By The Editorial Board
The New York Times
Despite denials from Beijing, there seems little doubt that China’s computer hackers are engaged in an aggressive and increasingly threatening campaign of cyberespionage directed at a range of government and private systems in the United States, including the power grid and telecommunications networks.
The Obama administration had carefully avoided naming a specific culprit. Now it has.
In the Pentagon’s annual report to Congress on China, the Chinese government and, in particular, the Chinese military are explicitly accused of mounting attacks on United States government computer systems and defense contractors in a systematic effort to steal intellectual property and gain strategic advantage.
The report adds urgency to talks expected to begin in July with the Chinese about cyberissues. It does not discuss America’s own considerable investment in disruptive computer capabilities. These, too, must be on the agenda.
China’s ambitions have been discussed on a background basis by senior officials and were the subject of an earlier report by the computer security firm Mandiant that was disclosed by The Times in February. The new report to Congress adds depth and detail. Its clear purpose is to increase pressure on China to rein in its hackers, who Mandiant has said, are largely run by Chinese Army officers or are contractors working for military commands.
But for anyone broadly interested in the possibility of a global disruption caused by government-directed hackers, the report suffers from one conspicuous omission: It does not address America’s own role in the expanding world of cyberwarfare nor that of other countries with active programs, like Russia, Britain and Israel. The report said that the primary goal of China’s cyberattacks on the United States was to steal industrial technology but that many intrusions were designed to obtain insights into American policy makers’ thinking. The report also warned that information gathered on American defense networks, logistics and military capabilities could be exploited during a crisis.
The United States has spent billions of dollars defending its computer networks, as it should. But, increasingly, it is also investing billions more in offensive capabilities, including malware that can disrupt an adversary’s networks like the American-Israel Stuxnet virus did to Iran’s nuclear program in 2010. Cyber is one of the few growth areas in the military budget; Congress and the Obama administration will need to take care that the Pentagon is not exploiting the China threat to boost the budget even more to make up for other reductions.
One positive development is that China, after considerable resistance, now seems willing to discuss cyberissues with the United States. The Americans seem intent on keeping the focus on persuading Chinese officials to end attacks on commercial and economic interests and to understand that, if they don’t, it would damage relations with the United States. It would be a mistake not to also engage China, and other countries as well, on military-related issues, including what constitutes cyberaggression and how governments should respond. The world does not need a cyber arms race.