DNI: China Continues Cyber Espionage

Clapper calls Beijing cyber theft ‘hemorrhage’

Former director of national intelligence James Clapper / AP
February 9, 2016

China is continuing to conduct cyber espionage operations against the United States, and Beijing’s commitment to a U.S.-China cyber agreement is questionable, the director of national intelligence told Congress on Tuesday.

"China continues cyber espionage against the United States," James Clapper, the director, testified during an annual threat briefing to the Senate Armed Services Committee.

"Whether China's commitment of last September moderates its economic espionage remains to be seen," he added.

Clapper identified potential cyber attacks against critical infrastructure and advancing cyber warfare capabilities in nations such as China, Russia, North Korea and Iran as the among the most serious U.S. national security threats.

"China continues to have success in cyber espionage against the U.S. government, our allies, and U.S. companies," Clapper said in a prepared statement.

Intelligence agencies are monitoring Beijing’s compliance with a September agreement not to conduct commercial cyber espionage. However, Clapper stated that since the agreement, private sector cyber security analysts "identified limited ongoing cyber activity from China but have not verified state sponsorship or the use of exfiltrated data for commercial gain."

Clapper sidestepped policy questions about what to do about large-scale Chinese cyber attacks. The role of U.S. intelligence agencies, he said, is to inform national leaders of the problem and suggest ways to stop cyber attacks.

China last year was linked to the large-scale theft of some 80 million Americans’ health care records, and also was blamed for pilfering sensitive personal data on 22 million federal workers during cyber attacks on Office of Personnel Management networks. The Obama administration took no action against China for the attacks.

Instead, President Obama in September concluded the informal agreement during a summit with Chinese leader Xi Jinping to end cyber economic espionage—despite the fact that analysts say most Chinese cyber espionage is carried out by government or military hackers who share the stolen data with state-run companies.

"It’s our responsibility to ensure that our policymakers and particularly the Department of Defense are aware of this hemorrhage, if you will, of technological information that the Chinese purloined," Clapper said.

Clapper said foreign hackers "remain undeterred from conducting reconnaissance, espionage, and even attacks in cyberspace because of the relatively low costs of entry, the perceived payoff, and the lack of significant consequences."

On terrorism, Clapper testified that Islamist terrorism is expanding, led by ISIS.

Five years after President Obama, during his reelection campaign, announced that the al Qaeda terrorist group was "on the run," Clapper called the al Qaeda offshoot "the preeminent terrorist threat" that is expanding from Iraq and Syria, most notably in Libya.

"Violent extremists are operationally active in about 40 countries, seven countries are experiencing a collapse of central government authority, 14 others face regime-threatening or violent instability or both," Clapper said. "Another 59 countries face a significant risk of instability through 2016."

More than 36,500 foreign fighters, among them some 6,600 westerners, from more than 100 countries have traveled to Syria since 2012 to join ISIS.

The influx of migrants in Europe—more than 1 million to date—has included ISIS terrorists, he said, and the number of immigrants is expected to increase by another 1.5 million in 2016.

Key threats outlined during the annual intelligence threat briefing included:

  • Iran remains the "foremost state sponsor of terrorism" despite agreeing to a nuclear accord aimed at limiting Tehran’s nuclear arms program
  • Russian military intervention in Syria has bolstered the regime of Syrian leader Bashar al-Assad
  • North Korea’s continuing development of nuclear arms and missiles capable of reaching the United States
  • Russia’s nuclear force expansion and violation of the 1987 Intermediate-range Nuclear Forces Treaty
  • Moscow’s build-up military forces in a bid to control the resource-rich Arctic region
  • Threats to space systems from China, Russia, and others are increasing with the development of space weapons and anti-satellite capabilities
  • Plunging world oil prices threaten the regime of Russian President Vladimir Putin, which is using repressive tactics to prevent mass anti-government protests
  • China is threatening international waterways by building up military facilities on disputed islands in the South China Sea
  • Russia and China are engaged in threatening intelligence operations in the United States, with Iran and Cuba lesser spy threats
  • Islamist insurgents in Afghanistan have expanded influence in rural parts of the country

Defense Intelligence Agency Director Lt. Gen. Vincent R. Stewart agreed with Clapper on Russia and Chinese cyber attacks.

"These actors target [Defense Department] personnel, networks, supply chain, research and development, and critical structural information in cyber domain," said Stewart, who testified with Clapper.

Stewart said Islamic State terrorism remains one of the most serious national security threats.

"As the Paris attacks demonstrated, ISIL has become the most significant terrorist threat to the United States and our allies," said Stewart, using an alternative acronym for ISIS.

North Korea remains a serious threat because Pyongyang is working on long-range, nuclear-armed missiles that can strike the United States, Clapper said.

The North Koreans have claimed their May 2015 test of a submarine-launched ballistic missile was successful, and paraded a new road-mobile KN-08 long-range missile that is in the initial stages of deployment without having been flight-tested, Clapper said.

A relatively new threat identified by Clapper is foreign laboratories engaged in "genome editing" with the potential to create harmful biological agents or products.

Laboratory-modified cells relevant to reproduction also could produce "inheritable genetic changes," Clapper stated.

On cyber threats, Clapper said China and Russia have the most sophisticated cyber programs, with North Korea and Iran enhancing their cyber attack capabilities.

Emerging technology including the so-called Internet of Things—smart devices linked to the electric grid—and artificial intelligence could produce new vulnerabilities to cyber attacks in the civilian infrastructure and U.S. government networks, Clapper said.

"Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decision making, reduce trust in systems, or cause adverse physical effects," he said in prepared testimony.

Russia and China also will use clandestine data manipulation to "influence public discourse and create confusion," he added.

Digital vulnerabilities of key infrastructures also are being targeted by foreign government hackers.

"Moscow and Beijing, among others, view offensive cyber capabilities as an important geostrategic tool and will almost certainly continue developing them while simultaneously discussing normative frameworks to restrict such use," Clapper said.

ISIS also is using the Internet to recruit terrorists and spread propaganda. "As a non-state actor, ISIL displays unprecedented online proficiency," Clapper said, using another acronym for the group.

The terror group has eight branches and is setting up more, and its terrorists remain determined to attack the United States and conduct additional attacks in Europe.

ISIS fighters also have developed chemical weapons and used them during fighting in Syria.

Clapper warned that China and Russia are returning to hostile postures against the United States and its allies.

"Emerging trends suggest that geopolitical competition among the major powers is increasing in ways that challenge international norms and institutions," Clapper said. "Russia, in particular, but also China seek greater influence over their respective neighboring regions and want the United States to refrain from actions they perceive as interfering with their interests—which will perpetuate the ongoing geopolitical and security competition around the peripheries of Russia and China, to include the major sea lanes."

On cyber security, Stewart said the military needs clear policy guidance for dealing with cyber attacks and developing a strategy to deter cyber strikes on computer networks.

"I think it would be extremely helpful to have clear definitions of what constitutes cyber events versus acts of war," Stewart said.

Cyber incidents range from attacks designed to cripple systems to pre-strike reconnaissance of networks to cyber espionage.

"But the reaction always is, whether it's an adversary doing reconnaissance, an adversary trying to conduct [human intelligence] operations in this domain, we define it as an attack, and I don't think that's terribly helpful," Stewart said, noting that a better definition is needed for a "catastrophic" attacks that would be an act of war.

A policy for when offensive cyber attacks might be used to deter adversaries still needs to be developed, Stewart said.

"I'm not sure we're there, yet," he said of cyber deterrence capabilities.

Committee Chairman Sen. John McCain (R., Ariz.) voiced frustration at the lack of coherent policy on cyber conflict.

"Wouldn't it be a good idea, a policy, general?" he asked Stewart. "As I understand it, we have no policy as to whether we should deter, whether we should respond, [and] if so, how? Wouldn't it be good if we had a policy?"

"Mr. Chairman, I always find it good to have a policy that guides the things that I can do as a military officer," the three-star Marine Corps general said.

Published under: China , Cyber Security