Mulvenon talks IT security

James Mulvenon, the vice president of Defense Group, Inc.’s Intelligence Division and a Chinese military expert, discussed cybersecurity and U.S.-China relations on Wednesday in Robertson Hall as part of the Princeton-Harvard China and the World program, co-sponsored by the Center for Information Technology Policy.

He began his lecture with an anecdote, describing how he had been involved in a car crash that morning and survived unscathed, due to the deployment of his airbags.

“Why is it,” he asked, “that I’m safer in my Honda Element driving on an American highway than I am on the Internet?”

In response to his own question, he focused on what he calls the two “fundamental problems at the heart of the cybersecurity challenge right now”: flawed network infrastructure and a policy structure that lags hopelessly behind technological development.

Because the Internet was not developed with malicious purposes in mind, its infrastructure is inherently weak and difficult to defend, Mulvenon said. He explained that the public is “emphasizing connectivity at the expense of security” despite governments’ continued efforts to bolster their cyber defenses, citing examples such as social media, mobile networks and cloud computing.

“There is a very low barrier to entry to those who want to enter the game as an attacker,” he said, noting that hackers do not need prohibitively expensive technologies or state-level power to cause destruction.

“The sad fact that we have to face is that trends are accelerating from goodness, truth and hope.” Mulvenon said. He told many personal anecdotes of U.S.-China academic and government-level talks involving cybersecurity, including one that concluded with the American attendees being gifted potentially infected flash drives as farewell presents.

According to Mulvenon, the Chinese government monitors citizens’ behavior by efficiently hiring “big mamas” to censor online activities and using what he called “the real Leninism of a high-tech surveillance state,” including street cameras and GPS trackers.

“The Chinese view cybersecurity as an overt tool of national security in a very different way from what we’re used to,” he said, citing the Chinese government’s prescient discussion of cyber-tactics in 1995 as a method to counter both the United States and Taiwan in case of a cross-strait dispute.

Mulvenon remained pessimistic about the U.S. response to these cyber-attacks.

“The government has finally developed the mindset that perimeter defense is impossible,” he said. “There is always malicious stuff in your network at all times.”

Eugene Yi ’08, a graduate student in the Wilson School and a Scholar in the Nation’s Service Initiative fellow, expressed his appreciation for Mulvenon’s candid discussion of the weaknesses of U.S. cybersecurity and possible future.

Get the best of the ‘Prince’ delivered straight to your inbox. Subscribe now »

“His personal anecdotes revealed a growing need for future military strategists, lawyers and policymakers who are keenly aware of the changing nature of warfare and security, due to cyberspace,” he said.

Meanwhile, Wilson School concentrator Eddie Skolnick ’12 distilled Mulvenon’s pessimism to a point, saying, “Mulvenon presented a very scary assessment of America’s current ability to secure itself in cyberspace.”

Mulvenon’s own parting words were somber.

“Please go home and update your antivirus definitions, and — like me — become a robust, fanatical user of encryption in your personal life,” he said.