China did it again. Between June 2012 and May 2013, Chinese hackers infiltrated military contractors’ networks, according to a recently released report from the Senate Armed Services Committee. Chairman Carl Levin (D–MI) called the findings “very disturbing” and said that these hacks threatened the security of U.S. military operations.
The report was based on a yearlong investigation by the Senate Committee. It found that e-mails, passwords, and documents were stolen by the Chinese military. Airlines contracted by the Pentagon to provide transportation to troops and cargo were targeted and infiltrated 9 times.
“There were 50 successful intrusions or other types of attacks targeting contractors of the Transportation Command during the one-year period reviewed by the Senate committee. At least 20 of those attacks were thought to be carried out by hackers from the Chinese government, according to the report,” noted Bloomberg.
The investigation also pointed out the failure of U.S. government agencies and contractors to share information.
These findings should come as no surprise. China has an extensive history of cyber attacks against the U.S. Just this past August, one of the U.S.’s largest hospital companies, Community Health Systems, had 4.5 million patients’ Social Security numbers and other personal data stolen by the Chinese. In May, the U.S. indicted five members of the People’s Liberation Army for cyber attacks against U.S. companies.
These actions should spur the U.S. government to create forceful deterrents against future Chinese hacks. Heritage Expert, Dean Cheng notes that “[g]iven the commercial activities being affected by the Chinese actions, commercially related responses should rank as high as diplomatic ones.”
One way to discourage future attacks would be legal action against Chinese companies who have benefited from hacked information. Importantly, any lasting solution will need the cooperation of U.S. allies and their help in enforcing these actions against China.
On the home front, information sharing between private organizations and government agencies is crucial for protecting cyber infrastructure. Any legislation should allow voluntary sharing between organizations.
As The Heritage Foundation’s David Inserra and Paul Rosenzweig recommended earlier this year, the first step is to clearly define what information sharing is to the public and then remove barriers and ambiguities in the law. Strong liability protection is also needed as it allows companies to share information without fear that the data will later be used against them in court. Finally, a reliable framework will need to be created to share cyber threat information across different agencies and companies. Not moving ahead with information sharing will continue to harm U.S. cybersecurity.
China’s actions clearly demonstrate that the U.S. will need to intensify its actions against Chinese hacking and improve its own cyber defenses in order to deter further cyber aggression and protect Americans in cyberspace.
Ellen Prichard is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here.