A report released Tuesday linking the Chinese government to cyberattacks against U .S. companies is the latest to sound an alarm about the need to bolster government and private-sector defenses against online attacks on the nations critical infrastructure.
The Internet security firm, Mandiant Corp., said that Chinas Communist Party operating through the Chinese Peoples Liberation Army was responsible for systematic cyberespionage and data theft against organizations around the world. Mandiant said attacks were made against 141 companies and organizations since 2006 with 115 of the targets in the United States. The firm identified the specific army unit and Shanghai building out of which it has been operating. It even included video of members breaking into computer systems and stealing files.
The specific targets were not identified but they included aerospace, energy and telecommunications companies. Intellectual property, system designs, manufacturing procedures and contract negotiation positions were among the data stolen. Several major American newspapers have acknowledged being hit by hackers. Trade secrets could find their way to a Chinese company that could gain a competitive edge over an American firm.
The cyberthreat is not new, and neither is Chinas role in it. The report echoes warnings sounded in a 2011 report and a National Intelligence Estimate tying the Chinese government to cyberthefts. The attacks pose a threat to the nations businesses and infrastructure such as utilities, finance and transportation. With the increasing threat to economic and national security, the administration has raised the subject in diplomatic talks with China.
President Obama most recently addressed the issue in his State of the Union message followed by an executive order for federal agencies to improve sharing with industry information on cyberthreats or attacks. The government would also work with companies to establish a framework of cybersecurity standards for them to follow voluntarily.
Our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems, the president said. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
But government and private sector leaders say legislation is needed to establish national cybersecurity standards and foster cooperation among businesses.
A White House proposal for operators of natural gas supplies, public water systems and other utilities to set standards for critical industry was blocked after resistance from industry and business groups, among them U.S. Chamber of Commerce itself a victim of Chinese hackers who see it as unnecessary government regulation.
They also want more protection against liability that might result from sharing data.
The Mandiant report should be a wake-up call for Congress and businesses to agree on stringent standards to protect U.S. computer systems before a foreign hacker or enemy knocks out power or shuts down water systems.