Editor's note: Amitai Etzioni is a sociologist and professor of international relations at George Washington University and the author of several books, including "Security First" and "New Common Ground." He was a senior adviser to the Carter administration and has taught at Columbia and Harvard universities and the University of California, Berkeley.
Washington (CNN) -- On Wednesday, Google announced that hundreds of users of its Gmail service -- including high-ranking U.S. and South Korean officials, journalists and Chinese political activists -- had been targeted by hackers who sought to steal their passwords and monitor their e-mails. Google concluded the attack came from a provincial capital in eastern China, which is also the location of a technical reconnaissance center for the Chinese military.
China denied it was involved in the attacks, saying, "The claim that China supports hacking is completely created out of nothing, and is out of ulterior motives."
Nevertheless, American officials have said that in recent years, China has waged an aggressive cyberoffensive against the United States. According to the 2007 report to Congress of the U.S.-China Economic and Security Review Commission, China has made cyberespionage a military priority and "is actively engaging in cyber-reconnaissance by probing the computer networks of U.S. government agencies as well as private companies." China is believed to have penetrated more than 30 major American companies. Cyberattacks believed to have originated in China breached the security of top-secret plans for the F-35 Joint Strike Fighter, although the Chinese government denied the report.
According to a report of a House of Representatives Select Committee, China "has stolen classified information on all of the United States' most advanced thermonuclear warheads and several of the associated re-entry vehicles." According to the 2007 congressional report, China "now comprises the single greatest threat to U.S. technology."
China's intrusion into American networks, the report finds, has given it ample data for "identifying weak points in the networks, understanding how leaders in the United States think, discovering the communication patterns of American government agencies and private companies, and obtaining valuable information stored throughout the networks."
The threat reaches beyond espionage. Chinese agents are thought to have placed the tools to carry out a major cyberattack that could cripple critical American infrastructure. Analyses of the United States' electricity grid have revealed extensive intrusions, especially by Chinese (and Russian) agents who are believed to have placed "logic bombs" (malicious lines of code that can be activated remotely) in the grid's three networks (East, West and Texas.)These logic bombs, if not discovered and removed, can be detonated in the event of a war or for sabotage.
It is difficult to predict exactly how a major cyberattack could play out, but anyone who wonders how a successful offensive might impact the brick-and-mortar world should recall the impact of the "Stuxnet" virus on Iran's nuclear program. The virus, which may have been an attack by the United States or Israel, took over Siemens-built industrial control systems and ordered them to run centrifuges so fast they broke down.
The defense from cyberattacks is challenged by the "attribution problem" -- the extreme difficulty of determining exactly where attacks originate. Former Assistant Attorney General Jack Goldsmith describes attribution as "very difficult, and very resource-intensive, and sometimes impossible." Malicious cyberactors employ numerous methods to disguise or hide their origins and identity. For example, governments may mobilize, employ, or support private citizens as agents so they can carry out cyberattacks while the governments enjoy plausible deniability. (China is widely believed to employ this tactic.) James Lewis, a leading cybersecurity expert, has written that "a sophisticated (cyber) opponent will be able to operate clandestinely and with a high degree of deniability."
Still, even if it can be established which nation is behind a cyberattack -- there often is no effective way to strike back in kind. This is the case because many countries that launch attacks against the United States have no major industrial or military innovations we would be interested in gaining. Also they are often much less dependent on the Internet.
This brings us to the troubling suggestion that the United States will need to respond to a major cyberattack with a military strike. Just one day before Google announced the Chinese attack, The Wall Street Journal reported that "the Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force." The plan reflects the U.S. military's frustration with the limitations of cyberdeterrence: "If you shut down our power grid," commented one military official, "maybe we will put a missile down one of your smokestacks."
We thus find ourselves in a very tough spot. We are most unlikely to go to war , let alone with China, over their stealing our industrial and military secrets, but otherwise we are left robbed and exposed. Hopefully the China doves will win, including American observers like Henry Kissinger, who in his just-published book argues that we can "co-evolve" with China and learn to work with the Chinese to manage world affairs in a peaceful manner.
The aim would be to build a major geopolitical partnership with China, part of which will entail persuading them to let us be -- so we shall let them be.
The opinions expressed in this commentary are solely those of Amitai Etzioni.