Cyberattack Leaves US Looking Vulnerable

Tom Cheshire, Technology Correspondent

Every nation is at it: continually probing each other's digital defences, looking for secrets and often making off with them.

So of all the myriad cyber attacks happening daily why has the US now accused China ?

Although the accusation isn't good for China, it may be worse for the US government.

In effect, it is publicly admitting that the best digitally armed nation in the world is vulnerable. Some of its most sensitive personnel information has been stolen.

It's startling, especially when you consider how reticent private companies are to talk about cyber attacks they've suffered.

But that's the reason for the disclosure. This isn't just about shaming China: it's about raising awareness - and so extra money - for cyber security. The Chinese are simply the best bogeymen.

And indeed US Representative Adam Schiff duly called for "a substantial improvement in our cyber databases and defences".

The Senate intelligence committee chairman Richard Burr also demanded an overhaul of cyber security.

Attackers are always one step ahead of defenders, but this shows the US is worried about how big that gap is growing.

It also comes in the middle of a fierce debate about encryption - the technologies that keep much of our online data secure.

The UK Government wants tech companies to provide a weakened form of encryption to users, so that it can intercept encrypted messages between terrorists and criminals, for example.

On Thursday, though, Tim Cook, the CEO of Apple, launched a blistering attack on those plans.

"So let me be crystal clear - weakening encryption, or taking it away, harms good people that are using it for the right reasons," he said.

"We think this is incredibly dangerous. We've been offering encryption tools in our products for years, and we're going to stay on that path. We think it's a critical feature for our customers who want to keep their data secure."

If even the US government can't keep its vital data secure, how can any government argue that its citizens need to be less well-protected online?