Could the United States be under attack from China without Americans even really knowing it?
Last week, Republican Reps. Frank R. Wolf of Virginia and Christopher H. Smith of New Jersey announced that Chinese hackers had attacked their office computers. Mr. Wolf and Mr. Smith, very public critics of China's human rights record, noted that it was likely that in 2006, the hackers sought to steal information about Chinese dissidents and refugees who had sought assistance from members of Congress.
Skeptics have suggested that the politicians' announcement was most likely intended as good old-fashioned China-bashing. After all, the details of the incident were "old news" to the U.S. national security community. And even the casual observer of American politics knows that China is often the target of unwarranted populist attacks on Capitol Hill.
But stripped of politics, the Chinese attack still illustrates a significant national security threat that the United States must address. The incident on the Hill wasn't the first - and certainly won't be the last - Chinese cyber attack on the United States.
America is under silent, but significant, attack. A recent report found that in 2007, the Department of Homeland Security logged 12,986 direct cyber assaults on federal agencies and more than 80,000 attacks on Defense Department computer systems. The Pentagon declared in a House Intelligence Committee hearing in May that its systems are scanned or attacked more than 300 million times per day.
Gen. James Cartwright, the former commander of the military organization responsible for cyber warfare, told Congress in 2007 that "America is under widespread attack in cyberspace" and warned that a "cyber attack could, in fact, be in the magnitude of a weapon of mass destruction."
The cyber threat extends to well beyond the federal government. Many experts believe, for example, that the primary mission of Chinese cyber warriors is to steal America's most valuable intellectual property and economic secrets. The chief of America's counterintelligence efforts recently told a leading journal that "if you travel abroad and are the director of research or the chief executive of a large company, you're a target."
Identifying the exact perpetrators of cyber attacks is difficult. Unlike missiles, or even terrorists, security and intelligence experts may never be able to pin down the "launch pad" from which an attack derived. In response to the recent accusations from Capitol Hill, Chinese Foreign Ministry spokesman Qin Gang simply said, "Is there any evidence? ... Do we have such advanced technology?"
But the evidence that the Chinese government built and operates an effective cyber warfare capability is convincing.
According to Richard Lawless, deputy undersecretary of defense for Asia-Pacific affairs, the Chinese have developed a capability to attack, degrade and penetrate U.S. computer networks, with the capacity to shut down critical systems at crucial times.
Cyber warfare units in the Chinese People's Liberation Army have penetrated - and could likely disable in the future - the Pentagon's unclassified network. Other experts have publicly stated that the Chinese army's cyber warfare units were responsible for the massive power blackout in 2003. Chinese cyber warriors almost certainly have the source code of popular office software, which allows them to steal invaluable intellectual property from private-sector firms around the world.
In the face of this threat, Bush administration policymakers have been slow to respond. The White House, for example, hasn't published an overarching strategy since former cyber security czar Richard A. Clarke left the White House in early 2003. High-level coordination efforts at the Department of Homeland Security have been fractured and halting. The top position for cyber security at the department, which was only elevated to the level of assistant secretary in 2006, has been a revolving door of new faces.
Fortunately, a small group of dedicated intelligence professionals quietly pushed the current director of national intelligence, Mike McConnell, to launch a promising cyber initiative that aims to defend against cyber threats from China. This is a positive step, so long as the intelligence community provides Congress with full oversight of potential monitoring efforts with a domestic component.
Over the past eight years, it has become evident that our adversaries are not always easy to uncover. While this administration has largely ignored cyber warfare's very real threat to our national security, the next president will have the opportunity to turn policy initiatives into full-scale action. By working closely with Congress, the new administration must ensure that we have the capacity to simultaneously protect our infrastructure and our civil liberties. Otherwise, the silent, but significant, attacks on American land will only multiply.
Eric Rosenbach is the executive director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School and formerly served as a professional staffer on the Senate Intelligence Committee. Tamara Klajn is an associate at the Belfer Center.