China has advanced its computer network capabilities to the extent that they pose a significant threat to U.S. military operations in the event of a conflict, according to a new report by a security watchdog.
The report, released Thursday by the U.S.-China Economic and Security Review Commission, details how China is advancing its capabilities in computer network attack, defense, and exploitation and examines issues related to cybersecurity and potential risks to U.S. national security and economic interests.
“People’s Liberation Army (PLA) leaders have embraced the idea that successful warfighting is based on the ability to exert control over an adversary’s information and information systems,” the report says, adding that PLA analysts consistently identify “U.S. strategic centers of gravity, which they would almost certainly target in the event of [a] conflict.”
The commission released its report amidst an ongoing congressional review of cybersecurity legislation, calling on U.S. lawmakers to take the risk of a Chinese systems attack into account as they deliberate how to protect domestic networks.
"The United States suffers from continual cyber-operations sanctioned or tolerated by the Chinese government," said Commission Chairman Dennis Shea.
"Our nation's national and economic security are threatened, and as the Chinese government funds research to improve its advanced cyber capabilities these threats will continue to grow.”
The report said that the PLA has benefitted specifically from direct access to cutting edge research and technology supplied by Chinese commercial firms partnered with foreign corporations, as well as from academic talent in its military and civilian university system.
It said that a close relationship with large Chinese telecommunications firms also allows for PLA penetration of supply chains for electronics supporting the U.S. military, the U.S. government, and civilian industry “with the potential to cause the catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety.”
Potential effects of a supply chain penetration include providing covert access to sensitive systems, the ability to degrade a system’s mission effectiveness, or to insert false information that could allow remote control or destruction of the targeted system.
Commissioner Michael Wessel said that specific doctrinal intent and financial support for government-sponsored cyber espionage capabilities in China represent a “clear and present danger that is increasing every day.”
“It's getting harder and harder for China's leaders to claim ignorance and innocence as to the massive electronic reconnaissance and cyber intrusions activities directed by Chinese interests at the U.S. government and our private sector,” he said.
But cyber attacks often cannot be definitively attributed to a specific entity or government and there is currently no policy in place to determine the appropriate response to a large scale attack on U.S. military or civilian networks, the report warned.
“Beijing may seek to exploit this gray area in U.S. policymaking and legal frameworks to create delays in U.S. command decision making.”
In August last year, China rejected suggestions that it was behind a massive cyberspying initiative reported earlier that month by security firm McAfee.
McAfee said in a report titled "Operation Shady RAT" that hackers compromised computer security at more than 70 global organizations, including the U.N. and U.S. government bodies, sparking speculation that China was behind the attacks.
McAfee did not identify any country behind the hacking campaign, but its security experts had said in February last year that hackers working from China had targeted the computers of oil and gas companies in the U.S., Greece, Taiwan, and Kazakhstan.
The “coordinated, covert, and targeted” attacks began in November 2009, and the hackers succeeded in stealing sensitive information, it said.
The Chinese government has denied any involvement in hacker activities, saying it is opposed to them.
Reported by Joshua Lipes.