Yesterday, the Armed Services Committee of the U.S. Senate (SASC) made public the results of its investigation into hacking activities targeting U.S. military contractors. The report, titled “Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors,” found that hackers sponsored by the Chinese government successfully accessed contractors’ computer systems “at least 20 times in a single year.” The total number of “cyber events” noted between June 1, 2012 and May 30, 2013 was around 50. Of the 20 successfully cyber intrusions, the report said that “all were attributed to China.”
The SASC report focused its investigation into cyber attacks on the U.S. Transportation Command, or Transcom, which (as the name implies) is responsible for the transportation of both troops and military supplies. According to the report, SASC chose to focus its investigation on Transcom “because of the central role that the command plays in mobilization, deployment, and sustainment operations and the critical capabilities that private companies contribute to Transcom’s ability to meet military requirements in contingencies.” In other words, Transcom is both vital to the military and uniquely vulnerable because of its reliance on private companies.
Private contractors, particularly those not involved in weapons-building projects, are far more vulnerable to cyber attacks than Pentagon networks. At the same time, Transcom is highly reliant on these civilian companies to carry out its mission. The report noted that commercial airlines carry more than 90 percent of U.S. troops and over one-third of military bulk cargo. Given these two facts, Transcom contractors make an attractive target for cyberattacks aimed at gathering information about or developing capabilities against the U.S. military. The unclassified version of the SASC report did not contain the names of any of the affected contractors.
SASC was particularly concerned that, of the 20 successful attacks, Transcom itself was only aware of two. The report blamed this on “gaps in reporting requirements and a lack of information sharing among government entities.” For example, contractors did not always understand what type of cyber intrusions should be reported to Transcom. Other U.S. government agencies, including the FBI and the Department of Defense itself, were also guilty of not informing Transcom about cyber intrusions they were investigating — in part because these agencies sometimes did not know the private companies involved were Transcom contractors. The communications gap prevented Transcom from adjusting to cyber vulnerabilities.
Ultimately, the report concluded that “cyber intrusions by foreign countries into the computer networks of U.S. Transportation Command contractors pose a threat to U.S. military operations.” Since China was the only country identified as sponsoring these attacks, the report focused particularly on how Beijing might make use of the information gained through cyber intrusions. The report notes that China’s military has “identified logistics and mobilization as potential U.S. vulnerabilities.” The idea is that, in a military contingency, China could disrupt or prevent the movement of U.S. troops and supplies through detailed knowledge of and access to Transcom’s logistical networks. The cyber attacks compromised user passwords, email account credentials, and documents containing flight details and other logistical information. In one case, hackers able to successfully access several systems on a commercial ship contracted by Transcom.
In a statement accompanying the report’s release, Senator Carl Levin (D-MI), SASC’s chairman, denounced the “peacetime intrusions into the networks of key defense contractors” as “more evidence of China’s aggressive actions in cyberspace.” The U.S. government (including the military) is increasingly public about its concerns over alleged Chinese hacking attempts. Earlier this year, the Department of Justice indicted five PLA officers for cyber espionage in what was apparently an attempt to publicly shame the Chinese government for its hacking activities.
China consistently denies participating in any form of hacking. In response to a question about the SASC report, Foreign Ministry spokesperson Hong Lei said, “The Chinese government and military by no means support any hacking activities. [The] relevant accusation by the U.S. is totally groundless and untenable.” Xinhua also took care to point out that there was no “detailed evidence” in the report linking the attacks to China.
Hong also moved to counterattack the U.S.: “The Chinese side urges the American side to stop irresponsible attacks and finger pointing against China, stop large scale and systematic cyber attacks against other countries and do more to uphold peace and security of the cyber space.” Since the Snowden leaks revealed the extent of U.S. cyber espionage, Beijing has labeled the U.S. as the world’s largest hacker.