A cyber security analyst, 2011. (Jim Urquhart / Courtesy Reuters)
It is easy to get lost in cyberspace. This world, created by engineers and populated by everyone, looks different to every person or group that interacts with it. For the U.S. military, cyberspace is a war-fighting domain; for a student, it is a place to interact with peers; for a business, it is a place to make money -- and the list goes on.
Discussions of a related topic, cybersecurity, share the same characteristic. How to achieve security, or even define it, also depends on the participant. For most in the world of cybersecurity, digital espionage is a hot topic. Few news items have caused such a stir in this world as the report released in February by my firm, Mandiant, on Unit 61398, formally known as the Second Bureau of the People’s Liberation Army’s General Staff Department’s Third Department. The report revealed the seven-year history of digital espionage by Unit 61398 against at least 141 Western companies. Mandiant traced Chinese cyber- spying back to the doorstep of a 12-story office building outside Shanghai.
Espionage of any kind is serious, of course, but some do not understand how spying in the cyber world is different from spying in the physical world. Few realize that the same tools required to conduct digital espionage could allow intruders to go a step further and commit digital destruction. Once an adversary has entered a computer system, the amount of damage he does or does not inflict depends entirely on his intent. Whether such actions qualify as war is largely a political decision, but the ability to escalate from espionage to destruction is often ignored.
Critics are quick to assert that espionage is a step below a full-fledged digital attack -- which could constitute an act of war. The writer Bruce Schneier, for example, responded to reports of Chinese cyberactivity by saying, “This is not cyberwar. This is not war of any kind. This is espionage, and