Economic action against China is one of the only ways the United States can quell the growing rate of state-sponsored cyber attacks, America's former top spy says, adding that the private sector is largely alone in planning in planning its own defenses. U.S. intelligence agencies already knew much of the content of a report that pinpointed the origin of thousands of attacks waged on international targets, including American firms, to a building in Shanghai, said Michael Hayden, a retired Air Force four-star general, while speaking at the George Washington University Tuesday. Almost every cyber attack from the Chinese has been espionage rather than destruction, he said. But the cyber realm has witnessed game-changing attacks that have shifted the nature of this war, Hayden said, including the Stuxnet worm, reportedly designed by the Americans and Israelis, to slow Iran's nuclear program.
This computer virus caused roughly 1,000 centrifuges at an Iranian nuclear site in Natanz in 2010 to speed up to the point of self destruction, while simultaneously convincing the monitoring system that nothing was amiss.
"This has the whiff of August 1945," said Hayden, referring to a new class of weaponry that had never been used before. "Someone, probably a nation-state, just used a cyber weapon in a time of peace…to destroy what another nation could only describe as their critical infrastructure."
"That's a big deal. That's never happened before," he says.
The only reasonable response to contemporary cyber attacks from China includes taking that country to task through trade restrictions, he said, as well as bolstering U.S. cyber defenses, 95 percent of which lie in private companies.
"Chinese espionage and, more broadly, Chinese cyber behavior is very, very disturbing and it should not be allowed to stand," said Hayden, who served as CIA director from 2006 to 2009, and NSA director from 1999 to 2005. "The Chinese really want to be treated as a great power. A prerequisite for that is to act as a great power."
China is not an enemy, and there is no good reason for that to change, he said. There are "logical, non-heroic policy choices available to the Chinese" to maintain a competitive relationship that is only occasionally confrontational.
Yet America is "almost defenseless" to cyber attacks and should begin to hold China accountable, he says. The United States should stop importing Chinese products, particularly those based on stolen U.S. patents, and restricting Chinese visitors' entry to America.
"You've got to start taking some actions. Are they painless for us? No," said Hayden.
Much of U.S. vulnerability is due to its "cultural openness" and "political culture," he says, adding that the country could make it much more difficult for others to inflict harm through cyber attacks, but that would require a national discussion of what kind of protection Americans are willing to accept.
Defensive responses could be styled after the military, law enforcement, firefighters, or the Centers for Disease Control, Hayden said. Each requires varying degrees of restrictions from its citizens to anticipate or deal with a crisis.
"Those are all models. Those are all legitimate, those all work in a specific domain," said Hayden.