Chinese Hack Targets Weapons' DesignsObama to Speak to China's President About Cyber-Attacks
Through face-to-face meetings at the highest levels of government, the Obama administration is intensifying its efforts to get the Chinese government to stop hacking into American military, government and business computer systems.
"It's an issue that we raise at every level in our meetings with our Chinese counterparts," White House Press Secretary Jay Carney said May 28 in a press briefing aboard Air Force 1.
Carney was responding to a Washington Post report that says the designs for many of the nation's most sensitive advanced weapons systems have been compromised by Chinese hackers.
The Post cites a confidential version of a 2012 report by the Defense Science Board, Resilient Military Systems and the Advanced Cyber-Threat; a declassified version was posted on the board's website in early 2013. The confidential version, the Post reports, notes that programs critical to U.S. missile defenses and combat aircraft and ships were among more than two dozen major weapons systems whose designs were breached.
Chinese Likely Hacking for Years
Richard Stiennon, author of the book "Surviving Cyberwar," says the Chinese hacks of U.S. military systems likely occurred over several years. "The immediate impact will be little since we have no immediate designs on a shooting war with China," says Steinnon, chief research analyst at IT-Harvest, a consultancy he operates. "Long term, I suspect that China can cut short the disparity between the U.S. and China in weapons technology by a matter of years, saving them billions in cost. It is a lot easier to design and build a complicated system if you are copying another design. That said, it is still very hard. It is not like stealing the fall fashions from a dress designer."
The unclassified version of the Defense Science Board report hardly mentions the Chinese, but says DoD's security practices "have not kept up with the cyber-adversary tactics and capabilities," although the Pentagon takes great care to secure the use and operation of weapon systems hardware. "The same level of resource and attention is not spent on the complex network of information technology systems that are used to support and operate those weapons or critical cyber-capabilities embedded within them," the unclassified report says.
DoD Says It's Hardening Cyber-Defenses
George Little, the Pentagon's press secretary, downplays the Post report, issuing the following statement:
"We maintain full confidence in our weapons platforms. The Department of Defense takes the threat of cyber-espionage and cybersecurity very seriously, which is why we have taken a number of steps to increase funding to strengthen our capabilities, harden our networks and work with the defense industrial base to achieve greater visibility into the threats our industrial partners are facing. Suggestions that cyber-intrusions have somehow led to the erosion of our capabilities or technological edge are incorrect."
Still, the White House expresses concerns about intrusions into key systems from China.
"It is an issue that we raise at every level in our meetings with our Chinese counterparts, and I'm sure will be a topic of discussion when the president meets with President Xi in California in early June," Carney said. "It was certainly a topic of conversation when National Security Adviser (Tom) Donilon was having meetings in China, from which he is just returning now."
On March 14, Obama raised concerns about cybersecurity in a telephone conversation with Chinese President Xi Jinping, in which Obama "underscored the importance of working together ... to address issues such as the protection of intellectual property rights. In this context, the president highlighted the importance of addressing cybersecurity threats, which represent a shared challenge," according to a White House statement.
The Chinese government denies it's targeting key U.S. systems. In fact, a Chinese Foreign Ministry statement contends "China is a marginalized group in this regard and one of the biggest victims of hacking attacks." But the Pentagon earlier this month issued a report that directly accused the Chinese military and government of consistently targeting the computers of governments worldwide, including the United States, to collect intelligence [see DoD Outlines China's Spying on U.S. IT]. In its annual report to Congress, the Pentagon said China's intrusions focused on exfiltrating information about American diplomatic, economic and defense industry activities.
In a widely publicized report issued in February, IT security provider Mandiant documented how a Chinese military unit pilfered secrets from government and business computers [see 6 Types of Data Chinese Hackers Pilfer].
Board Identifies Cybersecurity Weaknesses
The Defense Science Board is a senior advisory group consisting of government and civilian experts. Among the board's conclusions in its unclassified report:
- The cyber-threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War;
- The cyber-threat is also insidious, enabling adversaries to access vast new channels of intelligence about critical U.S enablers - operational and technical, military and industrial - that can threaten our national and economic security;
- Defense actions, though numerous, are fragmented; therefore, DoD is not prepared to defend against this threat;
- DoD red teams, using cyber-attack tools that can be downloaded from the Internet, are very successful at defeating Defense systems;
- American networks are built on inherently insecure architectures with increasing use of foreign-built components;
- U.S. intelligence against peer threats targeting DoD systems is inadequate;
- With present capabilities and technology it's not possible for the U.S. to defend with confidence against the most sophisticated cyber-attacks; and
- It will take years for DoD to build an effective response to cyber-threats that includes elements of deterrence, mission assurance and offensive cyber-capabilities.
What should the Pentagon do to stop Chinese hacking? Stiennon offers this answer: "A bottom-up implementation of best security practices would increase the expense for attackers dramatically. Make it hard for them. Make them deploy agents into the target facilities."