A congressionally created commission has warned that China is stealing vast amounts of sensitive information from government and corporate computer networks in the U.S., including those of the nation's top defense contractors. This theft is part of China's preparation to outmaneuver the U.S. electronically in any future conflict, according to the bipartisan U.S.-China Economic & Security Review Commission.
The panel, established eight years ago, said in its annual report, released on Nov. 20: "China is targeting U.S. government and commercial computers for espionage."
The 10 most prominent U.S. defense contractors are believed to have been "victims of cyber-espionage through penetrations of their unclassified networks," the report said. Among them: Raytheon (RTN), Lockheed Martin (LMT), Boeing (BA), and Northrop Grumman (NOC).
The commission used its own analysts and investigators to compile information on data theft, based on input from defense, military, and intelligence agencies and specialists. Its findings echo the themes of several recent articles in BusinessWeek, which over the past 11 months has published a series on high-tech security threats to U.S. weapons systems and government and defense industry computer networks. The three main installments in the BusinessWeek series were based on previously undisclosed documents and interviews with more than 100 current and former government employees, defense industry executives, and people with ties to U.S. military, space, and intelligence agencies. They are: E-spionage (BusinessWeek, 4/10/08), () Dangerous Fakes (BusinessWeek, 10/2/08), and The Taking of NASA's Secrets (BusinessWeek, 11/20/08).
Spying on NASA
In its report, the China security commission examined the implications of China's pursuit of dominance in cyberspace and outer space. The panel asserted that the Chinese have sought both military secrets from U.S. government networks and lucrative proprietary information from American corporations. The advantage that China has gained from this espionage could reduce current U.S. conventional military dominance in any future conflict, the commission said.
An example of Chinese espionage cited in the report involves an incident in 2005 in which Chinese cyber-burglars downloaded files about the propulsion system, fuel tanks, and solar panels of NASA's Mars Reconnaissance Orbiter, an incident with details similar to those described in the BusinessWeek story on secrets stolen from NASA.
The report accused China of "rationalizing" its behavior while "devising unique interpretations" of treaties. That development by China, the report said, "coupled with its military modernization, its development of impressive but disturbing capabilities for military use of space and cyber warfare, and its demonstrated employment of those capabilities, suggest China is intent on expanding its sphere of control even at the expense of its Asian neighbors and the United States."
China, meanwhile, steadfastly denies engaging in any cyber-espionage or attempting to use cyberspace for military advantage. China's Xinhua News Agency quoted Foreign Ministry spokesman Qin Gang on Nov. 21 as calling the commission's report "unworthy of rebuttal." Qin said the commission "always sees China through distorted color spectacles, and intentionally creates obstacles for China-U.S. cooperation" by "smearing China deliberately and misleading the general public."
China Needs Natural Resources, Too
While the Chinese government had no immediate response to a BusinessWeek request for comment, Wang Baodong, a spokesman for the Chinese Embassy in Washington, had earlier said about the magazine's stories: "China will never do anything to harm the sovereignty or security of other countries. The Chinese government has never employed, nor will it employ, so-called civilian hackers in collecting information or intelligence of other countries."
The U.S. commission predicted that China's cyber-activities "quite possibly will be exacerbated by China's growing need for natural resources to support its population and economy that it cannot obtain domestically. The United States should watch these trends closely and act to protect its interests."
Specifically, the commission urged Congress to spend more money to protect the nation's critical computer systems, and to monitor intrusions from abroad. It also recommends that Congress "assess the security and integrity of the supply chain for computer equipment" used in government and contractor networks, and spend more to buy "from trustworthy sources."
Another worry: the global supply chain for telecommunications items and electronic components manufactured in China. "At least in theory, this equipment is vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation," the report said. It cited the Oct. 13 Dangerous Fakes BusinessWeek cover story that described how hazardous counterfeits are ending up in U.S. military planes and other weapon systems. The commission pointed to a recent incident in which hundreds of counterfeit routers made in China were discovered in active use throughout the Defense Dept.
Epstein is a correspondent in BusinessWeek's Washington bureau.