Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

For years now security companies have described that attacks originating in China routinely infiltrate and steal data from U.S. corporate networks, and that similar activity targets U.S. government systems, too. But even as politicians and government officials have begun to speak more freely about the issue (see “U.S. Power Grids, Water Plants a Hacking Target”), they have stopped short of making specific accusations about who is responsible. In April, President Obama’s national security adviser Tom Donilon talked vaguely of attacks “emanating from China.”

A new report from the Department of Defense (PDF) uses much firmer language, singling out the Chinese military:

“China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs.”

That information could be used to help out Chinese defense companies, technology industry military planners, political leaders, says the report, which adds:

“Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks.”

That seems to refer to the fact that an intruder on a computer network could also use their access to shut it down and disrupt communications or other – perhaps physical – systems connected to it.

It’s not within the scope of the Pentagon report to mention that the U.S. has expanding computer-based espionage and attacks capabilities of its own (see “Welcome to the Malware Industrial Complex”), that China isn’t the only nation targeting the U.S. (see “Which Four Countries Most Actively Attack the U.S.?”), or to discuss the state of defenses against such actions.

From a technical perspective, the prevalence of successful infiltration of U.S. companies – even defense and security companies such as Lockheed Martin and RSA – suggests they are slim. Recent research has shown that a determined adversary could likely find many opportunities to access physical industrial systems (see “What Happened When One Man Pinged the Whole Internet”).

However, how far China might be willing to test any computer espionage and attack capabilities will be determined by traditional political and strategic concerns more than technical questions. President Obama, secretary of state John Kerry and other senior U.S. officials are all known to have raised the question of computer-based industrial espionage with China in recent months and presumably they are also raising the matter of the actions against Pentagon and government networks described in the new report out today.

For now, China’s government is publicly sticking to its previous line that it does not condone or support any such activity, with a spokesperson telling the New York Times today that:

 “China has repeatedly said that we resolutely oppose all forms of hacker attacks…we are firmly opposed to any groundless accusations and speculations.”

2 comments. Share your thoughts »

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »