From: Sydney Morning Herald
Ellen Nakashima/Washington Post
Washington: Designs for many of the US’s most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defence industry.
Among more than two dozen major weapons systems whose designs were breached were programs critical to US missile defences and combat aircraft and ships, according to a previously undisclosed section of a confidential report prepared by the Defence Science Board for Pentagon leaders.
Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the US military advantage in a future conflict.
The Defence Science Board, a senior advisory group composed of government and civilian experts, did not accuse the Chinese of stealing the designs. But senior military and industry officials with knowledge of the breaches said the vast majority were part of a widening Chinese campaign of espionage against US defence contractors and government agencies.
The significance and extent of the targets help explain why the Obama administration has escalated its warnings to the Chinese government to stop what Washington sees as rampant cyber theft.
In March, the advisory panel warned in the public version of its report that the Pentagon is unprepared to counter a full-scale cyber conflict. The list of compromised weapons designs is contained in a confidential version, and it was provided to The Washington Post.
Some of the weapons form the backbone of the Pentagon’s regional missile defence for Asia, Europe and the Persian Gulf. The designs included those for the advanced Patriot missile system, known as PAC-3; an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defence, or THAAD; and the Navy’s Aegis ballistic missile defence system.
Also identified in the report are vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore.
Also on the list is the most expensive weapons system ever built – the F-35 Joint Strike Fighter, which is on track to cost about $US1.4 trillion ($1.45 trillion). The 2007 hack of that project was reported previously.
China, which is pursuing a long-term, comprehensive strategy to modernise its military, is investing in ways to overcome the US military advantage – and cyber espionage is seen as a key tool in that effort, the Pentagon noted this month in a report to Congress on China. For the first time, the Pentagon specifically named the Chinese government and military as the culprit behind intrusions into government and other computer systems.
As the threat from Chinese cyber espionage has grown, the administration has become more public with its concerns. In a speech in March, Thomas Donilon, the national security adviser to President Barack Obama, urged China to control its cyber activity. In its public criticism, the administration has avoided identifying the specific targets of hacking.
But US officials said several examples were raised privately with senior Chinese government representatives in a four-hour meeting a year ago. The officials, who spoke on the condition of anonymity to describe a closed meeting, said senior US defence and diplomatic officials presented the Chinese with case studies detailing the evidence of major intrusions into US companies, including defence contractors.
In addition, a recent classified National Intelligence Estimate on economic cyber espionage concluded that China was by far the most active country in stealing intellectual property from US companies.
The Chinese government insists that it does not conduct cyber espionage on US agencies or companies, and government spokesmen often complain that Beijing is a victim of US cyber attacks.
Mr Obama is expected to raise the issue when he meets with Chinese President Xi Jinping next month in California.
A spokesman for the Pentagon declined to discuss the list from the science board’s report. But the spokesman, who was not authorised to speak on the record, said in an email, “The Department of Defence has growing concerns about the global threat to economic and national security from persistent cyber intrusions aimed at the theft of intellectual property, trade secrets and commercial data, which threatens the competitive edge of US businesses like those in the Defence Industrial Base.”
The confidential list of compromised weapons system designs and technologies represents the clearest public look at what the Chinese are suspected of targeting. When the list was read to independent defence experts, they said they were shocked at the extent of the cyber espionage and the potential for compromising US defences.
“That’s staggering,” said Mark Stokes, executive director of the Project 2049 Institute, a think tank that focuses on Asia security issues. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”
The experts said the cyber theft creates three major problems. First, access to advanced US designs gives China an immediate operational edge that could be exploited in a conflict. Second, it accelerates China’s acquisition of advanced military technology and saves billions in development costs. And third, the US designs can be used to benefit China’s own defence industry. There are long-standing suspicions that China’s theft of designs for the F-35 fighter allowed Beijing to develop its version much faster.
“You’ve seen significant improvements in Chinese military capabilities through their willingness to spend, their acquisitions of advanced Russian weapons, and from their cyber espionage campaign,” said James Lewis, a cyber policy expert at the Centre for Strategic and International Studies. “Ten years ago, I used to call the PLA [People’s Liberation Army] the world’s largest open-air military museum. I can’t say that now.”
The public version of the science board report noted that such cyber espionage and cyber sabotage could impose “severe consequences for US forces engaged in combat.” Those consequences could include severed communication links critical to the operation of US forces. Data corruption could misdirect US operations. Weapons could fail to operate as intended. Planes, satellites or drones could crash, the report said.
In other words, Mr Stokes said, “If they have a better sense of a THAAD design or PAC-3 design, then that increases the potential of their ballistic missiles being able to penetrate our or our allies’ missile defences.”
Winslow Wheeler, director of the Straus Military Reform Project at the Project on Government Oversight, made a similar point. “If they got into the combat systems, it enables them to understand it to be able to jam it or otherwise disable it,” he said. “If they’ve got into the basic algorithms for the missile and how they behave, somebody better get out a clean piece of paper and start to design all over again.”
The list did not describe the extent or timing of the penetrations. Nor did it say whether the theft occurred through the computer networks of the US government, defence contractors or subcontractors.
Privately, US officials say that senior Pentagon officials are frustrated at the scale of cyber theft from defence contractors, who routinely handle sensitive classified data. The officials said concerns have been expressed by General Martin Dempsey, chairman of the Joint Chiefs of Staff, and Admiral James Winnefeld, the vice chairman, as well as General Keith Alexander, director of the National Security Agency.
“In many cases, they don’t know they’ve been hacked until the FBI comes knocking on their door,” said a senior military official who was not authorised to speak on the record. “This is billions of dollars of combat advantage for China. They’ve just saved themselves 25 years of research and development. It’s nuts.”
In an attempt to combat the problem, the Pentagon launched a pilot program two years ago to help the defence industry shore up its computer defences, allowing the companies to use classified threat data from the National Security Agency to screen their networks for malware. The Chinese began to focus on subcontractors, and now the government is in the process of expanding the sharing of threat data to more defence contractors and other industries.
An effort to change defence contracting rules to require companies to secure their networks or risk losing Pentagon business stalled last year. But the 2013 Defence Authorisation Act has a provision that requires defence contractors holding classified clearances to report intrusions into their networks and allow access to government investigators to analyse the breach.