Chinese hackers have penetrated the computer networks of contractors critical to moving U.S. troops and equipment around the world in time of crisis, potentially giving Beijing access to every move the military makes, according to a report released Wednesday by the Senate Armed Services Committee.
The newly declassified report found at least 20 successful intrusions between June 1, 2012, and May 31, 2013, that were attributed to the Chinese government. Among the contractors targeted by the hackers were airlines and shipping companies that would move troops and military cargo in a crisis. The hackers stole emails, documents, user accounts and passwords and even source code, the report said.
Though U.S. authorities knew of and investigated each of the incidents, the U.S. Transportation Command, which is responsible for the movement of military forces and supplies, knew of only two because of reporting requirements that were inadequate and confusing, the report said.
“Our ability to project power is critical to our national security,” Armed Services Chairman Carl Levin, D-Mich., said. “It is essential to do all that we can to ensure that that capability is not compromised.”
The threat of cyberattack, particularly from China, has worried defense planners for several years now. For example, former Joint Chiefs of Staff Chairman Adm. Mike Mullen recently said that cybersecurity is one thing that keeps him up at night.
The Justice Department in May charged five Chinese military officials with cyberespionage, saying that they penetrated the networks of U.S. corporations in conjunction with three Chinese state-owned enterprises.
“The U.S., and particularly the U.S. military, is incredibly dependent on networks,” cybersecurity expert and author Peter W. Singer told the Washington Examiner earlier this year. For example, the military uses radio frequency identification technology to track the movement of supplies — a technology that is vulnerable to hackers, who could reroute vital cargoes to the wrong destinations.
The Senate version of the defense policy bill for fiscal 2015 would require the Pentagon to identify contractors that are critical to military operations and set clear standards for reporting cyberattacks. The bill, which is not expected to be voted on in the Senate until the “lame-duck” session after the November elections, also requires the Pentagon to help contractors protect their networks against cyberattacks.
This article, originally posted at 12:46 p.m., has been updated.
