In November 1997, Deputy Defense Secretary John Hamre testified before the Senate Subcommittee on Terrorism that “we’re facing the possibility of an electronic Pearl Harbor. … There is going to be an electronic attack on this country some time in the future.” Two years later, he told a secret session of the House Armed Services Committee, “We are at war - right now. We are in cyberwar.” Fast-forward more than a decade, to 2011. President Obama’s choice for secretary of defense, Leon Panetta, tells the Senate Armed Services Committee at his confirmation hearing that the United States faces a possible “electronic Pearl Harbor.” Mr. Panetta had been the CIA director for the previous two years - so he would have known.
Two extreme, nearly identical warnings 12 years apart should have brought home the magnitude of the electronic threat facing the country. Yet nothing was done. When former Director of National Intelligence Adm. Mike McConnell was asked directly by Congress about our ability to withstand such an onslaught, he replied, “The United States is not prepared for such an attack.”
The Obama administration has shown a shocking disinterest in this threat, earning it a blunt rebuke from former White House national security official Richard Clarke. While “our government is engaged in defending only its own networks … it is failing in its responsibility to protect the rest of America from Chinese cyber-attack,” Mr. Clarke wrote in the Wall Street Journal. In other words, the federal government has taken action to protect itself, but not the rest of us. Mr. Clarke further declared that “senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations,” and yet, “In private, U.S. officials admit that the government has no strategy to stop the Chinese cyber-assault.”
This searing denunciation of the Obama administration’s passivity toward China is made all the more powerful by the fact that Mr. Clarke is no Republican partisan. To the contrary, he had a bitter falling out with the Bush administration during his service, after which he became a generous contributor to liberal groups such as Moveon.org and to Democratic candidates including Barack Obama himself.
The Obama administration at least claims to recognize the problem. Deputy Defense Secretary William Lynn told a European audience in June 2011, “The third and most dangerous cyberthreat is destruction, where cybertools are used to cause physical damage. … It is possible to imagine attacks on military networks or on critical infrastructure - like the transportation system and energy sector - that cause economic damage, physical destruction, or even loss of life.” However, the administration’s grand solution is, as Mr. Lynn took great pride in announcing, merely to institute “a pilot program with a handful of defense companies to provide more robust protection for their networks.” The commanders of the Chinese Army must be quaking in their desk chairs.
Most Americans don’t realize the Chinese have already successfully attacked many U.S. government and civilian computer systems. The Wall Street Journal noted that in one major Chinese intrusion, the attackers were “able to copy and siphon off several terabytes of data related to design and electronics systems … potentially making it easier to defend against [American F-35 fighter-jets].” Consequently, “Chinese spies enjoyed months of access to the personal Google emails of U.S. officials and human rights activists,” reported London’s Telegraph in 2011.
In 2006, network intrusions caused authorities to shut down the entire computer system at the U.S. Naval War College. Air Force Gen. Richard Goetze, a professor at the military school who previously was the commander in charge of developing America’s strategic nuclear war plan, told his students the Chinese “took down” the war college’s network. Even the school’s website and email systems went down. For weeks afterward, military officers - both students and professors - at the school were forced to use private email accounts such as yahoo and gmail instead of their official addresses, exposing government business to untold security risks. This embarrassing attack exposed a serious Pentagon vulnerability as the Naval War College was where the Defense Department created a cyberwarfare center specifically to counter the threat from hackers. Two days after the incident, U.S. Strategic Command raised the security alert level of America’s entire military computer network. Alan Paller, a security expert at the SAND Institute, observed, “The depth of the penetration is more than anybody is admitting.”
America isn’t the only target; financial institutions and international organizations are also vulnerable to Beijing’s cyber-offensive. Chinese hackers blew through the defenses of the Indian company Satyam that held the computer services contract for the World Bank in 2008. Internal World Bank emails called this an “unprecedented crisis,” as World Bank officials held angry closed door meetings with China’s executive director with the bank. Similarly, the International Monetary Fund won’t say who penetrated its information systems in the spring of 2011, but most experts point to China. In 2009, a Canadian think tank identified China as the source of a cybernetwork that “tapped into classified documents from government and private organizations of 103 countries.”
CNN’s computer expert Adam Segal notes that Chinese hackers stole proprietary information from “DuPont, Johnson & Johnson, General Electric, RSA, Epsilon, NASDAQ and at least a dozen other firms.” Moreover, a 2011 Chinese cyber-assault on major Western oil companies, nicknamed “Night Dragon,” was discovered by cybersecurity firm McAffee, Inc., which also found that a “one-state actor” had successfully penetrated scores of industrial companies in what McAffee dubbed “Operation Shady Rat.” The firm didn’t specify which nation was behind Shady Rat, but a major clue is found in the operation’s targeting of the International Olympic Committee, the World Anti-Doping Agency, and various national Olympic committees, all this occurring just before and just after the 2008 Beijing Olympics. Finally, Oak Ridge National Laboratory, where the first atomic bomb was produced, was victimized by Chinese hackers in the fall of 2007 as a follow-on to a larger penetration of U.S. national security just months before.
The Chinese hackers appear to be a vast army of chair-borne warriors associated with or downright part of the People’s Liberation Army. According to a secret U.S. State Department cable revealed by WikiLeaks, American specialists have tracked some of the most serious attacks back to sites known to belong to electronic espionage units of the Chinese military. In 2007, angry U.S. defense officers leaked an internal review reporting that the Chinese military had attacked Pentagon computer networks, including the one serving Defense Secretary Robert Gates.
We now know that the attack on the Pentagon network was more serious than initially reported, to the point that one expert, James Lewis, director of the technology and public policy program at the Washington think-tank Center for Strategic and International Studies, called it an “espionage Pearl Harbor.” In 2010, Mr. Lewis told “60 Minutes” that “terabytes of information” had been downloaded from “all of the high-tech agencies, all of the military agencies” - the State Department, the Department of Energy (which runs our nuclear weapons labs), and the Department of Defense. Asked how big a “terabyte” is, Mr. Lewis replied, “The Library of Congress, which has millions of volumes, is about 12 terabytes. So, we probably lost the equivalent of a Library of Congress worth of government information in 2007.” If the American intelligence community conducted a damage assessment afterward, it has not publicized the details.
Brett M. Decker is editorial page editor of The Washington Times and a former Hong Kong-based editor and writer for The Wall Street Journal. William C. Triplett II is former chief Republican counsel to the Senate Foreign Relations Committee and best-selling co-author of “Year of the Rat” (Regnery, 1998).