China’s strengthening cyber capabilities will complicate U.S. efforts to defend itself against industrial espionage and possible military confrontations in places such as Taiwan, according to a new congressional report released on Thursday.
The report was written by defense contractor Northrop Grumman for the U.S.-China Economic and Security Review Commission, which was set up by Congress in 2000.
It paints a grim picture for the U.S., whose defense and high-tech companies including Google have been successfully breached by suspected China-based hackers.
The U.S. faces risks from attackers who seek to infiltrate the supply chains for electronics such as chips or integrated circuits, which could be modified to intentionally fail, the report said.
“The supply chain for microelectronics and telecommunications-related hardware in particular is extremely diffuse, complex, and globally dispersed, making it difficult for U.S. firms to verify the trust and authenticity of the electronic equipment they purchase,” it said.
At particular risk is the telecommunications industry, the report said. Equipment could be modified by an adversary in order to gain covert access, monitor systems. False instructions could be planted to cause “destruction of the targeted system,” it said.
In 2010, Iran was targeted by a malicious software program called Stuxnet that caused industrial control equipment made by Siemens fail, interrupting the country’s uranium enrichment machinery.
The U.S. has already been battling with counterfeit equipment coming from China. The report said infiltration of hardware resellers and distributors “continue to pose significant law enforcement and counterintelligence challenges to the United States.”
“By providing counterfeit hardware that already contains the Trojanized access built into the firmware or software, a foreign intelligence service or similarly sophisticated attacker has a greater chance of successfully penetrating these downstream supply chains,” it said.
Within China’s military, the report said the People’s Liberation Army (PLA) has a broad framework called “information confrontation” that appears to wrap computer network operations together with electronic warfare, psychological operations and deception.
“PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively,” the report reads.
The difficulty the U.S. faces with electronic warfare is that aggressive cyber acts are difficult to attribute, which complicates a response. China has developed strong capabilities to disrupt the U.S. military’s electronic command-and-control systems, known as C4ISR infrastructure, which could hamper a quick response to a crisis in, for example, Taiwan.
“Chinese commanders may elect to use deep access to critical U.S. networks carrying logistics and command and control data to collect highly valuable real time intelligence or to corrupt, the data without destroying the networks or hardware,” the report said.
China also invests heavily at an academic level: At least 50 universities that do information security research received grants from national technology grant programs, supporting the country’s broad goals to be an information technology power.
Send news tips and comments to firstname.lastname@example.org