February 8, 2008 | Executive Summary on Asia
America's counterintelligence czar, Dr. Joel F. Brenner, painted an alarming picture of economic espionage in 2006, albeit in the objective tones and neutral parlance of the intelligence community. He reported to Congress that "foreign collection efforts have hurt the United States in several ways":
Dr. Brenner characterizes China as "very aggressive" in acquiring U.S. advanced technology. "The technology bleed to China, among others, is a very serious problem," he said in March 2007, noting that "you can now, from the comfort of your own home or office, exfiltrate information electronically from somebody else's computer around the world without the expense and risk of trying to grow a spy."
On November 15, 2007, the bipartisan, congressionally chartered U.S.-China Economic and Security Review Commission (USCC) put a finer point on it: "Chinese espionage activities in the United States are so extensive that they comprise the single greatest risk to the security of American technologies." Cyberpenetration is by far China's most effective espionage tool, and it is one that China's spy agencies use against America's allies almost as much as against U.S. targets.
Targeting America. The U.S. military has been the primary target of Chinese cyberattacks, followed closely by the Departments of State, Commerce, and Homeland Security. Academic, industrial, defense, and financial databases are also vulnerable. Regrettably, American officials tend to be very sensitive to China's feelings and refrain from public allegations that the attacks are launched by Chinese agents, even though, as one U.S. cybersecurity expert points out, "the Chinese are in half of your agencies' systems" already.
In fact, Chinese cyberwarfare units have already penetrated the Pentagon's unclassified NIPRNet (Unclassified but Sensitive Internet Protocol Router Network) and have designed software to disable it in wartime. One general officer admitted that "China has downloaded 10 to 20 terabytes of data from the NIPRNet already" and added, "There is a nation-state threat by the Chinese."
Richard Lawless, then Deputy Under Secretary of Defense for Asia-Pacific affairs, told a congressional committee on June 13, 2007, that the Chinese are "leveraging information technology expertise available in China's booming economy to make significant strides in cyber-warfare." Lawless noted that the Chinese military's "determination to familiarize themselves and dominate to some degree the Internet capabilities...provide[s] them with a growing and very impressive capability that we are very mindful of and are spending a lot of time watching."
Chinese People's Liberation Army's cyberwarfare units now have the source codes for America's ubiquitous office software--provided to the Chinese government as a condition of doing business in China. This means that they essentially have a skeleton key to almost every networked government, military, business, or private computer in America that is accessible through the Internet.
What the Administration and Congress Should Do.Recent cyberattacks on the United States and its allies combined with warnings from the Defense Science Board and the U.S.-China Economic and Security Review Commission emphasize the seriousness of this growing threat to U.S. national security. To address this threat, the Administration and Congress should:
Conclusion.America's vulnerability to cyberattacks is a critical threat to national security. If the Administration and Congress do not address these problems and implement the 2005 recommendations of the Defense Science Board, the fix will become prohibitively expensive and/or America's national security will be irreversibly compromised.
John J. Tkacik, Jr., is Senior Research Fellow in China, Taiwan, and Mongolia Policy in the Asian Studies Center at The Heritage Foundation.