Hackers from the Chinese military have repeatedly penetrated key computer networks for the Pentagon, potentially compromising US military operations, warns a newly declassified Senate investigation.
One year in the making, the bipartisan report, released Wednesday, focused on the “sophisticated” cyberincursions into the computer systems of contractors for US Transportation Command.
While TRANSCOM is one of the lesser-known and seemingly less-captivating commands, it is integral to the mobilization and deployment of US military forces and plays a crucial role in the military’s response to crises around the world.
“What we found is very disturbing,” Sen. Carl Levin (D) of Michigan and chairman of the Senate Armed Services Committee, said Wednesday in a briefing with reporters.
In a 12-month period beginning in June 2012, there were at least 20 sophisticated cyberincursions into contractor systems, all of which “originated with the Chinese government,” Senator Levin said, adding that the Chinese military stole documents, flight details, and passwords from encrypted e-mails.
These cyberattacks have the “potential to impact military operations,” since the private sector plays “a crucial role” in US military force mobilization and deployment, according to the report.
Roughly 90 percent of the Pentagon’s ability to transport troops, for example, and more than one-third of its bulk cargo capability are supplied by private airlines, which are particularly vulnerable to these attacks.
This is in large part because the “overwhelming majority” of Defense Department deployment and distribution records – more than 90 percent – are kept on unclassified computer systems.
While that news is “bad enough,” Levin said that a second key finding of the investigation “is, frankly, just as disturbing.”
This is the realization that the vast majority of cyberattacks simply aren’t being reported by the government contractors. In the rare event they are, that news “isn’t getting to where it needs to go in order to protect the security of US military operations,” he said.
The report found that of 20 major security breaches into the computer systems of contractors investigated by Senate staffers, TRANSCOM was made aware of only two and “was in the dark about the vast majority of intrusions.”
The problem is that there is not a clear mechanism for the private sector to report these intrusions, said Sen. James Inhofe (R) of Oklahoma and the ranking member of the Senate Armed Services Committee, at the briefing with reporters.
New bipartisan measures sponsored by both senators will create a “clearinghouse” for private contractors to report these computer incursions, which will relieve contractors “of some of the responsibility for inadvertently not reporting [cyberattacks] when they should be reported,” Senator Inhofe noted. “These are serious offenses.”
Director of National Intelligence James Clapper recently warned that cybertheft “is almost certainly allowing our adversaries to close the technological gap between our respective militaries.”
What’s more, the report warns, US officials who study Chinese military planning have raised the alarm that China could use cyberattacks to keep US troops from deploying during a vital operation – by using cyberincursions to corrupt information that relates to supplies or troop convoys, for example.
The problem, Levin said – paraphrasing recent remarks from Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff – is that “we can’t stop a cyberattack unless we see it.”