it is that we haven't thought about how to deal with what's become (as you note) a much larger trade issue.  I expect this will change in the next couple of  years, but right now, it's a problem that we don't compalin enough when something bad happens.   

It's poor defenses and not enough international engagment on the issue.  We need our side to do better and we need to engage with the other side to reduce the activity.