Pentagon: China Threatened to Bankrupt Defense Contractor

Incident involving jet fighter logistics highlights aggressive Chinese cyber espionage

China G20 Obama
U.S. President Barack Obama walks past Chinese President Xi Jinping / AP
December 19, 2016

A U.S. defense contractor was threatened with bankruptcy by Chinese hackers seeking jet fighter logistics secrets, according to the Pentagon's Joint Staff.

A report earlier this month by the Joint Staff's J-2 intelligence directorate revealed that the American contractor, a company involved in classified defense work, was threatened by Chinese hackers, according to Pentagon officials familiar with the report.

The Chinese demanded access to the company's intellectual property, and said unless the company secrets were provided, China would steal the data, reverse engineer it, and then sell it internationally in a bid to force the company into bankruptcy.

The unidentified company is involved in supplying logistics support for U.S. fighter aircraft, such as parts and maintenance for fighters.

A Joint Staff spokesman declined to comment.

Other details of the Chinese cyber industrial espionage were not disclosed, but officials said the incident is an example of a new kind of bold cyber espionage that has been underway for years, involving China targeting U.S. companies such as defense contractors, manufacturers, and high-technology firms.

A Pentagon official said the defense contractor case suggests China likely is conducting similar threatening activities against U.S. companies beyond the defense industry.

"What if they're doing that to the rest of our industry?" the official said. "The Chinese are likely to tell U.S. manufacturing entities either share your stuff with us we'll reverse engineer it and bankrupt you."

President Obama referred to Chinese cyber espionage at a year-end press conference Friday when he discussed Russian hacking against U.S. political entities.

"The Chinese have in the past engaged in cyber attacks directed at our companies to steal trade secrets and proprietary technology," Obama said, noting he raised the issue with Chinese leader Xi Jinping.

"And what we've seen is some evidence that they have reduced but not completely eliminated these activities, partly because they can use cutouts," Obama said.

"One of the problems with the internet and cyber issues is there's not always a return address, and by the time you catch up to it, you know, attributing what happened to a particular government can be difficult, not always provable in court, even though our intelligence communities can make an assessment," he added.

China has engaged in massive cyber theft of U.S. intellectual property over the past decade, stealing secrets on U.S. jet fighters and bombers and valuable information on logistics from the U.S. Transportation Command.

A report by a congressional commission on China made public last month said China gained military benefits from industrial and cyber espionage carried out by its intelligence services.

"In recent years, Chinese agents have extracted data on some of the most advanced weapons and weapons systems in the U.S. arsenal, such as jet fighters and unmanned submersible vehicles," states the annual report of the US-China Economic and Security Review Commission, released on Nov. 16.

"The loss of these and other sensitive defense technologies undermines U.S. military superiority by accelerating China’s military modernization and giving China insight into the capabilities and operation of U.S. weapons and weapons systems," the report added.

Disclosure of the cyber espionage threat comes as U.S.-China relations remain tense. Last week, a Chinese warship stole a U.S. underwater drone from a Navy survey vessel conducting undersea monitoring in the South China Sea.

The Pentagon demanded that the drone, a commercial unpowered glider, be returned. China has said it will return the glider but warned the United States not to conduct further research.

The incident took place north of the Philippines' Subic Bay in international waters.

The Chinese attempt to obtain sensitive data from a U.S. defense contractor cyber espionage incident may involve Lockheed Martin's computer logistics system used on the new F-35 joint strike fighter.

The F-35's computerized logistics system produces and disseminates digitally extensive data on the stealth fighter's functions, maintenance needs, avionics, engine systems and other functions, such as pilot and technician training, scheduling, technical data, and need for replacement parts.

The Autonomic Logistics Information System, or ALIS, "integrates a broad range of capabilities including operations, maintenance, prognostics, supply chain, customer support services, training and technical data," according to the jet manufacturer Lockheed Martin.

"A single, secure information environment provides users with up-to-date information on any of these areas using web-enabled applications on a distributed network," the company said.

A Lockheed Martin spokesman would not say whether China had attempted to hack the F-35 jet program, but said both the company and the U.S. government are working to safeguard the F-35 against "the continually evolving cyber threat."

"Cyber testing is a robustly resourced and recurring activity that is foundational to the program's development," Michael Rein, the spokesman, said. "We constantly work with various agencies and experts to ensure survivability in a cyber-threat environment."

F-35 security officials have conducted some 2,000 cyber tests against all aspects of the jet program, including logistical support systems, air vehicles, training systems, mission software, and reprogramming laboratories. Some 300 tests were conduct this year.

The ALIS has been a major problem for the troubled F-35, according to the program chief. "It's the thing that worries me most," Air Force Lt. Gen. Chris Bogdan told Reuters in 2015. "We're on a full court press with ALIS."

The system is integrated into the aircraft's on-board computers and is designed to reduce operating costs and improve efficiency.

Securing the F-35's critical networked components is a key priority, according to Air Force Chief Information Security Officer Peter Kim.

"We need to focus on cyber defense and cyber security beyond what we have traditionally done," Kim told a conference on Tuesday. "Threats are changing, and this is not the environment we grew up in. How do we approach the domain of cyberspace beyond what we are thinking about with IT?" His comments were reported by Defense Systems.

Kim identified three key computer-based systems on the F-35 that need to be protected from cyber attack: the ALIS, the Distributed Aperture System that provides pilots with a 360-degree view of the battle area, and the Electro-Optical Targeting System.

"How do we start building in resiliency? When something touches a weapons system, it will touch a network," Kim said.

Bogdan, the F-35 program chief, said the ALIS system will be needed as U.S. allies, including Japan and Israel, begin fielding F-35s. "It's really hard and it's not working right," he said of the logistics system.

The system has produced faulty messages on the lifespan of key parts, such as landing gear.

A report by the Defense Science Board warned that foreign hackers like China are conducting devastating attacks on both government and contractor networks.

"The adversary is in our networks," the 2013 report said. "The DoD, and its contractor base are high priority targets that have sustained staggering losses of system design information incorporating years of combat knowledge and experience."

"Employing reverse engineering techniques, adversaries can exploit weapon system technical plans for their benefit," the report noted.

More significantly, foreign state hackers have "gained insight to operational concepts and system use (e.g., which processes are automated and which are person controlled) developed from decades of U.S. operational and developmental experience—the type of information that cannot simply be recreated in a laboratory or factory environment."

Such data "provides tremendous benefit to an adversary, shortening time for development of countermeasures by years."

The Joint Staff report on the Chinese threat to the defense contractor indicates that a U.S. counterintelligence program designed to protect American businesses from foreign state cyber attacks is not working.

William Evanina, a senior U.S. counterintelligence official who heads the National Counterintelligence and Security Center, told reporters in August that U.S. intelligence would provide information to American companies to reduce foreign hacking.

"You’d be shocked to find out how many people really don’t know where their stuff comes from," Evanina told Bloomberg News. "The supply chain threat is one that’s the least talked about but is the easiest to manipulate for all aspects of our daily lives."

Evanina said China has stolen secrets from U.S. government agencies and private companies in seeking competitive advantage while Moscow wants to subvert U.S. supply chains with defective parts that could disrupt military capabilities.

"Oftentimes we get lost in putting the fire out," he said. "At the end of the day, to stop the fire we have to find out who’s lighting it."

Published under: Cyber Security