[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
COMMUNIST CHINESE CYBER-ATTACKS,
CYBER-ESPIONAGE AND THEFT OF AMERICAN TECHNOLOGY
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS
OF THE
COMMITTEE ON FOREIGN AFFAIRS
HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
FIRST SESSION
__________
APRIL 15, 2011
__________
Serial No. 112-14
__________
Printed for the use of the Committee on Foreign Affairs
Available via the World Wide Web: http://www.foreignaffairs.house.gov/
----------
U.S. GOVERNMENT PRINTING OFFICE
65-800 PDF WASHINGTON : 2011
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON FOREIGN AFFAIRS
ILEANA ROS-LEHTINEN, Florida, Chairman
CHRISTOPHER H. SMITH, New Jersey HOWARD L. BERMAN, California
DAN BURTON, Indiana GARY L. ACKERMAN, New York
ELTON GALLEGLY, California ENI F.H. FALEOMAVAEGA, American
DANA ROHRABACHER, California Samoa
DONALD A. MANZULLO, Illinois DONALD M. PAYNE, New Jersey
EDWARD R. ROYCE, California BRAD SHERMAN, California
STEVE CHABOT, Ohio ELIOT L. ENGEL, New York
RON PAUL, Texas GREGORY W. MEEKS, New York
MIKE PENCE, Indiana RUSS CARNAHAN, Missouri
JOE WILSON, South Carolina ALBIO SIRES, New Jersey
CONNIE MACK, Florida GERALD E. CONNOLLY, Virginia
JEFF FORTENBERRY, Nebraska THEODORE E. DEUTCH, Florida
MICHAEL T. McCAUL, Texas DENNIS CARDOZA, California
TED POE, Texas BEN CHANDLER, Kentucky
GUS M. BILIRAKIS, Florida BRIAN HIGGINS, New York
JEAN SCHMIDT, Ohio ALLYSON SCHWARTZ, Pennsylvania
BILL JOHNSON, Ohio CHRISTOPHER S. MURPHY, Connecticut
DAVID RIVERA, Florida FREDERICA WILSON, Florida
MIKE KELLY, Pennsylvania KAREN BASS, California
TIM GRIFFIN, Arkansas WILLIAM KEATING, Massachusetts
TOM MARINO, Pennsylvania DAVID CICILLINE, Rhode Island
JEFF DUNCAN, South Carolina
ANN MARIE BUERKLE, New York
RENEE ELLMERS, North Carolina
VACANT
Yleem D.S. Poblete, Staff Director
Richard J. Kessler, Democratic Staff Director
------
Subcommittee on Oversight and Investigations
DANA ROHRABACHER, California, Chairman
MIKE KELLY, Pennsylvania RUSS CARNAHAN, Missouri
RON PAUL, Texas DAVID CICILLINE, Rhode Island
TED POE, Texas KAREN BASS, California
DAVID RIVERA, Florida
C O N T E N T S
----------
Page
WITNESSES
Pat Choate, Ph.D., director, Manufacturing Policy Project........ 5
Mr. Richard Fisher, senior fellow, Asian Military Affairs,
International Assessment and Strategy Center................... 11
The Honorable Edward Timperlake (former Director, Technology
Assessment, International Technology Security, Office of the
Secretary of Defense, U.S. Department of Defense).............. 25
Adam Segal, Ph.D., senior fellow, Council on Foreign Relations... 35
LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING
Pat Choate, Ph.D.: Prepared statement............................ 7
Mr. Richard Fisher: Prepared statement........................... 13
The Honorable Edward Timperlake: Prepared statement.............. 27
Adam Segal, Ph.D.: Prepared statement............................ 37
APPENDIX
Hearing notice................................................... 50
Hearing minutes.................................................. 51
COMMUNIST CHINESE CYBER-ATTACKS, CYBER-ESPIONAGE AND THEFT OF AMERICAN
TECHNOLOGY
----------
FRIDAY, APRIL 15, 2011
House of Representatives,
Subcommittee on Oversight and Investigations,
Committee on Foreign Affairs,
Washington, DC.
The committee met, pursuant to notice, at 12 o'clock p.m.,
in room 2172 Rayburn House Office Building, Hon. Dana
Rohrabacher (chairman of the subcommittee) presiding.
Mr. Rohrabacher. I call to order the Subcommittee on
Oversight and Investigations of the House Foreign Affairs
Committee.
I would like to thank all of you for joining us today. And
today we are examining the Communist Chinese cyber-attacks,
espionage and theft of American technology.
We will proceed with our opening statements and then
introduce the witnesses. And, hopefully, there will be a vote
coming up I am afraid, but let us hope we get through the
testimony of the witnesses and then we will go and vote and
come back and ask the questions.
So, starting off with a Reuters news story this morning
reveals that secret U.S. State Department cables trace computer
system attacks colorfully code named the Byzantine Hades by
U.S. investigators. They have traced these to the Chinese
military itself. An April 2009 cable even pinpoints the attacks
to a specific unit of the Chinese People's Liberation Army.
According to U.S. investigators China has stolen terabytes of
sensitive data from password for State Department computers to
designs for multi-billion dollar weapon systems.
The United States is under attack.
Cyber-attack and cyber-espionage traced backed to China
have been dramatically increasing every year. What kind of
damage is being done? How is our national security being
compromised? Well shielding our digital infrastructure from
attacks, and protecting the intellectual property and
classified information is strategically important to our
national security. But how do that and what else needs to be
done in terms of protecting this?
The Communist Chinese Government has defined us as the
enemy. It is buying, building and stealing whatever it takes to
contain and destroy us. Again, the Chinese Government has
defined us as the enemy.
Chinese cyber-attacks on U.S. assets now number in the
thousands every year. The 2009 report on ``China's Military
Power'' published by the Office of the Secretary of Defense
notes that, ``numerous computer systems around the world,
including those owned by the United States Government,
continued to be a target of intrusion that appears to have
originated within the PRC,'' end of quote. One of the high
value targets that Chinese cyber warriors have repeatedly
attacked is the F-35 Joint Strike Fighter program which is the
centerpiece of future American air power capabilities.
The heavy use of outsourcing of computer and consumer
electronic production to China, not only by American but also
by Japanese, Taiwanese, German, and South Korean firms, has
helped create a Chinese cyber threat that now compromises the
security of the Western world. Beijing has been given
technology and a manufacturing base, making Western networks
vulnerable to escalating Chinese capabilities.
The Office of the Secretary of Defense in their 2010 annual
report to Congress, which was the ``Military and Security
Developments Involving the People's Republic of China''
outlined this challenge. And I quote,
``The PRC utilizes a large well-organized network of
enterprises, defense factories and affiliated research
institutes and computer network operations to
facilitate the collection of sensitive information and
export-controlled technology.''
The Chinese often use, and here it is, the term ``patriotic
hacker'' as a cover for their activities, as well as of course
corporate spies. But in that dictatorship the line between
state and private efforts is blurred intentionally to give
Beijing plausible deniability.
Chinese thinking is based on slogans such as ``Give
Priority to Military Products,'' and ``Combine the Military
with the Civil.'' Thus, economic and commercial spying and
theft are most frequently connected with tech-heavy industries
deemed to be strategic to the regime. This includes computer
software and hardware, biotechnology, aerospace,
telecommunications, transportation, engine technology,
automobiles, machine tools, energy, materials and coating.
A new study by the RAND Corporation, which it was ``Ready
for Takeoff: China's Advancing Aerospace Industry,'' that
report found, and I quote,
``China's aerospace industry has advanced at an
impressive rate over the past decade, partly due to the
increasing participation of its aerospace industry in
the global commercial aerospace market and the supply
chains of the world's leading aerospace firms . . .
China's growing civilian aerospace capabilities are
unquestionably contributing to the development of its
military aerospace capabilities.''
Combine these commercial transfers with the espionage
committed against American military programs like the F-35, and
no one should be surprised by the roll out of the new J-20
``stealth'' Chinese airplane last January. It was years ahead
of what all the experts predicted that China was able to do on
its own.
It is what happens during ``peace time'' that determines
the balance of power and governs the outcome when that peace
breaks down. National security must be a constant concern.
Battleships and mass armies were left behind by aircraft
carriers and rockets. Now we must understand that today's
threat emanating from cyberspace and technology transfers as
well as from traditional practices of espionage.
Today we have before us four experts on the connection of
technology transfers and national power in a competitive world.
Mr. Pat Choate is currently the director of the
Manufacturing Policy Project, a private, nonprofit institution.
Mr. Choate has written widely and several books, including
``Agents of Influence'' and the ``The High Flex Society,''
which document the decline in America's competitiveness and the
influence of foreign powers right here in Washington, DC.
Mr. Richard Fisher is a senior fellow with the
International Assessment and Strategy Center. He is an active
writer and a scholar on China having worked for the Jamestown
Foundation, the Center for Security Policy, and The Heritage
Foundation. He is the author of ``China's Military
Modernization, Building for Regional and Global Reach,'' and
has been published in numerous newspapers and professional
journals.
Mr. Edward Timperlake served as Director of Technology
Assessment, International Technology Security for the
Department of Defense from 2003 to 2009. He identified and
protected the Defense Department from espionage, that was his
job and we're anxious to hear more about that. He also served
as the Department of Defense's representative to the National
Counterintelligence Executive Committee. Before that he
graduated from the Naval Academy and served as a Marine fighter
pilot, as my dad did for 23 years. And co-authored the book,
``Showdown: Why China Wants War with the United States.''
And finally, we have Mr. Adam Segal, a senior fellow with
the Council on Foreign Relations and an expert on security
issues and China policy. He has recently written a book
entitled, ``Advantage: How American Innovation Can Overcome he
Asian Challenge.'' He has taught Vassar College and Columbia
University. He holds a Ph.D. from Cornell.
I want to thank all my witnesses, or our witnesses for
being here today.
And now we'll have opening remarks from our members, and
then we will proceed with your testimony.
Mr. Carnahan.
Mr. Carnahan. Thank you, Mr. Chairman for holding this
hearing. And I want to compliment on the interesting and timely
subjects that you have brought to this subcommittee. And we
look forward to continuing this work together.
As the U.S. economy continues to recover, we must do
everything we can to create jobs here at home and support
domestic manufacturing.
As of 2010, China was the world's third largest buyer of
products from my home state of Missouri ranging from machinery,
pharmacueticals, agriculture products. We experienced a 43-
percent growth in exports from Missouri to China. Nearly $1
billion sales last year alone. Missouri made products exported
to China that are creating jobs here at home in the midwest and
beyond.
With nearly 20 percent of the world's population, the
Chinese market represents an opportunity for American business
to create job here at home by making American products at home
and exporting them to China, but here's the ``but.'' This
growth, while it is an opportunity, it cannot and will not
reach its full potential so long as American companies remain
at risk. Given the long running efforts to illicitly acquire
technology from Western companies, and a lack of protection of
intellectual property rights there is a significant limitation
to the export growth potential of U.S. corporations.
While it is in our economic and security interest clearly
to counter any and all of these issues, it is also in China's
best interest to come to the table and address them in a
serious way. China itself is increasingly susceptible to
hacking and cyber crime and theft of intellectual property by
others around the world, especially given that its technology
is not as superior as ours. It is in the best interest of both
countries to diplomatically address these issues and encourage
Chinese officials to come to the table to do just that: Address
these issues in a serious way.
I look forward to hearing from our witnesses today. And I
yield back, Mr. Chairman.
Mr. Rohrabacher. Thank you very much.
And we have with us, I am going to see if I am pronouncing
right, David Cicilline?
Mr. Cicilline. Yes.
Mr. Rohrabacher. And you're from Rhode Island. And we would
recognize you for an opening statement.
Mr. Cicilline. Just thank you, Mr. Chairman. I just would
like to welcome the witnesses and thank the chairman for
scheduling this hearing.
This issue of how do we support American manufacturers and
deal with the very real issue of the theft in intellectual
property is of great interest to me and to my constituents, and
to our country. And I am particularly also interested in
hearing the witnesses' testimony on what we might do to further
enhance cyber security.
So, I welcome you and thank you for being here today.
Mr. Rohrabacher. Thank you very much. Welcome to the
subcommittee.
Mr. Choate?
Mr. Choate. Mr. Chairman, members----
Mr. Rohrabacher. I am sorry. I was trying to figure out how
to pronounce his name so much that I did not even see him
there.
And another one of our new members, Ms. Bass. No, if you
have an opening statement, please feel free.
Ms. Bass. Thank you for holding this hearing. And I am also
very interested in the testimony that you have to say, and a
particular interest, I mean in addition to the cyber-attacks,
is the whole idea of the problem in China with piracy. I know
that is not the topic today, but hopefully in a future hearing
we will be addressing that.
Mr. Rohrabacher. Thank you very much.
You have a very easy name to pronounce. All my life with a
name Rohrabacher I have got to pay attention to pronunciations.
Mr. Choate, go right ahead.
STATEMENT OF PAT CHOATE, PH.D., DIRECTOR, MANUFACTURING POLICY
PROJECT
Mr. Choate. Thank you, Mr. Chairman, members of the
committee.
Let me focus my comments on how the United States actually
facilitates such cyber-espionage and talk about things that we
can do here at home in dealing with it.
Chinese cyber-attacks, of course, are massive, there have
been numerous studies that have identified these attacks. We
know that all of our major agencies, corporations, banks,
research and other entities are subject to these attacks.
The greatest concentration of technology, of new
technologies, advanced technologies in the world is at the U.S.
Patent Office. What we have is deg.each year is
500,000-plus applications from around the world, about half of
those applications are foreign-based but half are from the
United States, seeking a patent. And at the Patent Office what
we have is a situation in which we have probably the oldest
computers in the Federal Government are found at the Patent
Office. There have been a number of comments on that by Mr.
David Kappos, who is the Director of the US PTO.
Another basic principle that we can assume: Anything that
is on the internet can be hacked into, whether it is our IPhone
or whether it is our personal computer, or our IPod that is
connected.
So, we have to assume that the Patent Office is regularly
hacked into and the best information is taken from the Patent
Office. I do not think that has received the attention that it
merits.
The second thing that happens in talking to computer
security experts, and I have done this for a couple of books,
is the first thing that a foreign intruder seeks is to identify
the sources of this technology.
If you go into the Patent Office, or if you just simply
take the published Patent applications, you can narrow down the
fields to those companies that are doing the most advanced
research, large and small. Then once those companies are
identified, the Chinese are particularly effective at doing a
barrage of attacks upon the computer systems of those companies
in an attempt to put in Trojan spyware that will enable them at
the schedule of the intruder to produce the information of the
company itself and literally on an hourly or daily basis, they
know exactly what is going on with the technology or research
there. The issue is one of how do we improve the security of
information in that process.
A second issue that I mention in my testimony relates to
the entire question of the security of economic technology. We
have both national and economic security needs in this country.
We have laws on the books that deal with the national security,
the military technology. We have laws that require the
imposition of secrecy orders. We have no such laws on economic
technology. And increasingly what has happened over the years
is we have dual technologies that are used for both purposes.
In the back of my testimony I have a table that I would
direct your attention to on the number of secrecy orders that
have been given. It's the fifth column over.
And what we see in during the Cold War era we would have
hundreds of items each year that would be put under a secrecy
order. A patent would be given, but the secrecy would not be
allowed. That rate has declined by about 90 percent in recent
years.
Last year there were 86 secrecy orders issued at the Patent
Office. Of those, about 60 were from the National Labs and
dealt with atomic issues. There were about 26 John Doe secrecy
orders imposed.
Now here's the problem. We have the Department of Commerce,
the Department of Defense, Department of State, Homeland
Security imposing export controls on certain technologies
because we do not want people who might be hostile to us to
have that technology. At the same time, we are putting up
through the Patent Office on the internet the patent
applications and the full patent itself which includes the best
mode for the best way to make it. So simultaneously we are
losing billions of dollars of sales and we have absolutely no
security benefit from that.
So, I think this is a very rich area of study of how do we
take our national security and recognize the dual use
technologies? How do we make sure that we have an improved
security inside the Patent Office on this publication of
materials?
Thank you, and I look forward to your questions later.
[The prepared statement of Mr. Choate follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Rohrabacher. Thank you very much, Mr. Choate. And
appreciate you keeping it within 5 minutes, and we will have a
longer session to ask questions and answers after that.
Mr. Fisher?
STATEMENT OF MR. RICHARD FISHER, SENIOR FELLOW, ASIAN MILITARY
AFFAIRS, INTERNATIONAL ASSESSMENT AND STRATEGY CENTER
Mr. Fisher. Chairman Rohrabacher, I would like to begin by
thanking you for your consistent leadership in helping to alert
this nation to the threat from China's Communist Party. And
Chairman Carnahan and other members, I would like to extend my
thanks to you for holding this hearing today.
Both the internet and the dual use technologies that I will
cover in my remarks have helped to propel a far more globalized
world economy which has produced myriad benefits, has many
defenders, but I would also submit, Mr. Chairman, that it is
time for the United States to devise new defenses against those
who are exploiting these benefits and harming of the security
of the United States.
In my testimony one of the major points that I make is to
highlight the cost of China's cyber warfare against this
country. I have provided some figures in a PowerPoint slide and
that looks at, at least, open source estimates of annual
expenditures. And last year I found an estimate that describes
the cost of just cyber-espionage alone as mounting to almost
$200 billion a year. This is comparable to what the United
States is spending to defend ourselves or what is the cost of
the impact of the war against in this hemisphere.
Admiral Winnefeld just 3 days ago provided the figure of
$181 billion as he impact on this country of the war on drugs.
So with that level of importance, that level of comparison,
I think a far greater degree of public focus needs to be placed
on this challenge of Chinese cyber warfare.
In my testimony I describe some points about the order of
battle that PLA has put together, how cyber warriors or drawn
from the criminal sector, from the computer industry. You
mentioned the Reuters story today that described a U.S. Embassy
cable that has traced attacks back to a specific unit in
Chengdu. The Chinese have a cyber army that is fully integrated
into their order of battle. What we need to do to defend
ourselves is another long and complex subject, but at minimum
we need to consider how we can raise this issue in importance
in terms of the information that we share with American
citizens.
Every year at the Pentagon, because of the Congress, has to
print a report about PLA modernization, Chinese military
modernization. I believe that we need a similar report that
highlights China's cyber war against the United States and all
other democracies.
Now I'd like to move on to looking at how American dual use
technologies are being used by China increasingly for military
purposes. I have written on this at some length in the past,
and I put together just a few PowerPoint slides that provide
some examples.
Early in the last decade two Chinese companies basically
stole the AM General Humvee and put it into production. One
company, the Dong Feng Motor Company is now producing this
vehicle for the People's Liberation Army and the People's Armed
Police. It's not something that AM General would talk to me
about until just a few years ago. And it apparently is
something that happens with the approval of the Commerce
Department. And it does not appear that there is anyone who is
aware or taking any action to address an American-designed
vehicle being used by the Chinese military.
Another example that I discovered at a Chinese air show in
2004 was that two Boeing 737s have essentially been dragooned
into the People's Liberation Army Air Force. My sources in
another country explained to me soon after that these airplanes
were being used in China's Cruise missile development program.
There are now 400, 500, 600 Cruise missiles appointed at
Taiwan, and this aircraft helped to develop them.
Here we see at the far left the 737s and Chinese electronic
warfare and electronic technology development unit.
Here we have another problem, and that is how China has
integrated the airliners and the cargo liners that we have sold
them into a civilian reserve force that is now helping to
transport PLA troops and forces, and equipment. This is an
exercise that took place in 2008, a U.S. built Boeing 747, a
McDonnell Douglas DC-10 and we see Humvees being arrayed as
part of the forces being transported.
This is an exercise that took place last year. China
Southern Airlines just acquired this Boeing 777F and promptly
went into a mobility exercise.
Finally, there is the problem of how to control academic
research, especially when it has a military use. I included in
my testimony an explanation of the case of a certain professor
who was allowed or invited to be a visiting fellow with a NASA
Laboratory in the late 1980s. She then returned to China with
her information and became a leading expert for China in the
development of composite ceramic matrix materials which are
used to shield spacecraft. And she is now involved in China's
effort to build military spacecraft and military hypersonic
products.
I do not think that there is enough of an awareness or a
willingness on the part of those who should be defending our
technology, and that would be my final point, sir.
Thank you very much.
[The prepared statement of Mr. Fisher follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Rohrabacher. Thank you very much, Mr. Fisher. We will
get back to you during the questions and answer. But it appears
that we are spending a lot of money on research and development
here and maybe the benefit is going overseas. But we will let
our next witnesses comment on that as well.
Mr. Timperlake?
STATEMENT OF THE HONORABLE EDWARD TIMPERLAKE (FORMER DIRECTOR,
TECHNOLOGY ASSESSMENT, INTERNATIONAL TECHNOLOGY SECURITY,
OFFICE OF THE SECRETARY OF DEFENSE, U.S. DEPARTMENT OF DEFENSE)
Mr. Timperlake. Thank you very much, Mr. Chairman,
distinguished members.
I would like to submit my testimony for the record and
summarize briefly.
The 106th Congress of the First Session reported out a
bipartisan document that is a tribute to the fact that the U.S.
Congress in national security concerns come together as one, it
was called the Cox Report. It was a report on the activities of
the People's Republic of China. I linked it in my testimony.
Anybody that reads that can go to the Congressional Web site or
buy a copy on Amazon. Read it, look at today's headlines to
check and see the lineage of what they went after and where it
is today. I picked three quick examples.
In the '90s, the People's Republic of China targeted
ballistic missiles. Sure enough, they also proliferate, by the
way. Boom goes the dynamite on January 11, 2007 they
successfully kinetically killed one of their satellites. Some
day that may be seen as the precursor to the opening round of a
quasi-war in space.
They went after high performance computers. I looked that
up, and in 1999/2000 I think Saudi Arabia and Portugal were
ahead of China, we had the top nine out of the ten, Japan was
closing. And again on 20 October the BBC announced that China
now has the top super computer in the world. So, they got that
one.
Stealth and composite technology, they went after that.
Sure enough, as you mentioned, they rolled out the J-20
Annihilator and embarrassed everybody. Previous to that the
Russians flew their F-22ski, the TF-50. Both of them were a
test flight that caught several by surprise. Three Air Force
officers did not see it that way, General Corely U.S. Air
Force, Lieutenant General Deptula of the Air Force Head of
Intelligence, and General Thomas McInerney. Unfortunately, the
F-22 was stopped at 187 Raptors, and I think that was a
strategic blunder which tell us we have to protect the F-35 at
all cost because that is our ace in the hole coming in combat
maneuvering in the future.
Concurrently while the Chinese were spying, they did the
``Revolution in Military Affairs,'' they saw Andrew Marshall
publish this great document in which Mr. Marshall, director of
Net Assessment, said here was two evolutionary technologies:
Precision-guided munitions and remote sensors, and information
war.
The Chinese military literature tells us in the late '90s
they were giving doctorates in information war. The term
``cyber'' had not been in vogue at that time, so they really
got off the dime very quickly on that.
I would argue though, and we will discuss this, that the
PRC actually has two cyber enemies. They have the free world
for whatever they can get, and the other one is their own
people. And they are very concerned about that, so that
compounds their problem and is an area that we can exploit.
There are two case studies I presented. The first one was
the Varyag, the aircraft carrier, that's denial and deception.
They sent a team over to buy it, it was a cold war relic. And
they claimed that they were purchasing an aircraft carrier to
be a casino Macau. They got though the Turkish Straits of the
Bosphorus by that cover story. Sure enough, very recently
Xinhua is on saying ``The huge warship on the verge of fitting
out, is fulfilling 70 years of China's dreams for an aircraft
carrier.'' I would say that basically they named it the Shi
Lang after the Ming Dynasty admiral. I'd rather call it the
Casino, because that's how they said hey were going to use it.
The other case is they send bad things to bad people.
Whenever the Chinese Government gets something, they have a 16
character policy which says: We get it, we filter it through
the use and the need for the state. And in doing so it's a
brilliant strategy. They then perfect it and balance it by
proliferation. I went to Iraq, I looked at all the Chinese
weaponry that were oil for food violations, and sure enough I
listed them in my report. In addition, Huawei a Chinese firm
was in pre-war Iraq, post-war Iraq. And I was looking at the
CPA, I was engaged with that. I noticed on the Web site they
were bragging that they had gotten into Iraq and basically that
was prohibited. In my personal opinion Huawei is an ongoing
criminal operation as much as anything.
How are we doing and what are we doing about it? The
Justice Department formed up a task force in 2007 to focus on
this. They have done a magnificent job. I give a link to that.
I even gave some of their press releases on spy cases they have
busted, and they really are making these cases.
Finally, the issue of cyber security; it's a black swan
event, which is a great book. Basically, expect the unexpected,
the highly improbable. And we formed up the U.S. Cyber Command.
I want to give Mike Wynne a credit to his vision, the Billy
Mitchell of our generation. He saw the need early with the U.S.
Air Force Cyber Command that melded into the bigger cyber
command picture.
I really do believe that we as Americans have a challenge
but we will, because of hearings like this, address that
challenge.
Thank you, sir.
[The prepared statement of Mr. Timperlake follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Rohrabacher. Thank you very much for your testimony.
And now Dr. Segal.
STATEMENT OF ADAM SEGAL, PH.D., SENIOR FELLOW, COUNCIL ON
FOREIGN RELATIONS
Mr. Segal. Mr. chairman and members of the committee, thank
you very much for asking me to testify on this very important
subject.
I would like to place cyber-espionage in a larger context,
which is a push on the Chinese for extremely techno-nationalist
technology policy driven toward reducing dependence on advanced
countries for foreign technology, and particularly reducing
dependence on the United States and Japan. That policy was
enshrined in the 2006 Medium-to Long-Term Science and
Technology Development Plan, introduced the idea of
``indigenous innovation,'' and it set the goal for China to
become an innovated-oriented society by 2020 and among the
world's scientific and technology leaders by 2050.
The pursuit of these goals follows three tracks. The first
track is industrial policy, which is basically a top-down,
state-led focus on big science, but also includes the use of
standards policy, the use of procurement and the failure to
protect intellectual property rights, as well as forcing
technology transfer between foreign companies that want access
to the Chinese domestic market.
The second strand is what you would call innovation
strategy, and this is a much more market-oriented focus on
creating technological entrepreneurship and new growth in the
Chinese economy.
And the third strand is cyber-espionage and traditional
espionage.
These three strands clearly are overlapped and intertwined,
although plucking out the individual strands is difficult to
do. In some cases it's very easy. We can see private companies
as they grow larger begin to accept funding and support from
the state. And also in the case of cyber-espionage as the
``Shadows in the Cloud'' report shows that there is a nexus
between criminal and state hackers and the information that
those hackers find sometimes shows up on the black market and
other times it seems to work its way back to state
institutions.
The question for the United States, of course, is how do
you respond to this? And I think the most important response is
domestically: How do we defend our own networks? How do we move
to risk management? Because I think most of this is in the end
is going to be very difficult to protect, and so we have to
think about what type of information we actually want to be
digitalized and placed on networks. But also, how do we raise
the cost for Chinese hackers, and that's probably going to
involve some forms of active defense.
But I think the larger issue as well is: What are U.S.
companies saying about this problem? Because like with
intellectual property rights theft, U.S. companies do not like
to talk about when they have been hacked. We saw with the
Google hack, Google said 30 other companies were attacked in
this hacking, but then no other company publicly stated that,
yes, this was a problem for us. And I think the reasons that
they do not state it is because they are afraid of retribution
from the Chinese Government. So the United States has to figure
out how are you going to respond to that problem and get U.S.
Government more involved.
And then the third area, I think, is how do we shape this
debate within China. Because we can see with the technology
policy there is, in fact, people who question the wisdom of
this--excuse me this technology policy, this top-down state
strategy. They think that that is not going to be successful
long-term and they are afraid that in fact China will fall
further and further behind. That Chinese standards will only
cut them off from the rest world.
And as Chinese technology companies themselves become more
global, they have a stake in a digital infrastructure that is
more open and more global. So what the United States wants to
do is to think about how we strengthen those individual units.
I suspect, although I have no evidence, that those same
factions, we can call them the innovation strategy factions,
are also suspicious of a technology policy that is based on
espionage. Copying is not going to create incentives for
innovation. So those people are the ones that we want
strengthen, those are the ones we want to convince that they
have an interest in these global structures and these open
infrastructures, and to convince them that China is
increasingly becoming more vulnerable to cyber-attacks itself.
This is not going to be easy. The techno-nationalist view
is widespread in China. It is, in fact, held by the innovation
strategy faction. They also want to reduce dependence on the
West, but they at least are pushing in more open ways of doing
it. So that I think it is important to engage the Chinese on
that front, but the more important short-term is probably going
to be defending ourselves and raising costs to Chinese hackers.
I'll stop there.
[The prepared statement of Mr. Segal follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Rohrabacher. Thank you very much.
And Mr. Carnahan may not be able to join us after the next
series of votes, so I think we will give you the courtesy of
asking your questions now.
Mr. Carnahan. Great. Thank you, Mr. Chairman. And thanks to
all the panels here today. This has been a very good overview.
I wanted to start with just an overall question to really
any of the panelists that want to weigh in on this. President
Obama had stated that ``our ability to partner is a
prerequisite for progress on many of the most pressing global
challenges.'' I wanted to get your assessment of the
willingness of the Chinese to engaged with the U.S. in this
manner regarding cyber threats and technology threats. And why
do we not just start with Mr. Choate and work our way across?
Mr. Choate. Well, I think we can anticipate--well I think I
can start by looking at our own history. From 1790 to around
1838 the United States was under a very aggressive policy of
technology acquisition under a manufacturing strategy put
together by Alexander Hamilton. We literally stole everything
that we could from any place in the world.
And I think that China, and any other developing country,
would feel an obligation to do almost the same thing. From our
perspective I think we must assume that for years to come as
long as our technology is superior, they have ever incentive in
the world to go out and steal our technology. That gives a
series of mandates on what we should do as a country.
We should be not naive. We should take a look at the way
that we have agglomerated technology, who has access to it, how
we in effect have our companies understand that one of the
things they've got do is take certain of their computers off of
the internet. We need to take a look at our policies with the
Patent Office with all of the new technologies there. In other
words, we must assume as a policy that not only China, but
Germany and Brazil and other countries are out to steal to our
technology. It's our responsibility to not make it easy as we
do now.
Mr. Carnahan. And before I get to the next witness, to the
extent that China is becoming a target increasingly of
intellectual property----
Mr. Choate. Yes.
Mr. Carnahan [continuing]. Is that going to get them to the
table on these issues?
Mr. Choate. Not really, I don't think so.
One of the things that is happening with the Chinese, they
have made in their last 5-year plan a major effort to do
patenting in China. Probably the largest set of patenting in
the world now is done inside China. So their conscious about
the need to create legal rights and at the same time they're
conscious about securing their own technology. So I do not
think that we're really going to wind up with any real
cooperations. I think we must proceed on that basis.
Mr. Carnahan. Thank you. I am going to try to get everybody
in if we can after this bell went off.
Mr. Fisher?
Mr. Fisher. Thank you, Mr. Chairman.
I do not see that the Chinese Government today shares any
interest in partnering with the United States in an effective
way, at least as we would view it. The cyber warfare effort
along with the range of miliary modernization efforts that we
have seen underway all date back to the 1989 Tiananmen
uprising. That scared the bejesus out of the Chinese Communist
leadership. And all that they have done since then in the
military strategic sphere has been devoted to protecting their
dictatorship, their control, their position of power to include
this aggressive campaign of cyber warfare.
They are not going to be interested in talking to us until
they have reached a level of power for which they are
comfortable. And I am not sure that their concepts of
partnering will include any kind of concept of equality that we
have, that we will share interests and then move forward. Once
they gain a position of superiority, they are going to want to
start dictating and changing the rules, rewriting rules.
Mr. Carnahan. Let me move on to Mr. Timperlake.
Mr. Timperlake. Yes, sir. Thank you for the question.
I think you have to approach it from two perspectives. The
first is they are very good at denial and deception, which is
their charm offensive. They will stay engaged and do whatever
accrues to their advantage. No problem, no debate on that. What
they will do, though, is take it to their advantage first and
foremost through their 16 character policy. Where I think you
can actually find their true intentions is if you read their
War College literature. Surprisingly, or not surprising, the
Chinese will tell you, the PLA, what their intentions are. In
fact, they are quite proud of what they are doing.
So the engagement policy always has to go in with that huge
caveat that they are very, very good, as you saw, taking an
aircraft carrier and calling it a casino, and then converting
it into a ship of war. So when you engage at that level be
careful.
Mr. Carnahan. Mr. Segal?
Mr. Segal. I do not fundamentally disagree with most of the
bad news that the panelists have given you, but I will try to
give a glimmer of hope here.
On one hand, I think there are some parts of the Chinese
bureaucracy that are beginning to think about how they defend
themselves from these vulnerabilities. We see a track now that
is going on with some members of the Ministry of State Security
and MIIT that are participating on these discussions.
At the U.N. the Chinese have unwillingly gone along with
the Russians for discussions about cyberspace arms control
agreements.
And in my own dealings with members of the Ministries, they
are beginning to practice certain arguments, rule them out
about how they want to engage in cyberspace.
I think it is very early. I am not expecting any progress
on those fronts, but I think within the Chinese bureaucracy
there is some thinking about it. But I do not widely disagree
with the generally negative that the panel has given.
Mr. Carnahan. Great. Thanks to all of you.
Thank you, Mr. Chairman., Yield back.
Mr. Rohrabacher. Thank you.
How many minutes do we have? We have 10 more minutes to get
to the vote, and I think what I am going to do is get my
questions now and seeing that our other members are not here,
that will be the end of the hearing. So, we do have 10 minutes.
So if you would like to any moment, because we are
restricted here, you can jump in and ask a follow-up question
as well, Mr. Carnahan.
What about joint ventures with Chinese companies? We have
aerospace industry and others who are pushing in that area. Is
this going to work for us or against us? And be succinct and we
will go on down?
Mr. Choate. Basically what we are doing is giving away our
technology.
Mr. Rohrabacher. And so the things that we have developed
and spent billions of dollars developing will then be
eventually used competitively against us?
Mr. Choate. Yes.
Mr. Rohrabacher. Mr. Fisher?
Mr. Fisher. Absolutely, I agree with Pat on this.
We are helping the Chinese to build competitors to Boeing
and Airbus, and that advantage will be much narrower by the end
of this decade. And the Chinese are taking all of this
technology and applying it to military programs that will be
largely aimed at us as well.
Mr. Rohrabacher. This policy has destroyed several
manufacturing industries in the United States already. And for
us to put at risk the aerospace industry with this type of
involvement, would the Chinese who are clearly our adversaries,
certainly more than just our competitors but our adversaries
and perhaps our enemies? Mr. Timperlake?
Mr. Timperlake. Yes, sir, I think you are exactly right. In
fact, one dimension of the role out of the J-20 that catches my
interest is they are notorious proliferators. So in addition to
perfecting a fifth generation aircraft, you can expect them to
try and sell a fifth generation aircraft. And that will intrude
on the international aircraft market to their benefit. So they
steal stuff, they build something and they proliferate it and
they do it for money, or they will buy their way in. And they
are very good at that.
Mr. Rohrabacher. Mr. Segal?
Mr. Segal. Clearly in aerospace and avionics the joint
ventures are probably not going to be good for U.S. national or
economic security interests. But I think in a range of other
economic sectors companies have moved away from the joint
venture model because of the technology transfer reason. They
have moved to wholly foreign-owned ventures and not wanting to
partner for this technology transfer reason. And they
themselves have become gradually over time more sophisticated
in breaking up technology into specific components and making
sure that the most advanced components do not go into China.
But I think for national security reasons there are certain
sectors that do.
Mr. Rohrabacher. Of course, it is not necessarily what goes
into China physically, but----
Mr. Segal. Yes.
Mr. Rohrabacher [continuing]. Perhaps what the Chinese can
hack into and bring the plans over.
Mr. Fisher, you had something you wanted to add?
Mr. Fisher. ...is important as well, because in my opinion,
at least what some Chinese sources have told me, they have
their own F-35 program as well. A lower cost fighter, fifth
generation fighter that, as Mr. Timperlake mentioned, will be
on the market probably within the decade.
Mr. Rohrabacher. And is that based on our research and
development, Mr. Timperlake?
Mr. Timperlake. It is an important point. What I found in
my research is that the Chinese acquisition system which we
still are trying to figure out, we have trouble with our own of
course, is develop, develop, steal, develop, steal, buy,
develop; whatever. But what happens is they go dark for a
period 5 to 7 years so they can surprise you.
And if they laid out the J-20 as more a surprise then
anything, what is next, and what is next is cascading in from
the great spy cases of the '90s and those cyber intrusion to
this day. So, there are surprises still coming in their
perfection of technology.
Mr. Rohrabacher. We have a major economic challenge before
us. And I would suggest that from the testimony we hear today a
considerable amount of that challenge can be traced to the fact
that we now have permitted in wealth in the form of research
and technology development to be stolen or just transferred to
a competitor.
Yes, Pat?
Mr. Choate. The problem really extends across our advanced
technology trades. Department of Commerce does an analysis. We
are running an $80-billion-a-year deficit in advanced
technology trade. The largest part of that deficit is now with
China.
I think that what we have to be leery about is that the
Chinese on certain technologies, once they gain control of
those, they will use that as they have their control of 90
percent of the world's rare earths as strategic leverage,
foreign policy leverage. Our risk is that we become totally
dependent upon China or the countries immediately around China,
in the China sphere those ten countries for certain of our most
vital technologies. And we are well on the way of having such a
dependency.
Mr. Rohrabacher. Well, let me just note that we are going
to break in a few minutes. So, I am sorry, I apologize for that
but this is the way it has worked out today.
We face many challenges as a free people. One is how are we
going to be prosperous and our people are going to have a
decent standard of living. And number 2, of course, and which
is probably the number one concern, is how are we going to make
sure that we are safe from threats to our security and the
safety of our people. And in both of these goals that should be
primary goals of the Federal Government, the transfer of
technology and the cyber theft of American technology is
putting our ability to have a prosperous and have a safe
American, it is putting that at risk. This is an issue that I
am pretty happy this is one of the first things we covered in
this subcommittee. We will be coming back to that and probably
asking you gentlemen to return in a few months. But we have
broken the ground here. And we want to make sure that we have a
national debate on where we draw the line.
I would say the American people would be outraged to
understand that tens of billions of dollars that have been
taken from them in order for research and development in our
country has ended up in the hands of an economic and military
adversary like Communist China, which is also one of the
world's worst human rights abusers.
So, if we are going to preserve the peace and we are going
to have prosperity in America, we have got to come to grips
with this challenge.
I have got to come to grips because I have got 3\1/2\
minutes left to vote.
I would like to thank you all for testifying.
This hearing is adjourned.
[Whereupon, at 1:01 p.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Material Submitted for the Hearing Record Notice
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Minutes
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
�