Should conflict occur, China's cyberwar plans target the U.S., and today's Chinese joint ventures with U.S. manufacturers in hardware, software and telecommunications create a "potential vector" for the People's Liberation Army (PLA) to exploit and compromise, says a report from the U.S.-China Economic and Security Review Commission sent to Capitol Hill today.
The report, "Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage," was researched under mandate by Congress when it first formed the external Washington, D.C.-based U.S.-China Economic Security Review Commission to undertake ongoing research about relations between the two countries. The report, written by information security analysts from Northrop Grumman, says that leaders in the Chinese People's Liberation Army (PLA) "have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary's information and information systems, often preemptively."
The report claims China is actively planning out how it could attack U.S. military operations. The report also notes that at least 50 civilian universities in China are receiving funding aimed at developing cyberwar capabilities for the military under at least five established national grant programs.
A cyberstrike could occur in advance of any physical military confrontation, the report states. "Chinese commanders may elect to use deep access to critical U.S. networks carrying logistics and command and control data to collect highly valuable real-time intelligence or to corrupt the data without destroying the networks or hardware."
The report says evidence it has compiled, mainly from PLA, Chinese government and non-proprietary sources, shows that China does want to be prepared to launch a cyberwar strike on the U.S. in the event of a conflict. The report goes on to claim that joint venture relationships between Chinese and non-Chinese hardware, software and telecom providers represent a "risk" from the U.S. point of view.
The report notes that possible tampering could occur in hardware such as routers and switches from China. And it states, "Deliberate modifications of semiconductors upstream of final product assembly and delivery could have subtle or catastrophic effects. An adversary with the capability to gain covert access and monitoring of sensitive systems could degrade a system's mission effectiveness, insert false information or instructions to cause premature failure or complete remote control or destruction of the targeted system."
Collaboration between U.S. and Chinese information security firms, according to the report, "has raised concerns over the potential for illicit access to sensitive network vulnerability data at a time when the volume of reporting about Chinese computer network exploitation activities directed against U.S. commercial and government entities remains steady."
The report takes a dim view of partnerships between "U.S. or other Western information security firms and Chinese IT and high-tech firms," saying there are risks "primarily related to the loss of intellectual property and erosion of long-term competitiveness, the same threats faced by many U.S. companies in other sectors entering partnerships in China."
Sign up for Computerworld eNewsletters.