[House Hearing, 112 Congress] [From the U.S. Government Publishing Office] COMMUNIST CHINESE CYBER-ATTACKS, CYBER-ESPIONAGE AND THEFT OF AMERICAN TECHNOLOGY ======================================================================= HEARING BEFORE THE SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS OF THE COMMITTEE ON FOREIGN AFFAIRS HOUSE OF REPRESENTATIVES ONE HUNDRED TWELFTH CONGRESS FIRST SESSION __________ APRIL 15, 2011 __________ Serial No. 112-14 __________ Printed for the use of the Committee on Foreign Affairs Available via the World Wide Web: http://www.foreignaffairs.house.gov/ ---------- U.S. GOVERNMENT PRINTING OFFICE 65-800 PDF WASHINGTON : 2011 For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 COMMITTEE ON FOREIGN AFFAIRS ILEANA ROS-LEHTINEN, Florida, Chairman CHRISTOPHER H. SMITH, New Jersey HOWARD L. BERMAN, California DAN BURTON, Indiana GARY L. ACKERMAN, New York ELTON GALLEGLY, California ENI F.H. FALEOMAVAEGA, American DANA ROHRABACHER, California Samoa DONALD A. MANZULLO, Illinois DONALD M. PAYNE, New Jersey EDWARD R. ROYCE, California BRAD SHERMAN, California STEVE CHABOT, Ohio ELIOT L. ENGEL, New York RON PAUL, Texas GREGORY W. MEEKS, New York MIKE PENCE, Indiana RUSS CARNAHAN, Missouri JOE WILSON, South Carolina ALBIO SIRES, New Jersey CONNIE MACK, Florida GERALD E. CONNOLLY, Virginia JEFF FORTENBERRY, Nebraska THEODORE E. DEUTCH, Florida MICHAEL T. McCAUL, Texas DENNIS CARDOZA, California TED POE, Texas BEN CHANDLER, Kentucky GUS M. BILIRAKIS, Florida BRIAN HIGGINS, New York JEAN SCHMIDT, Ohio ALLYSON SCHWARTZ, Pennsylvania BILL JOHNSON, Ohio CHRISTOPHER S. MURPHY, Connecticut DAVID RIVERA, Florida FREDERICA WILSON, Florida MIKE KELLY, Pennsylvania KAREN BASS, California TIM GRIFFIN, Arkansas WILLIAM KEATING, Massachusetts TOM MARINO, Pennsylvania DAVID CICILLINE, Rhode Island JEFF DUNCAN, South Carolina ANN MARIE BUERKLE, New York RENEE ELLMERS, North Carolina VACANT Yleem D.S. Poblete, Staff Director Richard J. Kessler, Democratic Staff Director ------ Subcommittee on Oversight and Investigations DANA ROHRABACHER, California, Chairman MIKE KELLY, Pennsylvania RUSS CARNAHAN, Missouri RON PAUL, Texas DAVID CICILLINE, Rhode Island TED POE, Texas KAREN BASS, California DAVID RIVERA, Florida C O N T E N T S ---------- Page WITNESSES Pat Choate, Ph.D., director, Manufacturing Policy Project........ 5 Mr. Richard Fisher, senior fellow, Asian Military Affairs, International Assessment and Strategy Center................... 11 The Honorable Edward Timperlake (former Director, Technology Assessment, International Technology Security, Office of the Secretary of Defense, U.S. Department of Defense).............. 25 Adam Segal, Ph.D., senior fellow, Council on Foreign Relations... 35 LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING Pat Choate, Ph.D.: Prepared statement............................ 7 Mr. Richard Fisher: Prepared statement........................... 13 The Honorable Edward Timperlake: Prepared statement.............. 27 Adam Segal, Ph.D.: Prepared statement............................ 37 APPENDIX Hearing notice................................................... 50 Hearing minutes.................................................. 51 COMMUNIST CHINESE CYBER-ATTACKS, CYBER-ESPIONAGE AND THEFT OF AMERICAN TECHNOLOGY ---------- FRIDAY, APRIL 15, 2011 House of Representatives, Subcommittee on Oversight and Investigations, Committee on Foreign Affairs, Washington, DC. The committee met, pursuant to notice, at 12 o'clock p.m., in room 2172 Rayburn House Office Building, Hon. Dana Rohrabacher (chairman of the subcommittee) presiding. Mr. Rohrabacher. I call to order the Subcommittee on Oversight and Investigations of the House Foreign Affairs Committee. I would like to thank all of you for joining us today. And today we are examining the Communist Chinese cyber-attacks, espionage and theft of American technology. We will proceed with our opening statements and then introduce the witnesses. And, hopefully, there will be a vote coming up I am afraid, but let us hope we get through the testimony of the witnesses and then we will go and vote and come back and ask the questions. So, starting off with a Reuters news story this morning reveals that secret U.S. State Department cables trace computer system attacks colorfully code named the Byzantine Hades by U.S. investigators. They have traced these to the Chinese military itself. An April 2009 cable even pinpoints the attacks to a specific unit of the Chinese People's Liberation Army. According to U.S. investigators China has stolen terabytes of sensitive data from password for State Department computers to designs for multi-billion dollar weapon systems. The United States is under attack. Cyber-attack and cyber-espionage traced backed to China have been dramatically increasing every year. What kind of damage is being done? How is our national security being compromised? Well shielding our digital infrastructure from attacks, and protecting the intellectual property and classified information is strategically important to our national security. But how do that and what else needs to be done in terms of protecting this? The Communist Chinese Government has defined us as the enemy. It is buying, building and stealing whatever it takes to contain and destroy us. Again, the Chinese Government has defined us as the enemy. Chinese cyber-attacks on U.S. assets now number in the thousands every year. The 2009 report on ``China's Military Power'' published by the Office of the Secretary of Defense notes that, ``numerous computer systems around the world, including those owned by the United States Government, continued to be a target of intrusion that appears to have originated within the PRC,'' end of quote. One of the high value targets that Chinese cyber warriors have repeatedly attacked is the F-35 Joint Strike Fighter program which is the centerpiece of future American air power capabilities. The heavy use of outsourcing of computer and consumer electronic production to China, not only by American but also by Japanese, Taiwanese, German, and South Korean firms, has helped create a Chinese cyber threat that now compromises the security of the Western world. Beijing has been given technology and a manufacturing base, making Western networks vulnerable to escalating Chinese capabilities. The Office of the Secretary of Defense in their 2010 annual report to Congress, which was the ``Military and Security Developments Involving the People's Republic of China'' outlined this challenge. And I quote, ``The PRC utilizes a large well-organized network of enterprises, defense factories and affiliated research institutes and computer network operations to facilitate the collection of sensitive information and export-controlled technology.'' The Chinese often use, and here it is, the term ``patriotic hacker'' as a cover for their activities, as well as of course corporate spies. But in that dictatorship the line between state and private efforts is blurred intentionally to give Beijing plausible deniability. Chinese thinking is based on slogans such as ``Give Priority to Military Products,'' and ``Combine the Military with the Civil.'' Thus, economic and commercial spying and theft are most frequently connected with tech-heavy industries deemed to be strategic to the regime. This includes computer software and hardware, biotechnology, aerospace, telecommunications, transportation, engine technology, automobiles, machine tools, energy, materials and coating. A new study by the RAND Corporation, which it was ``Ready for Takeoff: China's Advancing Aerospace Industry,'' that report found, and I quote, ``China's aerospace industry has advanced at an impressive rate over the past decade, partly due to the increasing participation of its aerospace industry in the global commercial aerospace market and the supply chains of the world's leading aerospace firms . . . China's growing civilian aerospace capabilities are unquestionably contributing to the development of its military aerospace capabilities.'' Combine these commercial transfers with the espionage committed against American military programs like the F-35, and no one should be surprised by the roll out of the new J-20 ``stealth'' Chinese airplane last January. It was years ahead of what all the experts predicted that China was able to do on its own. It is what happens during ``peace time'' that determines the balance of power and governs the outcome when that peace breaks down. National security must be a constant concern. Battleships and mass armies were left behind by aircraft carriers and rockets. Now we must understand that today's threat emanating from cyberspace and technology transfers as well as from traditional practices of espionage. Today we have before us four experts on the connection of technology transfers and national power in a competitive world. Mr. Pat Choate is currently the director of the Manufacturing Policy Project, a private, nonprofit institution. Mr. Choate has written widely and several books, including ``Agents of Influence'' and the ``The High Flex Society,'' which document the decline in America's competitiveness and the influence of foreign powers right here in Washington, DC. Mr. Richard Fisher is a senior fellow with the International Assessment and Strategy Center. He is an active writer and a scholar on China having worked for the Jamestown Foundation, the Center for Security Policy, and The Heritage Foundation. He is the author of ``China's Military Modernization, Building for Regional and Global Reach,'' and has been published in numerous newspapers and professional journals. Mr. Edward Timperlake served as Director of Technology Assessment, International Technology Security for the Department of Defense from 2003 to 2009. He identified and protected the Defense Department from espionage, that was his job and we're anxious to hear more about that. He also served as the Department of Defense's representative to the National Counterintelligence Executive Committee. Before that he graduated from the Naval Academy and served as a Marine fighter pilot, as my dad did for 23 years. And co-authored the book, ``Showdown: Why China Wants War with the United States.'' And finally, we have Mr. Adam Segal, a senior fellow with the Council on Foreign Relations and an expert on security issues and China policy. He has recently written a book entitled, ``Advantage: How American Innovation Can Overcome he Asian Challenge.'' He has taught Vassar College and Columbia University. He holds a Ph.D. from Cornell. I want to thank all my witnesses, or our witnesses for being here today. And now we'll have opening remarks from our members, and then we will proceed with your testimony. Mr. Carnahan. Mr. Carnahan. Thank you, Mr. Chairman for holding this hearing. And I want to compliment on the interesting and timely subjects that you have brought to this subcommittee. And we look forward to continuing this work together. As the U.S. economy continues to recover, we must do everything we can to create jobs here at home and support domestic manufacturing. As of 2010, China was the world's third largest buyer of products from my home state of Missouri ranging from machinery, pharmacueticals, agriculture products. We experienced a 43- percent growth in exports from Missouri to China. Nearly $1 billion sales last year alone. Missouri made products exported to China that are creating jobs here at home in the midwest and beyond. With nearly 20 percent of the world's population, the Chinese market represents an opportunity for American business to create job here at home by making American products at home and exporting them to China, but here's the ``but.'' This growth, while it is an opportunity, it cannot and will not reach its full potential so long as American companies remain at risk. Given the long running efforts to illicitly acquire technology from Western companies, and a lack of protection of intellectual property rights there is a significant limitation to the export growth potential of U.S. corporations. While it is in our economic and security interest clearly to counter any and all of these issues, it is also in China's best interest to come to the table and address them in a serious way. China itself is increasingly susceptible to hacking and cyber crime and theft of intellectual property by others around the world, especially given that its technology is not as superior as ours. It is in the best interest of both countries to diplomatically address these issues and encourage Chinese officials to come to the table to do just that: Address these issues in a serious way. I look forward to hearing from our witnesses today. And I yield back, Mr. Chairman. Mr. Rohrabacher. Thank you very much. And we have with us, I am going to see if I am pronouncing right, David Cicilline? Mr. Cicilline. Yes. Mr. Rohrabacher. And you're from Rhode Island. And we would recognize you for an opening statement. Mr. Cicilline. Just thank you, Mr. Chairman. I just would like to welcome the witnesses and thank the chairman for scheduling this hearing. This issue of how do we support American manufacturers and deal with the very real issue of the theft in intellectual property is of great interest to me and to my constituents, and to our country. And I am particularly also interested in hearing the witnesses' testimony on what we might do to further enhance cyber security. So, I welcome you and thank you for being here today. Mr. Rohrabacher. Thank you very much. Welcome to the subcommittee. Mr. Choate? Mr. Choate. Mr. Chairman, members---- Mr. Rohrabacher. I am sorry. I was trying to figure out how to pronounce his name so much that I did not even see him there. And another one of our new members, Ms. Bass. No, if you have an opening statement, please feel free. Ms. Bass. Thank you for holding this hearing. And I am also very interested in the testimony that you have to say, and a particular interest, I mean in addition to the cyber-attacks, is the whole idea of the problem in China with piracy. I know that is not the topic today, but hopefully in a future hearing we will be addressing that. Mr. Rohrabacher. Thank you very much. You have a very easy name to pronounce. All my life with a name Rohrabacher I have got to pay attention to pronunciations. Mr. Choate, go right ahead. STATEMENT OF PAT CHOATE, PH.D., DIRECTOR, MANUFACTURING POLICY PROJECT Mr. Choate. Thank you, Mr. Chairman, members of the committee. Let me focus my comments on how the United States actually facilitates such cyber-espionage and talk about things that we can do here at home in dealing with it. Chinese cyber-attacks, of course, are massive, there have been numerous studies that have identified these attacks. We know that all of our major agencies, corporations, banks, research and other entities are subject to these attacks. The greatest concentration of technology, of new technologies, advanced technologies in the world is at the U.S. Patent Office. What we haveis deg.each year is 500,000-plus applications from around the world, about half of those applications are foreign-based but half are from the United States, seeking a patent. And at the Patent Office what we have is a situation in which we have probably the oldest computers in the Federal Government are found at the Patent Office. There have been a number of comments on that by Mr. David Kappos, who is the Director of the US PTO. Another basic principle that we can assume: Anything that is on the internet can be hacked into, whether it is our IPhone or whether it is our personal computer, or our IPod that is connected. So, we have to assume that the Patent Office is regularly hacked into and the best information is taken from the Patent Office. I do not think that has received the attention that it merits. The second thing that happens in talking to computer security experts, and I have done this for a couple of books, is the first thing that a foreign intruder seeks is to identify the sources of this technology. If you go into the Patent Office, or if you just simply take the published Patent applications, you can narrow down the fields to those companies that are doing the most advanced research, large and small. Then once those companies are identified, the Chinese are particularly effective at doing a barrage of attacks upon the computer systems of those companies in an attempt to put in Trojan spyware that will enable them at the schedule of the intruder to produce the information of the company itself and literally on an hourly or daily basis, they know exactly what is going on with the technology or research there. The issue is one of how do we improve the security of information in that process. A second issue that I mention in my testimony relates to the entire question of the security of economic technology. We have both national and economic security needs in this country. We have laws on the books that deal with the national security, the military technology. We have laws that require the imposition of secrecy orders. We have no such laws on economic technology. And increasingly what has happened over the years is we have dual technologies that are used for both purposes. In the back of my testimony I have a table that I would direct your attention to on the number of secrecy orders that have been given. It's the fifth column over. And what we see in during the Cold War era we would have hundreds of items each year that would be put under a secrecy order. A patent would be given, but the secrecy would not be allowed. That rate has declined by about 90 percent in recent years. Last year there were 86 secrecy orders issued at the Patent Office. Of those, about 60 were from the National Labs and dealt with atomic issues. There were about 26 John Doe secrecy orders imposed. Now here's the problem. We have the Department of Commerce, the Department of Defense, Department of State, Homeland Security imposing export controls on certain technologies because we do not want people who might be hostile to us to have that technology. At the same time, we are putting up through the Patent Office on the internet the patent applications and the full patent itself which includes the best mode for the best way to make it. So simultaneously we are losing billions of dollars of sales and we have absolutely no security benefit from that. So, I think this is a very rich area of study of how do we take our national security and recognize the dual use technologies? How do we make sure that we have an improved security inside the Patent Office on this publication of materials? Thank you, and I look forward to your questions later. [The prepared statement of Mr. Choate follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Rohrabacher. Thank you very much, Mr. Choate. And appreciate you keeping it within 5 minutes, and we will have a longer session to ask questions and answers after that. Mr. Fisher? STATEMENT OF MR. RICHARD FISHER, SENIOR FELLOW, ASIAN MILITARY AFFAIRS, INTERNATIONAL ASSESSMENT AND STRATEGY CENTER Mr. Fisher. Chairman Rohrabacher, I would like to begin by thanking you for your consistent leadership in helping to alert this nation to the threat from China's Communist Party. And Chairman Carnahan and other members, I would like to extend my thanks to you for holding this hearing today. Both the internet and the dual use technologies that I will cover in my remarks have helped to propel a far more globalized world economy which has produced myriad benefits, has many defenders, but I would also submit, Mr. Chairman, that it is time for the United States to devise new defenses against those who are exploiting these benefits and harming of the security of the United States. In my testimony one of the major points that I make is to highlight the cost of China's cyber warfare against this country. I have provided some figures in a PowerPoint slide and that looks at, at least, open source estimates of annual expenditures. And last year I found an estimate that describes the cost of just cyber-espionage alone as mounting to almost $200 billion a year. This is comparable to what the United States is spending to defend ourselves or what is the cost of the impact of the war against in this hemisphere. Admiral Winnefeld just 3 days ago provided the figure of $181 billion as he impact on this country of the war on drugs. So with that level of importance, that level of comparison, I think a far greater degree of public focus needs to be placed on this challenge of Chinese cyber warfare. In my testimony I describe some points about the order of battle that PLA has put together, how cyber warriors or drawn from the criminal sector, from the computer industry. You mentioned the Reuters story today that described a U.S. Embassy cable that has traced attacks back to a specific unit in Chengdu. The Chinese have a cyber army that is fully integrated into their order of battle. What we need to do to defend ourselves is another long and complex subject, but at minimum we need to consider how we can raise this issue in importance in terms of the information that we share with American citizens. Every year at the Pentagon, because of the Congress, has to print a report about PLA modernization, Chinese military modernization. I believe that we need a similar report that highlights China's cyber war against the United States and all other democracies. Now I'd like to move on to looking at how American dual use technologies are being used by China increasingly for military purposes. I have written on this at some length in the past, and I put together just a few PowerPoint slides that provide some examples. Early in the last decade two Chinese companies basically stole the AM General Humvee and put it into production. One company, the Dong Feng Motor Company is now producing this vehicle for the People's Liberation Army and the People's Armed Police. It's not something that AM General would talk to me about until just a few years ago. And it apparently is something that happens with the approval of the Commerce Department. And it does not appear that there is anyone who is aware or taking any action to address an American-designed vehicle being used by the Chinese military. Another example that I discovered at a Chinese air show in 2004 was that two Boeing 737s have essentially been dragooned into the People's Liberation Army Air Force. My sources in another country explained to me soon after that these airplanes were being used in China's Cruise missile development program. There are now 400, 500, 600 Cruise missiles appointed at Taiwan, and this aircraft helped to develop them. Here we see at the far left the 737s and Chinese electronic warfare and electronic technology development unit. Here we have another problem, and that is how China has integrated the airliners and the cargo liners that we have sold them into a civilian reserve force that is now helping to transport PLA troops and forces, and equipment. This is an exercise that took place in 2008, a U.S. built Boeing 747, a McDonnell Douglas DC-10 and we see Humvees being arrayed as part of the forces being transported. This is an exercise that took place last year. China Southern Airlines just acquired this Boeing 777F and promptly went into a mobility exercise. Finally, there is the problem of how to control academic research, especially when it has a military use. I included in my testimony an explanation of the case of a certain professor who was allowed or invited to be a visiting fellow with a NASA Laboratory in the late 1980s. She then returned to China with her information and became a leading expert for China in the development of composite ceramic matrix materials which are used to shield spacecraft. And she is now involved in China's effort to build military spacecraft and military hypersonic products. I do not think that there is enough of an awareness or a willingness on the part of those who should be defending our technology, and that would be my final point, sir. Thank you very much. [The prepared statement of Mr. Fisher follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Rohrabacher. Thank you very much, Mr. Fisher. We will get back to you during the questions and answer. But it appears that we are spending a lot of money on research and development here and maybe the benefit is going overseas. But we will let our next witnesses comment on that as well. Mr. Timperlake? STATEMENT OF THE HONORABLE EDWARD TIMPERLAKE (FORMER DIRECTOR, TECHNOLOGY ASSESSMENT, INTERNATIONAL TECHNOLOGY SECURITY, OFFICE OF THE SECRETARY OF DEFENSE, U.S. DEPARTMENT OF DEFENSE) Mr. Timperlake. Thank you very much, Mr. Chairman, distinguished members. I would like to submit my testimony for the record and summarize briefly. The 106th Congress of the First Session reported out a bipartisan document that is a tribute to the fact that the U.S. Congress in national security concerns come together as one, it was called the Cox Report. It was a report on the activities of the People's Republic of China. I linked it in my testimony. Anybody that reads that can go to the Congressional Web site or buy a copy on Amazon. Read it, look at today's headlines to check and see the lineage of what they went after and where it is today. I picked three quick examples. In the '90s, the People's Republic of China targeted ballistic missiles. Sure enough, they also proliferate, by the way. Boom goes the dynamite on January 11, 2007 they successfully kinetically killed one of their satellites. Some day that may be seen as the precursor to the opening round of a quasi-war in space. They went after high performance computers. I looked that up, and in 1999/2000 I think Saudi Arabia and Portugal were ahead of China, we had the top nine out of the ten, Japan was closing. And again on 20 October the BBC announced that China now has the top super computer in the world. So, they got that one. Stealth and composite technology, they went after that. Sure enough, as you mentioned, they rolled out the J-20 Annihilator and embarrassed everybody. Previous to that the Russians flew their F-22ski, the TF-50. Both of them were a test flight that caught several by surprise. Three Air Force officers did not see it that way, General Corely U.S. Air Force, Lieutenant General Deptula of the Air Force Head of Intelligence, and General Thomas McInerney. Unfortunately, the F-22 was stopped at 187 Raptors, and I think that was a strategic blunder which tell us we have to protect the F-35 at all cost because that is our ace in the hole coming in combat maneuvering in the future. Concurrently while the Chinese were spying, they did the ``Revolution in Military Affairs,'' they saw Andrew Marshall publish this great document in which Mr. Marshall, director of Net Assessment, said here was two evolutionary technologies: Precision-guided munitions and remote sensors, and information war. The Chinese military literature tells us in the late '90s they were giving doctorates in information war. The term ``cyber'' had not been in vogue at that time, so they really got off the dime very quickly on that. I would argue though, and we will discuss this, that the PRC actually has two cyber enemies. They have the free world for whatever they can get, and the other one is their own people. And they are very concerned about that, so that compounds their problem and is an area that we can exploit. There are two case studies I presented. The first one was the Varyag, the aircraft carrier, that's denial and deception. They sent a team over to buy it, it was a cold war relic. And they claimed that they were purchasing an aircraft carrier to be a casino Macau. They got though the Turkish Straits of the Bosphorus by that cover story. Sure enough, very recently Xinhua is on saying ``The huge warship on the verge of fitting out, is fulfilling 70 years of China's dreams for an aircraft carrier.'' I would say that basically they named it the Shi Lang after the Ming Dynasty admiral. I'd rather call it the Casino, because that's how they said hey were going to use it. The other case is they send bad things to bad people. Whenever the Chinese Government gets something, they have a 16 character policy which says: We get it, we filter it through the use and the need for the state. And in doing so it's a brilliant strategy. They then perfect it and balance it by proliferation. I went to Iraq, I looked at all the Chinese weaponry that were oil for food violations, and sure enough I listed them in my report. In addition, Huawei a Chinese firm was in pre-war Iraq, post-war Iraq. And I was looking at the CPA, I was engaged with that. I noticed on the Web site they were bragging that they had gotten into Iraq and basically that was prohibited. In my personal opinion Huawei is an ongoing criminal operation as much as anything. How are we doing and what are we doing about it? The Justice Department formed up a task force in 2007 to focus on this. They have done a magnificent job. I give a link to that. I even gave some of their press releases on spy cases they have busted, and they really are making these cases. Finally, the issue of cyber security; it's a black swan event, which is a great book. Basically, expect the unexpected, the highly improbable. And we formed up the U.S. Cyber Command. I want to give Mike Wynne a credit to his vision, the Billy Mitchell of our generation. He saw the need early with the U.S. Air Force Cyber Command that melded into the bigger cyber command picture. I really do believe that we as Americans have a challenge but we will, because of hearings like this, address that challenge. Thank you, sir. [The prepared statement of Mr. Timperlake follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Rohrabacher. Thank you very much for your testimony. And now Dr. Segal. STATEMENT OF ADAM SEGAL, PH.D., SENIOR FELLOW, COUNCIL ON FOREIGN RELATIONS Mr. Segal. Mr. chairman and members of the committee, thank you very much for asking me to testify on this very important subject. I would like to place cyber-espionage in a larger context, which is a push on the Chinese for extremely techno-nationalist technology policy driven toward reducing dependence on advanced countries for foreign technology, and particularly reducing dependence on the United States and Japan. That policy was enshrined in the 2006 Medium-to Long-Term Science and Technology Development Plan, introduced the idea of ``indigenous innovation,'' and it set the goal for China to become an innovated-oriented society by 2020 and among the world's scientific and technology leaders by 2050. The pursuit of these goals follows three tracks. The first track is industrial policy, which is basically a top-down, state-led focus on big science, but also includes the use of standards policy, the use of procurement and the failure to protect intellectual property rights, as well as forcing technology transfer between foreign companies that want access to the Chinese domestic market. The second strand is what you would call innovation strategy, and this is a much more market-oriented focus on creating technological entrepreneurship and new growth in the Chinese economy. And the third strand is cyber-espionage and traditional espionage. These three strands clearly are overlapped and intertwined, although plucking out the individual strands is difficult to do. In some cases it's very easy. We can see private companies as they grow larger begin to accept funding and support from the state. And also in the case of cyber-espionage as the ``Shadows in the Cloud'' report shows that there is a nexus between criminal and state hackers and the information that those hackers find sometimes shows up on the black market and other times it seems to work its way back to state institutions. The question for the United States, of course, is how do you respond to this? And I think the most important response is domestically: How do we defend our own networks? How do we move to risk management? Because I think most of this is in the end is going to be very difficult to protect, and so we have to think about what type of information we actually want to be digitalized and placed on networks. But also, how do we raise the cost for Chinese hackers, and that's probably going to involve some forms of active defense. But I think the larger issue as well is: What are U.S. companies saying about this problem? Because like with intellectual property rights theft, U.S. companies do not like to talk about when they have been hacked. We saw with the Google hack, Google said 30 other companies were attacked in this hacking, but then no other company publicly stated that, yes, this was a problem for us. And I think the reasons that they do not state it is because they are afraid of retribution from the Chinese Government. So the United States has to figure out how are you going to respond to that problem and get U.S. Government more involved. And then the third area, I think, is how do we shape this debate within China. Because we can see with the technology policy there is, in fact, people who question the wisdom of this--excuse me this technology policy, this top-down state strategy. They think that that is not going to be successful long-term and they are afraid that in fact China will fall further and further behind. That Chinese standards will only cut them off from the rest world. And as Chinese technology companies themselves become more global, they have a stake in a digital infrastructure that is more open and more global. So what the United States wants to do is to think about how we strengthen those individual units. I suspect, although I have no evidence, that those same factions, we can call them the innovation strategy factions, are also suspicious of a technology policy that is based on espionage. Copying is not going to create incentives for innovation. So those people are the ones that we want strengthen, those are the ones we want to convince that they have an interest in these global structures and these open infrastructures, and to convince them that China is increasingly becoming more vulnerable to cyber-attacks itself. This is not going to be easy. The techno-nationalist view is widespread in China. It is, in fact, held by the innovation strategy faction. They also want to reduce dependence on the West, but they at least are pushing in more open ways of doing it. So that I think it is important to engage the Chinese on that front, but the more important short-term is probably going to be defending ourselves and raising costs to Chinese hackers. I'll stop there. [The prepared statement of Mr. Segal follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Rohrabacher. Thank you very much. And Mr. Carnahan may not be able to join us after the next series of votes, so I think we will give you the courtesy of asking your questions now. Mr. Carnahan. Great. Thank you, Mr. Chairman. And thanks to all the panels here today. This has been a very good overview. I wanted to start with just an overall question to really any of the panelists that want to weigh in on this. President Obama had stated that ``our ability to partner is a prerequisite for progress on many of the most pressing global challenges.'' I wanted to get your assessment of the willingness of the Chinese to engaged with the U.S. in this manner regarding cyber threats and technology threats. And why do we not just start with Mr. Choate and work our way across? Mr. Choate. Well, I think we can anticipate--well I think I can start by looking at our own history. From 1790 to around 1838 the United States was under a very aggressive policy of technology acquisition under a manufacturing strategy put together by Alexander Hamilton. We literally stole everything that we could from any place in the world. And I think that China, and any other developing country, would feel an obligation to do almost the same thing. From our perspective I think we must assume that for years to come as long as our technology is superior, they have ever incentive in the world to go out and steal our technology. That gives a series of mandates on what we should do as a country. We should be not naive. We should take a look at the way that we have agglomerated technology, who has access to it, how we in effect have our companies understand that one of the things they've got do is take certain of their computers off of the internet. We need to take a look at our policies with the Patent Office with all of the new technologies there. In other words, we must assume as a policy that not only China, but Germany and Brazil and other countries are out to steal to our technology. It's our responsibility to not make it easy as we do now. Mr. Carnahan. And before I get to the next witness, to the extent that China is becoming a target increasingly of intellectual property---- Mr. Choate. Yes. Mr. Carnahan [continuing]. Is that going to get them to the table on these issues? Mr. Choate. Not really, I don't think so. One of the things that is happening with the Chinese, they have made in their last 5-year plan a major effort to do patenting in China. Probably the largest set of patenting in the world now is done inside China. So their conscious about the need to create legal rights and at the same time they're conscious about securing their own technology. So I do not think that we're really going to wind up with any real cooperations. I think we must proceed on that basis. Mr. Carnahan. Thank you. I am going to try to get everybody in if we can after this bell went off. Mr. Fisher? Mr. Fisher. Thank you, Mr. Chairman. I do not see that the Chinese Government today shares any interest in partnering with the United States in an effective way, at least as we would view it. The cyber warfare effort along with the range of miliary modernization efforts that we have seen underway all date back to the 1989 Tiananmen uprising. That scared the bejesus out of the Chinese Communist leadership. And all that they have done since then in the military strategic sphere has been devoted to protecting their dictatorship, their control, their position of power to include this aggressive campaign of cyber warfare. They are not going to be interested in talking to us until they have reached a level of power for which they are comfortable. And I am not sure that their concepts of partnering will include any kind of concept of equality that we have, that we will share interests and then move forward. Once they gain a position of superiority, they are going to want to start dictating and changing the rules, rewriting rules. Mr. Carnahan. Let me move on to Mr. Timperlake. Mr. Timperlake. Yes, sir. Thank you for the question. I think you have to approach it from two perspectives. The first is they are very good at denial and deception, which is their charm offensive. They will stay engaged and do whatever accrues to their advantage. No problem, no debate on that. What they will do, though, is take it to their advantage first and foremost through their 16 character policy. Where I think you can actually find their true intentions is if you read their War College literature. Surprisingly, or not surprising, the Chinese will tell you, the PLA, what their intentions are. In fact, they are quite proud of what they are doing. So the engagement policy always has to go in with that huge caveat that they are very, very good, as you saw, taking an aircraft carrier and calling it a casino, and then converting it into a ship of war. So when you engage at that level be careful. Mr. Carnahan. Mr. Segal? Mr. Segal. I do not fundamentally disagree with most of the bad news that the panelists have given you, but I will try to give a glimmer of hope here. On one hand, I think there are some parts of the Chinese bureaucracy that are beginning to think about how they defend themselves from these vulnerabilities. We see a track now that is going on with some members of the Ministry of State Security and MIIT that are participating on these discussions. At the U.N. the Chinese have unwillingly gone along with the Russians for discussions about cyberspace arms control agreements. And in my own dealings with members of the Ministries, they are beginning to practice certain arguments, rule them out about how they want to engage in cyberspace. I think it is very early. I am not expecting any progress on those fronts, but I think within the Chinese bureaucracy there is some thinking about it. But I do not widely disagree with the generally negative that the panel has given. Mr. Carnahan. Great. Thanks to all of you. Thank you, Mr. Chairman., Yield back. Mr. Rohrabacher. Thank you. How many minutes do we have? We have 10 more minutes to get to the vote, and I think what I am going to do is get my questions now and seeing that our other members are not here, that will be the end of the hearing. So, we do have 10 minutes. So if you would like to any moment, because we are restricted here, you can jump in and ask a follow-up question as well, Mr. Carnahan. What about joint ventures with Chinese companies? We have aerospace industry and others who are pushing in that area. Is this going to work for us or against us? And be succinct and we will go on down? Mr. Choate. Basically what we are doing is giving away our technology. Mr. Rohrabacher. And so the things that we have developed and spent billions of dollars developing will then be eventually used competitively against us? Mr. Choate. Yes. Mr. Rohrabacher. Mr. Fisher? Mr. Fisher. Absolutely, I agree with Pat on this. We are helping the Chinese to build competitors to Boeing and Airbus, and that advantage will be much narrower by the end of this decade. And the Chinese are taking all of this technology and applying it to military programs that will be largely aimed at us as well. Mr. Rohrabacher. This policy has destroyed several manufacturing industries in the United States already. And for us to put at risk the aerospace industry with this type of involvement, would the Chinese who are clearly our adversaries, certainly more than just our competitors but our adversaries and perhaps our enemies? Mr. Timperlake? Mr. Timperlake. Yes, sir, I think you are exactly right. In fact, one dimension of the role out of the J-20 that catches my interest is they are notorious proliferators. So in addition to perfecting a fifth generation aircraft, you can expect them to try and sell a fifth generation aircraft. And that will intrude on the international aircraft market to their benefit. So they steal stuff, they build something and they proliferate it and they do it for money, or they will buy their way in. And they are very good at that. Mr. Rohrabacher. Mr. Segal? Mr. Segal. Clearly in aerospace and avionics the joint ventures are probably not going to be good for U.S. national or economic security interests. But I think in a range of other economic sectors companies have moved away from the joint venture model because of the technology transfer reason. They have moved to wholly foreign-owned ventures and not wanting to partner for this technology transfer reason. And they themselves have become gradually over time more sophisticated in breaking up technology into specific components and making sure that the most advanced components do not go into China. But I think for national security reasons there are certain sectors that do. Mr. Rohrabacher. Of course, it is not necessarily what goes into China physically, but---- Mr. Segal. Yes. Mr. Rohrabacher [continuing]. Perhaps what the Chinese can hack into and bring the plans over. Mr. Fisher, you had something you wanted to add? Mr. Fisher. ...is important as well, because in my opinion, at least what some Chinese sources have told me, they have their own F-35 program as well. A lower cost fighter, fifth generation fighter that, as Mr. Timperlake mentioned, will be on the market probably within the decade. Mr. Rohrabacher. And is that based on our research and development, Mr. Timperlake? Mr. Timperlake. It is an important point. What I found in my research is that the Chinese acquisition system which we still are trying to figure out, we have trouble with our own of course, is develop, develop, steal, develop, steal, buy, develop; whatever. But what happens is they go dark for a period 5 to 7 years so they can surprise you. And if they laid out the J-20 as more a surprise then anything, what is next, and what is next is cascading in from the great spy cases of the '90s and those cyber intrusion to this day. So, there are surprises still coming in their perfection of technology. Mr. Rohrabacher. We have a major economic challenge before us. And I would suggest that from the testimony we hear today a considerable amount of that challenge can be traced to the fact that we now have permitted in wealth in the form of research and technology development to be stolen or just transferred to a competitor. Yes, Pat? Mr. Choate. The problem really extends across our advanced technology trades. Department of Commerce does an analysis. We are running an $80-billion-a-year deficit in advanced technology trade. The largest part of that deficit is now with China. I think that what we have to be leery about is that the Chinese on certain technologies, once they gain control of those, they will use that as they have their control of 90 percent of the world's rare earths as strategic leverage, foreign policy leverage. Our risk is that we become totally dependent upon China or the countries immediately around China, in the China sphere those ten countries for certain of our most vital technologies. And we are well on the way of having such a dependency. Mr. Rohrabacher. Well, let me just note that we are going to break in a few minutes. So, I am sorry, I apologize for that but this is the way it has worked out today. We face many challenges as a free people. One is how are we going to be prosperous and our people are going to have a decent standard of living. And number 2, of course, and which is probably the number one concern, is how are we going to make sure that we are safe from threats to our security and the safety of our people. And in both of these goals that should be primary goals of the Federal Government, the transfer of technology and the cyber theft of American technology is putting our ability to have a prosperous and have a safe American, it is putting that at risk. This is an issue that I am pretty happy this is one of the first things we covered in this subcommittee. We will be coming back to that and probably asking you gentlemen to return in a few months. But we have broken the ground here. And we want to make sure that we have a national debate on where we draw the line. I would say the American people would be outraged to understand that tens of billions of dollars that have been taken from them in order for research and development in our country has ended up in the hands of an economic and military adversary like Communist China, which is also one of the world's worst human rights abusers. So, if we are going to preserve the peace and we are going to have prosperity in America, we have got to come to grips with this challenge. I have got to come to grips because I have got 3\1/2\ minutes left to vote. I would like to thank you all for testifying. This hearing is adjourned. [Whereupon, at 1:01 p.m., the subcommittee was adjourned.] A P P E N D I X ---------- Material Submitted for the Hearing Record Notice [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Minutes [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]