Nov 10, 2011

China Cyber-Stealing Its Way to Super Power Status

Bob MaginnisBy Bob Maginnis


A new report to Congress demonstrates China is stealing its way to super power status by robbing America of jobs, economic information, manufacturing technology, and military secrets. Our response to this crisis is analogous to taking a knife to a gunfight.

“Chinese actors are the world’s most active and persistent perpetrators of economic espionage,” according to the report by the U.S. Office of the National Counterintelligence Executive (ONCIX). Cyber spying represents a significant and growing threat to America’s prosperity. China, the worst offender, steals American technology as a matter of national policy, and is expected to remain the leading thief unless something dramatic is done.

The annual costs for America of cyber espionage could be $400 billion or more a year, according to ONCIX, which based the report on assessments of 14 American intelligence agencies. That loss may explain some of China’s economic growth, its trade dominance, and our losses.

Since 2001, America has lost 2.8 million jobs to China, which accounts for 2.2% of our unemployment, according to the Washington, D.C.-based Economic Policy Institute. Those losses may be in part due to Chinese cyber espionage, which robs America of its intellectual property, our research and development information, which costs 2.8% of our gross domestic product, and corporate economic data. That inevitably contributes to our annual trade deficit with Beijing, which was $273 billion in 2010.

China’s cyber espionage is also a danger to our national security. The Pentagon’s 2011 report on China’s military alleges Beijing conducts cyber “intrusions” focused on “exfiltrating information” from defense websites. It “relies on foreign technology … to advance military modernization,” which if Beijing can’t buy, it steals. Chinese espionage explains the loss to China of American encryption, cruise missile and stealth technologies.

There is also the matter of China’s cyber warfare capabilities, which use some of the same tools, tactics and techniques employed in economic espionage. The Pentagon report confirms China plans to use cyber attacks to “constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.”

Recently Defense Secretary Leon Panetta said, “We could face a cyber attack that could be the equivalent of Pearl Harbor,” according to the Associated Press. It could “take down our power-grid system, take down our financial systems. … They could virtually paralyze this country,” warned Panetta.

Cyberspace is the perfect environment for Chinese espionage paralyzing America’s critical infrastructure. There is little risk of detection because China hides behind proxy computers and routers in third countries. Cyberspace also makes possible the near instantaneous transfer of enormous quantities of information that accelerates its economic development, and the costs are often devastating to the victim.

ONCIX outlined the costs of cyber espionage. The costs include the illicit transfer of military technology that could endanger American lives, by putting advanced weapons in the hands of an enemy. It can also undercut our ability to economically compete with China. “The theft of trade secrets undermines a corporation’s ability to create jobs,” ONCIX states. Those secrets are especially significant because they generate revenue, foster innovation, and lay the economic foundation for prosperity.

It is not surprising Chinese officials dispute ONCIX’s report. Chinese embassy spokesman Wang Baodang claims China opposes “any form of unlawful cyberspace activities,” according to the Washington Post. Of course, that view depends on your definition of “lawful.”

“Chinese leaders consider the first two decades of the 21st century to be a window of strategic opportunity for their country,” according to ONCIX. Beijing intends to use this time to exploit all means to promote economic growth and scientific advancement, which may explain the surge of computer network intrusions originating from Internet protocol (IP) addresses in China.

Beijing created Project 863, according to ONCIX, to fund and guide Chinese efforts to surge cyberspace intrusions in order to acquire U.S. technology and economic information. The project is a vacuum cleaner for “key technologies for the construction of China’s information infrastructure.” It also focuses collection efforts on marine systems to jump-start development of China’s blue-water navy and feeds Chinese industry with clean technologies, advanced materials and manufacturing techniques, particularly in aviation and high-speed rail sectors.

ONCIX chronicled some of Project 863’s activities to illustrate the scope of the problem. For example, the report cites a February 2011 intrusion labeled “Night Dragon,” with an IP address located in China that tried to exfiltrate data on global oil, energy and petrochemical companies. Verisign iDefense identified the Chinese government as intruding on Google’s networks in January 2010 to download its source code, and in the same year there were Chinese breaches seeking information from Fortune 500 companies known to be negotiating with Chinese firms.

The ONCIX report warns the cyber threat will get worse just as nearly all business records, research results, and other sensitive economic and defense data are digitized and accessible on networks worldwide. That is why America must prepare to cope with four shifts in the cyber environment that make us more vulnerable, states ONCIX.

First, we face a technological shift as the number of devices connected to the Internet increases from 12.5 billion in 2010 to 25 billion in 2015. This will cause a proliferation in the number of operating systems and end points that cyber thieves can exploit for sensitive information.

Second, an economic shift will influence how cyber users share storage, computing, network, and application resources. This is called a “cloud computing” paradigm, which is cheaper than existing systems and allows employees more remote access, but increases the opportunities for thieves.

Third, a cultural shift involves the rise in the U.S. workforce with different expectations regarding access to cyber information from any location. This shift provides great flexibility and perhaps more productivity, but also increases the risk of theft.

Finally, a geopolitical shift means the globalization of economic activities and knowledge creation. The globalization of economic activity will offer more opportunities for malicious activity.

The rapidly shifting cyber landscape will translate into significant new American vulnerabilities, especially if it continues to rely on current strategies. ONCIX outlined America’s defensive strategies: improved collaboration, improved analysis and collection, operations (detect, deter, and disrupt collection activity), training and awareness, and outreach to the private sector.

These strategies are all important, but the cyber war will not be won using defense alone. We must go on the offense with China and other proven cyber thieves such as Russia.

If China refuses to change its espionage attacks, our offensive actions must include trade sanctions, embargoes, and even campaigning to remove China from the World Trade Organization, whose membership we endorsed in 2001. Beijing’s cyber misbehavior, like its currency manipulation, is more reminiscent of a criminal syndicate than a fair trade partner.

We must also give the Pentagon’s Cyber Command the authority, means and approval to take offensive action against cyber attacks, state-sponsored or otherwise. American jobs, our economic competitiveness, our secrets, and perhaps our very existence are at stake.

Related Links

China’s cyber armies likely to include social battalions - Silicon Republic
Why the U.S. is losing the cyberwar against China -
DARPA: hackers can help protect U.S. cyber infrastructure -
U.S. says will boost its cyber arsenal - Reuters
Cyber Weakness Should Deter U.S. from Waging War - Enterprise Security Today