October 5, 2011
China Cyber Espionage At Intolerable Levels: Lawmakers
Lawmakers on Tuesday accused China of waging a widespread campaign of cyber espionage, saying many U.S. companies were afraid to come forward out of fear they would become targets of further attacks.
The cyber espionage was aimed at stealing some of the most important U.S. industrial secrets, said Representative Mike Rogers (R-AL), chairman of the House Intelligence Committee.
"China's economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy," Rogers said during a committee hearing on cybersecurity.
"Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop," he said.
Representative C.A. "Dutch" Ruppersberger (D-MD) concurred.
"We basically feel very strongly ... that we are being attacked in an aggressive way by China, possibly Russia, other countries," he said.
A growing list of major corporations have faced cyber attacks in recent years, including Sony, Lockheed Martin and Citigroup Inc., although it is often unclear where the attacks originated.
Last year, Internet search giant Google partially withdrew from China amid concerns of censorship and a hacking incident that it claimed originated from China.
The companies that have reported cyber attacks represent "just the tip of the iceberg,” Rogers said.
"There are more companies that have been hit that won't talk about it in the press, for fear of provoking further Chinese attacks," he said.
However, behind closed doors companies describe attacks that originate in China, he added.
While U.S. officials and firms suspect China is behind many cyber attacks, China claims it is one of the world's biggest victims of such attacks.
Testifying before the committee, former CIA Director Michael Hayden said the chances were greater that China could more quickly develop effective defenses to cyber attacks than could the United States, in part because the political environment in China is so different.
"Attributing this espionage isn't easy, but talk to any private sector cyber analyst, and they will tell you there is little doubt that this is a massive campaign being conducted by the Chinese government," Rogers said.
One witness representing a company targeted by a recent cyber attack told the committee that it must have been committed by a nation state, although he did not call out a specific country by name.
"Our conclusion, especially in our discussions with law enforcement, is that this could not have been perpetrated by anyone other than a nation state," said Arthur Coviello Jr., executive chairman of EMC Corp's RSA security division.
Kevin Mandia, chief executive officer of Mandiant, which helps companies respond to cyber attacks, told the committee that so much data was being stolen from U.S. firms that the infrastructure involved had to be significant, and that the cyber attacks were likely tolerated by a nation state.
He cited two regions that were likely involved in the attacks — Asia Pacific and Eastern Europe.
"The Eastern Europeans, generally it feels criminally motivated, it's to make money the short way. The Asia-Pacific intrusions seem to be more low and slow, very sophisticated, very persistent, harder to remediate. And we do see commonalities between those attacks," Mandia said.
At the conclusion of the hearing, Rogers told reporters that he was very concerned about plans by General Electric to have a joint venture with a Chinese aviation company, "given the (Chinese) track record" on intellectual property theft.
On the Net:
- Representative Rogers' Opening Statement at the October 4, 2011 Hearing - Cyber Threats and Ongoing Efforts to Protect the Nation