The Senate Armed Services Committee's year-long probe, concluded
in March but made public on Wednesday, found the military's U.S.
Transportation Command, or Transcom, was aware of only two out of at
least 20 such cyber intrusions within a single year.
The investigation also found gaps in reporting requirements and a
lack of information sharing among U.S. government entities. That in
turn left the U.S. military largely unaware of computer compromises
of its contractors.
"These peacetime intrusions into the networks of key defense
contractors are more evidence of China's aggressive actions in
cyberspace," Democratic Senator Carl Levin of Michigan, the
committee's chairman, said in releasing the report.
Officials with the Chinese Embassy in Washington did not immediately
comment.
Cybersecurity expert Dmitri Alperovitch, chief technology officer
with the security firm Crowdstrike, said China had for years shown a
keen interest in th the logistical patterns of the U.S. military.
The investigation focused on the U.S. military's ability to
seamlessly tap civilian air, shipping and other transportation
assets for tasks including troop deployments and the timely arrival
of supplies from food to ammunition to fuel.
Those companies typically do not have the level of defense against
hackers as major weapons makers or the military itself.
"The military uses secret or top-secret networks that are not on the
Internet, but private companies do not," said Alperovitch. "That's a
real challenge."
The FBI said in a statement that it "continues to aggressively
investigate cyber intrusions emanating from state-sponsored actors
and other criminals.
"We remain committed to working with our interagency partners to
identify threats, protect the nation's infrastructure from potential
harm, and hold accountable those groups and individuals that pose a
threat in cyberspace," the statement added.
In a 12-month period beginning June 1, 2012, there were about 50
intrusions or other cyber events into the computer networks of
Transcom contractors, the 52-page report stated.
[to top of second column]
|
At least 20 of those were successful intrusions attributed to an
"advanced persistent threat," a term used to designate sophisticated
threats commonly associated with attacks against governments. All of
those intrusions were attributed to China.
Senator Jim Inhofe of Oklahoma, the committee's top Republican,
called for a "central clearinghouse" that makes it easy for
contractors to report suspicious cyber activity.
"We must ensure that cyber intrusions cannot disrupt our mission
readiness," Inhofe said.
The investigation found that a "Chinese military intrusion" into a
Transcom contractor between 2008 and 2010 "compromised emails,
documents, user passwords and computer code." In 2012, another
intrusion was made into multiple systems of a commercial ship
contracted by Transcom, the report said.
The Senate probe could further increase tensions between the two
world powers over cyber spying.
In May U.S. authorities charged five Chinese military officers,
accusing them of hacking into American nuclear, metal and solar
companies to steal trade secrets.
Last month, Community Health Systems <CYH.N>, one of the largest
U.S. hospital groups, said Chinese hackers had stolen Social
Security numbers and other personal data from some 4.5 million
patients.
(Reporting by Ros Krasny; Additional reporting by Jim Finkle in
Boston; Editing by Will Dunham, Chizu Nomiyama and Peter Cooney)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |