American-Sino relations just took a sharp turn for the worse with the recent revelation by a U.S. cybersecurity firm that China’s government is involved in massive cyberattacks on U.S. targets. The main perpetrator of these attacks appears to be a highly specialized Chinese People’s Liberation Army (PLA) military unit in Shanghai skilled in breaching vulnerable U.S. computer systems through Internet intrusion. Once inside, valuable information is collected, analyzed and put to use for hostile purposes.
The most troubling aspect of the Chinese cyberattacks is that this appears not to be a rogue PLA operation. The PLA is the consolidated military organization for China’s land, sea, strategic missile and air force, and one of the main tactics in its portfolio is cyberwarfare. Moreover, China’s Central Military Commission, which tightly controls and oversees everything the PLA does, is chaired by the country’s incoming president, Xi Jinping, who also serves in China’s most important post, Communist Party General Secretary.
China’s top targets are aerospace, energy, information technology, satellites and telecommunications, public administration and research and consulting information. The stolen information could be used to wage economic, military and political sabotage and warfare against the United States.
A Virginia-based cybersecurity firm, Mandiant, made its latest revelation in a report Tuesday titled, “Exposing One of China’s Cyber Espionage Units.” It reportedly traced 141 major hacking attempts to the People’s Liberation Army spanning 20 major industries since 2006 — 115 of them against U.S. targets.
This is not the first time China operatives have been caught doing this. In the early 2000s, the U.S. “Titan Rain” investigation revealed that Chinese cyberspies penetrated secure U.S. computer networks serving the country’s most sensitive military bases, defense contractors and aerospace companies, including New Mexico’s Sandia National Laboratory where much of the U.S. nuclear arsenal is designed, and National Air and Space Administration where space exploration, scientific discovery and aeronautics research are pioneered.
According to Mandiant, Chinese hackers typically gain entry to targeted computer networks through “spearfishing” attacks, where someone in an organization receives a creatively disguised email and is tricked into clicking on a link or attachment that then opens a secret door for the hackers. Once in the system, as described by Time magazine in its “Titan Rain” report, hackers commandeer a hidden section of a computer hard drive, zip up as many files as possible and immediately transmit the data to overseas way stations before sending them to mainland China. They always make a silent escape, wiping their electronic fingerprints clean and leaving behind an almost undetectable beacon allowing them to re-enter the machine at will.
It doesn’t appear the Chinese cyberattacks are going to end any time soon. According to news reports, Chinese computer hackers attacked the Department of Energy’s computer networks in late January 2013, penetrating 14 servers and 20 workstations. In addition, hackers routinely use malware via the Internet and from computers traceable to China to target American businesses, government agencies, news organizations and any other sources of intellectual property.
What can and should the United States do about this problem? A few suggestions follow:
1. Acknowledge that China is the main source of the cyberattacks. In his recent executive order on the subject, President Obama mentioned the problem of those seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems to steal American business trade secrets, but he did not pinpoint the main perpetrator.
2. Be willing to take strong action against foreign governments and others engaged in cyberwarfare against the United States by doing as former CIA Director Gen. Michael Hayden suggests: Go on the offense by using U.S. superior state-of-the-art cyber-offensive capabilities to destroy hacker computers during Internet intrusion attacks on U.S. government agencies and businesses.
3. Inform China during diplomatic consultations that continuing cyber-espionage and cybertheft activities against the United States could adversely affect its most favored nation trading status. This status has allowed some 300-plus American manufacturing businesses to locate in China today. This has helped China transition from an impoverished nation into the world’s third largest economy at $12.4 trillion annually and the world’s leading exporter of manufactured items.
4. Let China know that as a consequence of its nefarious cyberactivities, the United States will revisit the contentious import/export imbalance with China. In 2012, China’s exports to the United States exceeded imports from the United States by $315 billion largely due to China’s artificially devalued currency, which is designed to give China an enormous export advantage.
Despite denial by China’s Foreign Ministry that it’s involved in cyberactivities against the United States, many Americans believe China’s communist government is the main source of cyberattacks threatening American businesses and government agencies which undermine U.S. national and economic security. Accordingly, Mr. Obama should move swiftly and forcibly to take the action necessary to fully protect American interests.
Fred Gedrich is a foreign policy and national security analyst and served in the U.S. departments of State and Defense. He has served on assignment in China.