President Obama will raise the issue of cybersecurity with President Xi Jinping during a U.S.-Sino meeting next week in California that follows a series of Chinese attacks on the U.S. that have raised tensions between the two countries.
White House and Pentagon officials on Tuesday sought to downplay one of the most serious attacks — a report that Chinese hackers successfully accessed sensitive blueprints of critical U.S. weapons systems.
“Suggestions that cyber intrusions have somehow led to the erosion of our capabilities or technological edge are incorrect,” Pentagon press secretary George Little said in a statement. He also added that the defense agency has “full confidence” in its weapons platforms.
Experts, however, said the hack offered a “disturbing” glimpse into China’s ability to take advantage of vulnerabilities in U.S. computer systems.
“It’s deeply disturbing. Saying this stuff happens isn’t any less disturbing,” said David Fagan, an attorney who works on cybersecurity issues for Covington & Burling in Washington. “I think the difference is in a networked world [hackers] are able to be successful more frequently than some of our enemies in other times were.”
The Washington Post first reported about the secret Defense Science Board report. It said Chinese hackers had accessed designs for more than two dozen critical weapons systems, including the V-22 Osprey and the F/A-18 and F-22 fighter jets.
While reports of Chinese hacker attacks have become more common over the past year, the Defense Science Board’s findings stand out because the list of weapons systems designs that were accessed “just went on and on,” said Alan Paller, research director at the SANS Institute.
“It’s not that we’re shocked that this kind of thing could happen, it’s that the number of things that were stolen is enormous,” Paller said. “That’s what makes it bad news.”
Paller said the findings in the confidential report suggest that defense contractors do not have adequate cybersecurity measures in place to protect designs of weapons systems. He said the Pentagon’s response is an attempt to put on a strong face in light of an article by The Washington Post.
“In this case they’re trying to appear to be in control and they’re not and they can’t be because they don’t have the [defense] contractors with the skills to do the basics,” Paller said.
The Post said the Defense Science Board report did not specify whether the hackers accessed the weapons systems data from the computer networks of the U.S. government, contractors or subcontractors.
In discussing the issue Tuesday on Air Force One, White House press secretary Jay Carney took a cautious tone.
He called cybersecurity a “key priority” for the administration, and noted that Tom Donilon, the president’s national security adviser, discussed cybersecurity during recent meetings in China.
“It is an issue that we raise at every level in our meetings with our Chinese counterparts and I’m sure will be a topic of discussion when the president meets with President Xi in California in early June,” Carney said.
The administration has shifted its response to Chinese hacking attacks in recent months, adopting a sharper tone amid the release of several reports that highlight China’s aggressive actions.
In a speech this spring, the White House’s Donilon called on China to acknowledge “the urgency and scope” of the hacking problem. He also urged China to take “serious steps” to clamp down on the hacker attacks.
The Pentagon earlier this month made waves when it directly accused the Chinese government and military of cracking into U.S. government computer systems to steal intelligence about industrial base sectors that support defense programs. It was the first time the Pentagon had publicly attributed attacks on government computer systems to the Chinese government.
In the report, the Pentagon noted that China’s cyber-spying capabilities are a serious cause for concern because “the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks.” It also accused China of leveraging its “network of government-affiliated companies and research institutes” to obtain classified and unclassified details about the defense agency’s top weapons programs.
The administration was initially reluctant to publicly call out China when discussing cyberattacks against U.S. companies and the government that had originated within its borders.
The change in the administration’s strategy could be triggered by the increasing number of reports about cyberattacks launched by Chinese hackers.
A report released by security firm Mandiant earlier this year found that an elite military unit of Chinese hackers had hacked into more than 100 American companies.
This year The New York Times and The Wall Street Journal have also come forward about cyberattacks on their computer systems, which they said stemmed from China.
“Rather than just talking about it through diplomatic channels privately, we’re really starting to call them out,” Fagan said. “It remains to be seen whether it works.”
Fagan also noted that the U.S. has a tricky balance to maintain in its relationship with China, and described the elements of the diplomatic relationship as unprecedented.
“We’ve never had a relationship before where ... there’s a tremendous amount of interest on both sides on having economic ties and it’s also the largest military rivalry in the world,” Fagan said. “There hasn’t been a circumstance in the modern world, in U.S. history, where we’ve had this kind of relationship.”