Chinese cyberattacks hit key US weapons systems. Are they still reliable?

A new report suggests that many advanced US weapons systems have been hacked, and experts say China was behind the cyberattacks. If there were a war with China, the weapons might not be reliable.

Dozens of key US weapons system designs and technologies have been compromised by Chinese hackers, creating fresh uncertainty over America’s warfighting capabilities in any future conflict in Asia, according to a defense advisory group study and defense policy experts.

The laundry list of US weapons systems whose files have been accessed during the past decade by Chinese hackers includes some of the nation’s most expensive and exotic programs. The list was contained in a confidential version of a Defense Science Board report, according to The Washington Post.

The list includes the Terminal High Altitude Area Defense missile system, the V-22 Osprey tilt-rotor aircraft, Patriot Advanced Capability-3 antimissile system, along with the Global Hawk unmanned aerial vehicle, the Aegis ballistic missile defense system, and the F-35 Joint Strike Fighter.

The long-term impact, experts say, could be to give China an edge in any confrontation as well as speeding deployment of advanced military technology that will cost it billions less to develop, defense experts say.

The unclassified version of the Defense Science Board report entitled, “Resilient Military Systems and the Advanced Cyber Threat,” which did not contain the list and barely mentions China, was released in January. But defense officials, speaking anonymously, told the Post that Chinese hackers are behind the attacks on most of the systems on the list in the restricted version.

“The Defense Science Board, a senior advisory group made up of government and civilian experts, did not accuse the Chinese of stealing the designs,” the newspaper reported. “But senior military and industry officials with knowledge of the breaches said that the vast majority were part of a widening Chinese campaign of espionage against US defense contractors and government agencies.”

Earlier this month, the Pentagon went on record with another report, this one to Congress, saying that Chinese cyberespionage of weapons systems is a key part of China’s effort to vault itself forward. That report for the first time specifically cited China’s government and military as directly responsible for cyberthefts involving US weapons systems.

“China is using its computer network exploitation capability to support intelligence collection against the US diplomatic, economic, and defense industrial base sectors that support US national defense programs,” the unusually blunt report to Congress said. “The information targeted could potentially be used to benefit China’s defense industry, high technology industries, policymaker interest in US leadership thinking on key China issues, and military planners building a picture of US network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”

The unclassified version of the Defense Science Board report cited cyber vulnerabilities in “systems that are used to support and operate those weapons or critical IT capabilities embedded within them.”

What the pair of reports, along with the emergence of the restricted list, suggests is a wholesale loss of integrity and introduction of new levels of potential vulnerability of those weapons systems to Chinese military hackers, defense policy and cybersecurity experts told the Monitor.

“All the stuff on this list is extremely sensitive – it’s like the kitchen sink,” says Kenneth Flamm, a technology expert at the Pentagon during the Clinton administration, and now an economist at the University of Texas at Austin. “It raises serious questions about whether we can rely on these systems.”

The list includes systems compromised during an ongoing Chinese cyberespionage campaign that began in late 1990s. Its first significant successes came in 2002-03 and peaked in 2007, when the hackers got into at least five federal agencies, including the Defense Department, Commerce Department, State Department, NASA, and the Energy Department, says James Lewis, a senior fellow and cybersecurity expert with the Center for Strategic and International Studies, a Washington think tank.

About that time, government officials started to get serious about cybersecurity, and the incoming Obama administration also kicked off in 2008 a strategic review of cybersecurity. Since 2009, the Pentagon’s cybersecurity has been vastly improved, Dr. Lewis says.

“A lot of these cyberthefts happened before the Obama program kicked in,” Lewis adds. “But we still can’t rest easy, because we don’t know what they got and what they did while they were inside these networks.”

Software can make up perhaps one-third of the value of weapons systems like the Patriot missile and other system, he notes. Software for other systems on the list may now need an overhaul in order to ensure their integrity, he notes.

“If they got into the software code and left something behind, we’ve got a serious problem,” he says. “How do we know? We don’t. So the answer is that we have to redo the system to be sure it isn’t compromised.”

For its part, China regularly denies cyberespionage charges – and claims it, too, is a victim. But the emergence of the list comes amid heightened tensions between the US and China over charges of rampant cyberespionage by China against US defense industry, energy systems, and other economic targets.

In discussing an April visit to China by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, Defense Secretary Chuck Hagel called cyberattacks “the greatest threat to our security – economic security, political security, diplomatic security, military security – that confronts us.”

During the visit, a top Chinese military officer, Gen. Fang Fenghui, seemed to concur, saying of cyberinsecurity that “the damaging consequences it causes may be as serious as a nuclear bomb.”