China’s Cyber Attacks Threaten Social Order: Analyst

Obama-Xi

The U.S. president should tell the leader of China’s communist party that its cyber attacks against Western targets threaten to undermine the Chinese economy and social order, an analyst said.

When asked what President Barack Obama should say to President Xi Jinping at their next meeting in June, James Mulvenon, a vice president at Defense Group Inc., a technology company in Vienna, Va., was blunt.

“This is imperiling your own economic development, which is imperiling your social stability, which is your No. 1 priority,” Mulvenon said May 21 during a panel discussion at the Center for Strategic and International Studies, a think tank in Washington, D.C. “The only message that will get through to a general secretary of the Chinese communist party is that economic development and social stability are threatened by the brazen scope and scale of this intrusion.”

China was a frequent topic of discussion during the discussion, part of an event called “Threat and Response: Combating Advanced Attacks and Cyber-Espionage,” which drew a roomful of academics, executives, government and military officials, and reporters.

A Chinese espionage group since 2006 has stolen hundreds of terabytes of information from at least 141 companies across 20 major industries, including aerospace and defense, according to a February report from Mandiant, a closely held company based in Alexandria, Va., which sells information-security services.

Obama should tell Xi that such actions “are undermining that last remaining pillar of strategic cooperative Sino-U.S. relations,” Mulvenon said. “The trade and business community are some of the loudest critics of what’s going on on the Chinese side who traditionally have been the strongest proponents of cooperative Sino-U.S. relations.”

Mulvenon also criticized China’s official response to the report.

“The Chinese, in my view, have always been terrible strategic communicators but they reached a new low recently when their response to the Mandiant report was — and this is an official spokesman at the Ministry of National Defense said — there is no Unit 61398,” he said. “We have hundreds of pieces of open-source data identifying that unit is public knowledge,” he added. “Their literally response at the official level is to deny reality.”

U.S. companies are already being hurt by the theft of intellectual property, according to Shawn Henry, president of CrowdStrike Services, a security technology firm based in San Francisco, and former executive assistant director of the Federal Bureau of Investigation. A biotechnology company that typically takes five years to take an idea to market has noticed Chinese competitors churning out similar products in 18 months, Henry said.

“It’s not because they’ve come up with some newfangled manufacturing process,” he said during the panel. It’s because concept and engineering resources are “being stolen, and they’re going right from manufacturing and to market.”

Chief executive officers must be responsible for the security of their companies’ networks, according to Chris Inglis, deputy director of the National Security Agency, the Pentagon’s code-breaking wing.

“We need to hold CEOs or the appropriate parties accountable for the resilience, the security, integrity of those things that generate revenue or generate whatever the business is of that particular organization,” he said in separate remarks at the event.

Similar to the way they pay attention to finances under Sarbanes-Oxley, the 2002 legislation designed to protect investors from fraudulent accounting practices, executives may “spend an equal amount of time to the integrity and the resilience of their networks because it’s not just a commodity whose fate may have an effect on their bottom line, it’s a foundation for their business,” Inglis said.

A bill sponsored by Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, would make it easier for intelligence agencies to share information with the private sector. The legislation, Cyber Intelligence Sharing and Protection Act, H.R. 624, has been referred to the Senate Intelligence Committee.

The U.S. Defense Department in a report released May 5 for the first time blamed China directly for targeting its computer networks. The attacks were focused on extracting information, including sensitive defense technology.

“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” it states. “The accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks.”

China called the accusations “groundless” and “not in line with the efforts made by both sides to strengthen mutual trust and cooperation,” according to a May 9 article published on the state-run website, “People’s Daily Online.” The country is a “victim itself of cyberattacks,” it states.

The U.S. faces a dilemma in talks with China because the U.S. has tried to make a distinction between types of spying in cyberspace, including traditional espionage, which it says cannot be legislated or governed through treaty, and commercial espionage, which it says can, Mulvenon said.

“This has been a real clangor with the Chinese because they don’t see the distinction because in their system the same people are doing both,” he said. China has single, large-scale, state-owned companies in each sector of the economy, making it easy for government spies to pass intelligence to corporate executives, he said.

“They don’t believe us when we tell them we are statutorily precluded from doing commercial espionage and we even give them a very practical reason: We say if the United States conducted commercial espionage on behalf of its companies, we wouldn’t know how to share the proceeds without somebody who didn’t get it suing us in the U.S. government for anti-trust violations,” Mulvenon said.

Russia is much stealthier than China when it comes to cyberspace espionage, Mulvenon said. “They use a lot more crypto,” he said, referring to cryptography.

About the Author

Brendan McGarry
Brendan McGarry is the managing editor of Military.com. He can be reached at brendan.mcgarry@military.com. Follow him on Twitter at @Brendan_McGarry.

8 Comments on "China’s Cyber Attacks Threaten Social Order: Analyst"

  1. They're saving face. I'm surprised the US is not familiar with the concept.

  2. USS ENTERPRISE | May 21, 2013 at 9:22 pm |

    Wow china. Just own up to the fact that you all DO hack us. We may not be fighting a full on war, but cyber warfare is definitely happening. Its not just China behind all this; North Korea and Russia have a stake in it as well. But claiming that reports are "groundless" is just flat out lies. We know that Chinese "geniuses" are hacking our companies. Why you would venture out an say that is incorrect is a sad case of misinformation. Honestly, China needs to have a crackdown on this, though of course it would mean closing down sections of the Chinese government.

  3. I have a tech friend who works with a local government.
    When their computers are attacked, he traces where it came from (Most of the time), tells the ISP that they have a hacker etc on their books, and that the ISP must shut them down, or all of their users will be blocked. (By IP etc)

    If we did this to China, after a while… they would have no computers available to even see the west, letalone hack them.

  4. Ohh…please….. WHAT IS EVERYONE SO SCARED ABOUT. If this is the scale of the Chinese attack, what do you think out attacks on the Chinese network is like? All the Window/Apple OS are written by American Companies, all the network equipments/software on the internet are practically all American…. I can't think of a piece of electronic without any bits of Americana in it. How many of these backdoor are there that we had put into all these systems?

    Will the American government do something like this, you ask? Well, if you are the head of NSA, what would you ask CISCO and Microsoft to do?

  5. It would appear that the Chinese learned their craft from the very best, probably the US government itself. If the Chinese are hacking the US government and industries and you know by whom, shut them down! The US has the capability to counter attack or more precisely, counter hack! There is more than meets the eye on this story,

  6. The U.S. president should tell the leader of China’s communist party that its cyber attacks against Western targets threaten to undermine the Chinese economy and social order, an analyst said.

    Why should the Chinese be suspicious of this?

    To which party does the analyst belong?

  7. -Put a ban on all products coming in from the list of Chinese companies that are associated with the patent violations. Then extend that embargo to companies that continue to do business with these listed companies from all nations.

    -Threaten to bring back the tariff system were we tax all imports to balance the slave labor , no regulation cost benefit.. Why do you think its cheaper for companies to go offshore and build new factories, train new workforce, and then ship back here yet still be more profitable.

    -End the existing income based tax system and go with a Federal sales tax. That will put the tax on every product including all the imports that currently pay NO US taxes making US made products much more competitive here in the states. You will net more "new revenue" off those imports, less paperwork, and less politicians getting rich to write loop holes for X corporate campaign contributor. Oh did I mention you get a graduated system because we all know the rich spend magnitudes more than what the food exemption would be.

    We need leaders that represent AMERICA and american interest first unashamed without question. Not "world leaders" trying to save the world at OUR expense.

  8. If I was in charge I'd put a layer of hackable information as a front to secure and business systems, imagine "10 slightly different" software programs for the F-35, let them spend the time and energy building copies of these devices only to find out they don't really work or can be taken over by remote control and be driven by a drone operator..
    The U.S. has the abillity to really confuse and waste a lot of Chinese time & money..

    Now that would be "real espionage"

Comments are closed.