Chinese cyberattacks hit key US weapons systems. Are they still reliable?
-
Mark Clayton Staff writer
Dozens of key US weapons system designs and technologies have been compromised by Chinese hackers, creating fresh uncertainty over America鈥檚 warfighting capabilities in any future conflict in Asia, according to a defense advisory group study and defense policy experts.
The laundry list of US weapons systems whose files have been accessed during the past decade by Chinese hackers includes some of the nation鈥檚 most expensive and exotic programs. The list was contained in a confidential version of a Defense Science Board report, according to The Washington Post.
The list includes the Terminal High Altitude Area Defense missile system, the V-22 Osprey tilt-rotor aircraft, Patriot Advanced Capability-3 antimissile system, along with the Global Hawk unmanned aerial vehicle, the Aegis ballistic missile defense system, and the F-35 Joint Strike Fighter.
The long-term impact, experts say, could be to give China an edge in any confrontation as well as speeding deployment of advanced military technology that will cost it billions less to develop, defense experts say.
The unclassified version of the Defense Science Board report entitled, 鈥淩esilient Military Systems and the Advanced Cyber Threat,鈥 which did not contain the list and barely mentions China, was released in January. But defense officials, speaking anonymously, told the Post that Chinese hackers are behind the attacks on most of the systems on the list in the restricted version.
鈥淭he Defense Science Board, a senior advisory group made up of government and civilian experts, did not accuse the Chinese of stealing the designs,鈥 the newspaper reported. 鈥淏ut senior military and industry officials with knowledge of the breaches said that the vast majority were part of a widening Chinese campaign of espionage against US defense contractors and government agencies.鈥
Earlier this month, the Pentagon went on record with another report, this one to Congress, saying that Chinese cyberespionage of weapons systems is a key part of China鈥檚 effort to vault itself forward. That report for the first time specifically cited China鈥檚 government and military as directly responsible for cyberthefts involving US weapons systems.
鈥淐hina is using its computer network exploitation capability to support intelligence collection against the US diplomatic, economic, and defense industrial base sectors that support US national defense programs,鈥 the unusually blunt report to Congress said. 鈥淭he information targeted could potentially be used to benefit China鈥檚 defense industry, high technology industries, policymaker interest in US leadership thinking on key China issues, and military planners building a picture of US network defense networks, logistics, and related military capabilities that could be exploited during a crisis.鈥
The unclassified version of the Defense Science Board report cited cyber vulnerabilities in 鈥渟ystems that are used to support and operate those weapons or critical IT capabilities embedded within them.鈥
What the pair of reports, along with the emergence of the restricted list, suggests is a wholesale loss of integrity and introduction of new levels of potential vulnerability of those weapons systems to Chinese military hackers, defense policy and cybersecurity experts told the Monitor.
鈥淎ll the stuff on this list is extremely sensitive 鈥 it鈥檚 like the kitchen sink,鈥 says Kenneth Flamm, a technology expert at the Pentagon during the Clinton administration, and now an economist at the University of Texas at Austin. 鈥淚t raises serious questions about whether we can rely on these systems.鈥
The list includes systems compromised during an ongoing Chinese cyberespionage campaign that began in late 1990s. Its first significant successes came in 2002-03 and peaked in 2007, when the hackers got into at least five federal agencies, including the Defense Department, Commerce Department, State Department, NASA, and the Energy Department, says James Lewis, a senior fellow and cybersecurity expert with the Center for Strategic and International Studies, a Washington think tank.
About that time, government officials started to get serious about cybersecurity, and the incoming Obama administration also kicked off in 2008 a strategic review of cybersecurity. Since 2009, the Pentagon鈥檚 cybersecurity has been vastly improved, Dr. Lewis says.
鈥淎 lot of these cyberthefts happened before the Obama program kicked in,鈥 Lewis adds. 鈥淏ut we still can鈥檛 rest easy, because we don鈥檛 know what they got and what they did while they were inside these networks.鈥
Software can make up perhaps one-third of the value of weapons systems like the Patriot missile and other system, he notes. Software for other systems on the list may now need an overhaul in order to ensure their integrity, he notes.
鈥淚f they got into the software code and left something behind, we鈥檝e got a serious problem,鈥 he says. 鈥淗ow do we know? We don鈥檛. So the answer is that we have to redo the system to be sure it isn鈥檛 compromised.鈥
For its part, China regularly denies cyberespionage charges 鈥 and claims it, too, is a victim. But the emergence of the list comes amid heightened tensions between the US and China over charges of rampant cyberespionage by China against US defense industry, energy systems, and other economic targets.
In discussing an April visit to China by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, Defense Secretary Chuck Hagel called cyberattacks 鈥渢he greatest threat to our security 鈥 economic security, political security, diplomatic security, military security 鈥 that confronts us.鈥
During the visit, a top Chinese military officer, Gen. Fang Fenghui, seemed to concur, saying of cyberinsecurity that 鈥渢he damaging consequences it causes may be as serious as a nuclear bomb.鈥
