Fresh concerns over Chinese espionage are gripping Washington as lawmakers fear Beijing is gaining sensitive details on U.S. technologies.Lawmakers are scrutinizing the Pentagon over its efforts to keep military secrets safe from hackers, after Chinese actors allegedly breached a Navy contractor’s computer and collected data on submarine technology. U.S. officials stepped up warnings that China regularly steals American intellectual property and technology, through cyberattacks and other means — allegations Beijing denies.
The issue took center stage at a congressional hearing Thursday, as lawmakers on the House Armed Services Committee pressed Trump administration officials on their efforts to protect U.S. military assets from Chinese spies. The Washington Post reported earlier this month that hackers linked to the Chinese government had penetrated computers used by a contractor working for the Naval Undersea Warfare Center in January and February. The hackers stole over 600 gigabytes of data, including information on a secret submarine technology project.
Rep. Adam Smith (D-Wash.), the ranking member of the Armed Services Committee, did not explicitly reference the incident, but noted a recent briefing on a cyber breach had left him concerned about the military’s protections against foreign-aligned hackers.
“It was shocking how disorganized, unprepared and quite frankly utterly clueless the branch of the military was that had been breached,” Smith said. “Even in this day and age, we haven’t figured out how to put together a cyber policy to protect our assets, in particular with our defense contractors we work with who store our data but not with adequate protection.”
Rep. Jim Langevin (D-R.I.), a member of the committee, confirmed to The Hill after the hearing that lawmakers had been briefed on the incident, but declined to offer further details.
“The Armed Services Committee is engaged and we are meeting with [the Defense Department] to understand who was breached and what was taken,” Langevin said. He agreed that the government is not adequately addressing threats to the military supply chain.
“I’m going to be pressing to make sure that we rework and redo our contracting authority to require stronger cybersecurity protections,” he added.
The concerns over Chinese espionage are not limited to military technology.
Last Tuesday, a bipartisan group of lawmakers led by Sen. Marco Rubio (R-Fla.) and Rep. Jim Banks (R-Ind.) asked Education Secretary Betsy DeVos to investigate research partnerships between Chinese telecommunications giant Huawei and U.S.-based universities. They suggested the partnerships could provide Beijing an avenue for stealing technologies being developed in America, posing a threat to national security. Huawei declined to comment on the letter Friday.
Officials and lawmakers are trying to address the scope of the problem. At the hearing Thursday, officials described a multifaceted effort by China to acquire information on U.S. technologies, particularly those developed for the government and military. It includes the pursuit of research partnerships with academic institutions and government laboratories, in addition to cyber espionage campaigns that target defense contractors and IT and communications providers, they said.
Kari Bingen, the principal deputy under secretary of Defense for intelligence, told lawmakers that the Pentagon is implementing a “more comprehensive approach” to protecting sensitive information held by defense contractors, as well as unclassified but still valuable information held by the American defense industrial base. Bingen declined to go into specific details in the public, unclassified hearing. But she did say the federal government needs to take a more aggressive approach to protecting sensitive information and deterring would-be hackers.
“There is a deep concern with [the] cyber data exfiltration issue, and it’s one that the Chinese in particular are targeting,” Bingen said.
“We are playing defense right now, particularly in the cyber domain, and we need to be playing offense.”
Security professionals observed a considerable decline in Chinese cyber espionage targeting U.S. businesses after a 2015 agreement between then-President Obama and Chinese President Xi Jinping to stop supporting cyber-enabled intellectual property theft against the other country’s businesses.However, some cyber experts say that Chinese actors continued to target defense contractors to gain intelligence on military technology.
New research from cybersecurity firm Symantec suggests that Chinese cyber activity against U.S. targets could be picking up overall. The company revealed Tuesday that a previously unidentified Chinese cyber espionage group had breached satellite communications, telecommunications firms and geospatial imaging, as well as a defense contractor in the United States.
The company believes the hacks took place between November 2017 and early May of this year. They represent the first instance of the hacking group targeting U.S. organizations since 2015. Symantec has been tracking the group internally since 2013.
“This was an aggressive campaign,” said Jon DiMaggio, senior threat intelligence analyst at Symantec who led the research.
The hackers focused on the operational systems of the targets, suggesting they were interested in gaining intelligence on how the satellite systems work or monitoring or changing their data flow. DiMaggio also said the hackers could have sought access to the systems to potentially disrupt them if they wanted.
“Whether this is going to signify that there is this increase in those China-U.S. attacks, time will have to tell,” said DiMaggio. “But it was unexpected.”
The Symantec research, however, did not specifically link that activity to the Chinese government.
Asked about the research Thursday by an Armed Services lawmaker, Michael Griffin, undersecretary for research and engineering at the Pentagon, declined to comment but said such activity would concern him.
“That is a topic that I really do not want to discuss in a public setting. Broadly, your comment taken on its face is very concerning. It’s for me very concerning to have read about it in the papers,” Griffin told Rep. Doug Lamborn (R-Colo.).
“I’d welcome the opportunity to discuss this stuff in a more closed setting,” he added.
Espionage fears are also at play in the controversy over Chinese telecom firm ZTE, which is pitting the administration against Congress. Many argue that Huawei, ZTE and other Chinese firms could provide a means for Beijing to conduct spying on U.S. targets. The Commerce Department in April banned U.S. companies from doing business with ZTE, citing allegations the company violated Iran sanctions laws this year. The ban almost led to the company closing its doors before President Trump, locked in tense trade negotiations with China, backed a deal to keep ZTE alive. But lawmakers, who see ZTE as a national security threat, are seeking to block the administration from allowing the company to resume business with U.S. firms. On Monday, the Senate passed an annual defense policy bill that includes language keeping the penalties on ZTE in place. The administration, though, has vowed to try and remove that language from the final bill.