Defense

China indictments spotlight military's vulnerability

iStockPhoto / FCW

The Justice Department’s indictment this week of five Chinese military officials on cyber espionage charges raised the specter of China’s alleged ongoing efforts to steal intellectual property from the U.S. military.

The hacking alleged in the indictment did not surprise defense-industry cyber experts interviewed by FCW. China’s targeting of American military know-how is no secret. Nor was the Pentagon caught off guard, according to a spokesperson, who said the department had advance notice of the indictment.

How prepared the defense industry is for such cyber espionage in the long run will depend, at least in part, on an information-sharing framework between government and contractors that participants say has improved in recent years.

A confidential 2013 Defense Department report cited by the Washington Post said Chinese spies had hacked designs for some of the United States’ most advanced weapons systems. The public version of that report by the Pentagon’s Defense Science Board named China and Russia as nation-states capable of penetrating well-defended systems and willing to try “lower-tier exploits first before exposing their most advanced capabilities.” 

The Chinese military engages in cyber operations that range in sophistication from the very basic to complex coding that targets American drones and strike fighters, said Tony Cole, vice president and global government CTO at FireEye, a network security firm.

Defending against those more advanced threats is complicated by the IT embedded in weapons systems. DOD has admitted that it has work to do to shore up such IT-enabled vulnerabilities.

“While DOD takes great care to secure the use and operation of the ‘hardware’ of its weapon systems, the same level of resource and attention is not spent on the complex network of information technology (IT) systems that are used to support and operate those weapons or critical IT capabilities embedded within them,” the 2013 DOD report concluded.

The department’s “dependence on this vulnerable technology is a magnet to U.S. opponents,” and DOD’s efforts to address the problem were “fragmented,” the report said. 

A senior DOD official expressed similar concerns at an industry event last month. “Employing reverse engineering techniques, adversaries can exploit weapon-system technical plans for their own benefit. Perhaps even more significant, they have gained insight into operational concepts and system use, developed from decades of U.S. operational and developmental experience,” the official said.

The cybersecurity posture of U.S. allies also affects that of Washington, according to Cole.

China is “not stealing just from us. If we have new technology that we’re developing, many times we’re sharing that very closely with our allies,” he said. China’s cyber spies also have in their crosshairs Great Britain and, in their own neighborhood, South Korea and Japan, he said.

But Cole said that this added vulnerability should not make Washington less willing to share its military capabilities with allies.

“I think we just need to actually have wider awareness of the risk, across the board, to other governments that we share technology with, as well as their integrator community that supports them,” he argued.

The Defense Industrial Base Cybersecurity Information Assurance program is one of government and industry’s main information-sharing mechanisms for warding off cyber espionage. Defense officials have lauded it for improving trust between government and contractors in sharing threats.

Cole was optimistic about the ability of programs like DIB CS/IA to cope with China’s state-sponsored hacking. If “somebody goes after a new jet that we’re building, maybe they get wing design and that’s all they get, because we catch it, we find out, we stop it, and they only get a component of it, versus pulling down a terabyte of data and they have the entire design,” he said.  

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group