Hearing Transcript - U.S.-China Economic and Security Review ...

iDEVELOPMENTS IN CHINA’S CYBER ANDNUCLEAR CAPABILITIESHEARINGBEFORE THEU.S.-CHINA ECONOM I C AND SECURITYREVI EW COMMISS IONONE HUNDRED TWELFTH CONGRESSSECO ND SE SS IO NMARCH 26, 2012Printe d fo r use of t h eUnited States-Chi na Economic a nd Secur it y Review Commissio nAvailable via the World Wide We b: www.uscc.govUNIT ED ST ATES -C HI N A ECO NOMIC AND SE CURITY REVIEW COMMISS IO NWAS HI NGTON: 2012

iiU.S.-CHINA ECONOM I C AND SECURITY RE VI EW COMMISSI ONHon. DENNI S C. SHE A , ChairmanHon. WILLIAM A. RE I NSC H, Vi ce ChairmanCommissione rs:CAROLYN BARTHOLOMEWDANI EL A. BLUMENT H ALROBIN CLEVELANDHon. C. RICHARD D’AMATOJEFFREY L. FIEDLERHon. CARTE GOODWINDANI EL M. SLANEMICHAEL R. WESSELLARRY M. WORTZEL , Ph.D.MICHAEL R. DANI S, E xecutive DirectorThe Commission was created on October 30, 2000 by the Floyd D. Spence National Defense Authorization Actfor 2001 § 1238, Public Law No. 106-398, 114 STAT. 1654A-334 (2000) (codified at 22 U.S.C. § 7002 (2001), asamended by the Treasury and General Government Appropriations Act for 2002 § 645 (regarding employmentstatus of staff) & § 648 (regarding changing annual report due date from March to June), Public Law No. 107-67,115 STAT. 514 (Nov. 12, 2001); as amended by Division P of the “Consolidated Appropriations Resolution, 2003,”Pub L. No. 108-7 (Feb. 20, 2003) (regarding Commission name change, terms of Commissioners, andresponsibilities of the Commission); as amended by Public Law No. 109-108 (H.R. 2862) (Nov. 22, 2005)(regarding responsibilities of Commission and applicability of FACA); as amended by Division J of the“Consolidated Appropriations Act, 2008,” Public Law Nol. 110-161 (December 26, 2007) (regardingresponsibilities of the Commission, and changing the Annual Report due date from June to December).The Commission’s full charter is available at www.uscc.gov.

iiiApril 4, 2012The Honorable Daniel InouyePresident Pro Tempore of the Senate, Washington, D.C. 20510The Honorable John A. BoehnerSpeaker of the House of Representatives, Washington, D.C. 20515DEAR SENATOR INOUYE AND SPEAKER BOEHNER:We are pleased to notify you of the Commission’s March 26, 2012 public hearing on“Developments in China’s Cyber and Nuclear Capabilities.” The Floyd D. Spence National DefenseAuthorization Act (amended by Pub. L. No. 109-108, section 635(a)) provides the basis for this hearing.At the hearing, the Commissioners heard remarks from former Vice Chairman of the JointsChiefs of Staff Gen. James Cartwright (USMC, Ret.), now Harold Brown Chair of Defense Studies at theCenter for Strategic and International Studies, and testimony from three panels of expert witnesses.Richard Bejtlich of Mandiant, Nart Villeneuve of Trend Micro, and Jason Healey of the AtlanticCouncil discussed trends in Chinese computer network exploitation. Mr. Bejtlich and Mr. Villeneuvedescribed their research on persistent cyber espionage “campaigns” targeting businesses, governmententities, and nongovernmental organizations. Mr. Healey described a framework for holding nationasaccountable for malicious cyber activity emanating from their borders.Henry Sokolski of Nonproliferation Policy Education Center and Dr. Phillip A. Karber ofGeorgetown University discussed Chinese fissile material production and methods of concealingnuclear materials. They testified that China’s secrecy on nuclear matters has caused considerabledoubt about the size and nature of its nuclear stockpile.A panel on Chinese nuclear forces and strategies included Dr. Mark Schneider of the NationalInstitute of Public Policy and Dr. Phillip C. Saunders of the National Defense University, with MarkStokes of the Project 2049 Institute providing written testimony for the record. The witnessesdescribed the evolution of Chinese views on nuclear war fighting and the implications for the UnitedStates.Finally, Representative Frank Wolf presented remarks on the potential dangers of Chinesetelecommunications equipment.We note that prepared statements for the hearing, the hearing transcript, and supportingdocuments submitted by the witnesses will soon be available on the Commission’s website atwww.uscc.gov. Members and the staff of the Commission are available to provide more detailed

ivbriefings. We hope these materials will be helpful to the Congress as it continues its assessment ofU.S.-China relations and their impact on U.S. security.The Commission will examine these issues, along with other topics enumerated in its statutorymandate, in its 2012 Annual Report which will be submitted to Congress in November 2012. Shouldyou have any questions regarding this hearing or any other issue related to China, please do nothesitate to have your staff contact our Congressional Liaison, Jonathan Weston, at (202) 624-1487 orvia email at jweston@uscc.gov.Sincerely yours,Dennis C. SheaChairmanWilliam A. ReinschVice Chairman

This transcript has been amended based on clarifications submitted by Commissioners and witnesses.v

viCONTENTSMONDAY, MARCH 26, 2012DEVELOPMENTS IN CHINA’S CYBER ANDNUCLEAR CAPABILITIESOpening Statement of Commissioner Jeffrey L. Fiedler(Hearing Co-Chair)............................................ 1Prepared Statement............................................ 2Opening Statement of Gen. James Cartwright (USMC, Ret.)Senior Fellow, Center for Strategic andInternational Studies......................................... 3Questions and Answers .......................................... 9Panel I: CybersecurityIntroduction .................................................. 15Statement of Richard BejtlichChief Security Officer, Mandiant............................. 16Prepared Statement........................................... 19Statement of Nart VilleneuveSenior Threat Researcher, Trend Micro........................ 25Prepared Statement........................................... 28Statement of Jason HealeyDirector, Cyber Statecraft Initiative, Atlantic Council...... 39Prepared Statement........................................... 43Panel I: Questions and Answers ................................ 52Congressional PerspectiveStatement of Frank Wolf, a U.S. Representative fromthe State of Virginia........................................ 61Prepared Statement........................................... 71Panel I: Questions and Answers(continued) ..................... 80Panel II: Fissile Material Production and Nuclear Cooperation

viiIntroduction .................................................. 93Statement of Dr. Phillip A. KarberAdjunct Professor, Georgetown University..................... 94Statement of Henry SokolskiExecutive Director,Nonproliferation Policy Education Center..................... 97Prepared Statement.......................................... 101Panel II: Questions and Answers .............................. 111Panel III: Nuclear Forces and StrategyIntroduction ................................................. 131Statement of Dr. Mark SchneiderSenior Analyst, National Institute of Public Policy......... 132Prepared Statement.......................................... 135Statement of Dr. Phillip C. SaundersDirector, Center for Study of Chinese Military AffairsNational Defense University................................. 145Prepared Statement.......................................... 149Panel III: Questions and Answers ............................. 155Additional Material Submitted for the RecordStatement of Mark StokesExecutive Director, Project 2049 InstitutePrepared Statement.......................................... 167

1DEVELOPMENT S IN CHINA’S CYBER AND NUCLEAR CAPABILITIESMONDAY, M ARCH 26, 2012U.S.- CHINA ECONOMIC AND SECURITY REVIEW COMMISSIONWashingt on, D .C.The Commission met in the Hylton Performing Arts Center of the GeorgeMason University Prince William Campus, Manassas, VA at 9:30a.m., ChairmanDennis C. Shea, and Commission ers Jeffrey L. Fielder and Larry M. Wortzel(Hearing Co - Chairs), presid ing.OPENING STATEMENT OF COMMISSIONER JE FFREY L. FIEDLERHEARING CO-CHAIRHEARING CO -CHAIR FIED LER: Welcome, everyone. M y name is JeffFiedler, co - Chair of the U.S. - Chin a Econ omic and Security Review Commission'shearin g on "Developments in Chin a's Cyber and Nu clear Capabilit ies."We have some excellent witnesses join ing us today to providetestimon y about China's evolving strategic capabilities.Before we begin tod ay's panels, we're h onored to receive openingremarks from former Vice Ch airman of t he Joint Chief s of St aff and current HaroldBrown Chair in Defense Policy Studies at the Center for Strategic andInternat ional Studies. General James Cartwright. Welcome, General.General Cart wright really needs no introduction . However, I'd like tonote that this is his second appearan ce befo re the Commission. I thin k it 's f air tosay that his first testimony b ack in 2007, wh ile servin g as head of U.S. StrategicCommand, was an inflection point for t he Commission's work on cyber.Over these p ast f ive years, we've placed greater and great er emphasison cyber-related issues, a t rend we con tinue with today's h earin g. It's clear thatthe General's impact on the U.S. military was the same even as he divided h is t imeamong issues ranging from missile def ense to the war in Afghanistan.General, on beh alf of the Commission, I want to than k you for yourdistin guish ed service and you r participation here today. We look forward to yourremarks, and I don 't know if you can top your last statement when you werebefore us that cyberwar was a weapon of m ass destruct ion .Thank you, sir.

2PREPARED STATEMENT OF COMMISSIONER JEFFREY L. FIEDLERHEARING CO-CHAIRWelcome, everyone. I’m Commissioner Jeffery Fielder, co-Chair of the U.S.-China Economic andSecurity Review Commission’s hearing on “Developments in China’s Cyber and Nuclear Capabilities.”We have some excellent witnesses joining us today to provide testimony about China’s evolvingstrategic capabilities.Before we begin today’s panels, we’re honored to receive opening remarks from former ViceChairman of the Joint Chiefs of Staff, and current Harold Brown Chair in Defense Policy Studies at theCenter for Strategic and International Studies, General James Cartwright.General Cartwright needs no introduction. However, I’d like to note that this is his secondappearance before the Commission. I think it’s fair to say that his first testimony—back in 2007 whileserving as head of U.S. Strategic Command—was an inflection point for the Commission’s work oncyber. Over these past five years, we’ve placed greater and greater emphasis on cyber-related issues, atrend we continue with today’s hearing. It’s clear that the General’s impact on the U.S. military was thesame, even as he divided his time among issues ranging from missile defense to the war in Afghanistan.General, on behalf of the Commission, thank you for your distinguished service and for yourparticipation here today. We look forward to your remarks.

3OPENING STATEMENT OF GEN. JAMES CARTWRIGHT (USMC, Ret.)SENIOR FELLOW, CENTER FOR STRATEGIC ANDINTERNATIONAL TUDIESGENERAL CARTWRIGHT: I'll try to not b e so controversial t his timearound.COMMISSIONER BARTHOLOMEW: Oh, we like it .HEARING CO -CHAIR FIED LER: Please do.[Laughter.]GENERAL CARTWRIGHT: I would like to take just a f ew min utes onboth the cyb er issu e and the nuclear issue if that wou ld be okay.HEARING CO -CHAIR FIED LER: Please.HEARING CO -CHAIR WORTZEL: Th at would be great.GENERAL CARTWRIGHT: Ju st to give you some thou ghts on both ofthem. I thin k one of the thin gs that 's b ecoming evident, particu larly sin ce thelast time that I had a chan ce to t alk wit h the Commission, is that the concernsthat we h ave in cyb er with the Ch inese really do rise to the level of nationalsecu rit y issues, in particular, the poten tial threat and theft of intellectual capital,and that con stant and persistent threat , that wh ile it's very difficult in cyber t ohave a smoking gun, so to speak, the clear paths back into servers and othermechan ical devices inside of the Ch inese sovereign do main remain s a con stantproblem for us.And so I thin k one of the things that I'd like to highlight here is thatwe have to f ind a dialogue to address t hese issues, and my preferen ce, myrecommendat ion, my personal opinion , is that that does not need to b e a milit arydialogue. It really need s to be a whole government dialogue that is morecomprehensive than what wou ld occur in a mil -to-mil ch an nel althou gh having amil-to-mil d ialogue is prob ably not a bad thing.What we are watch ing and what we are con c erned ab out are thepotentials for several different vectors to be used in cyber to come into theUnited St ates. Whether it be for act s t o gain knowledge and intellectual capit al,whether it's in the industrial area, or in defense , it really d oesn't matte r. It isstill a national secu rity issue when you look at the intellect ual capital that isbeing exfiltrated ou t of the United Stat es.We worry about the potential of ou r eq uipment through the supplychain to h ave been tampered with, and that that equipm en t could potentially holdzero day exp loit s, t hings like that , whether they be on the IT side of the equat ionor wh ether they be in other domains in side of various companies.The second area that is prob ably very concern ing to u s is t he wiredarea. In other word s, the ab ilit y to come in and st art to query d irectories andwhatnot of f iles on computers whether those computers be inside of companies,

inside of education organ ization s, governmental organizations. All of those thingshave informat ion that wh en put together starts to build a story, starts t o give youa path and an understandin g of how people thin k about things and also about theintellectual propert ies that people have that might be of value.I thin k the third area wh ich is the most troubleso me for theDepartment of Defense is the wireless approach, and this is the abilit y to get intowhat peop le will think about tod ay as more thin gs like iPads and telephones andwhatnot , but really what you're saying here is that an y aperture that's out thereis a t arget .Those apertures can be on military systems, whether they be missilesor airp lanes or ship s or ground systems. Those apertures can obviously be inembassies and all over the country, an d so these kinds of accesses aretroublesome becau se at the end of the day, whether you're travelin g throughfiber or copper or t hrough the air, it's just a waveform on which there's generallysome sort of a veh icle, a tru ck, let's call it, that carries something that is asinnocuou s as, you know, where am I a n d what am I d oing and what 's theenvironment here and what the directories f iles look like, to goin g in side the gutsof an airb orne radar and looking at the buffer and overflowin g it or doing thingslike that, things that are systems that we count on day in and day out.The idea and the concern that thinking along those lines, imagin e anairliner, imagin e wh at you could do on the insid e of an airliner. An airliner tod ayis full of apertures. They bring on board phones, computing WiFi, et cet era.That's an open door into the system.Now, it doesn't necessarily need to be the nation st ate. It doesn'tnecessarily even need to be spon sored . But the opportunity there is significan t,and so thin kin g about those as forms of conflict . From the department'sstandpoint, we rely on those apertures. We are very interconnected . Ou rleverage is our ab ility to do work in environments and to coordinate bet ween t heactivit ies through command and control systems. Those systems are vulnerable.And it's not to say t hat any adversary wouldn't be thin kin g alongthose lines, but the work that we've seen from the Chinese would indicate thatthey are thin king along those lines, and that this is a threat that we're goin g tohave to understand and will persist .The last th ing I wan t to do in this is to demonize the Chinese. That'snot of anybod y's benefit and oftentimes becomes a self -fulfillin g prophecy, an d Iworry about that, b ut there has to b e a way to have dialogue. There has t o be amore robust dialogue.My prefer ence, my recommendat ion to the Commission, is thatdialogue shou ld not be through the military, as I said bef ore. That should be agovernmental activity, government to government. It has t o include the privat esector, but it should be done on a concept o f whole of government, not on a p ure4

defense const ruct, and so I really thin k that each of these avenues of approach --and there are others. Th ere's close proximity t ype ways with thumb drives andthings that p eople can get in and jump across air gap s, thi ngs like that .But this is a country that prides itself on limit ing access to thenetworks. So to say that they don 't have control is somewh at problematic for me.The second area here is that as you thin k about cyber, I mean this isan internat ional f or um. Okay. It st ill requires some bilateral work, but it need s tobe multilateral in the end to underst an d where we're goin g and how we're goingto do this, and you've got to thin k about it in a mu ltilateral format, and in thatdiscussion there are certain things, certain rights and certain respon sib ilit ies t hatcome with those rights.If you 're goin g to work in this environment, if you're going to use thisenvironment, it's a wonderful environ ment. It 's h ighly leveragin g. It has done somuch for our bus iness con cern s all over the world to give u s capabilit y andadvantage when we can get it and for u s to work in an international forum. Butwith that comes responsibilities. With those rights come responsibilities.From a military stan dpoint, we try to understand what 's anappropriate response to these t ypes of activit ies. Certainly when you st art, youwant to be working on the Article 3 sid e, the normal legal side, lookin g at thismore as a crime t yp e act ivit y, and as you do so, tryin g to u nderstand whatprecedents you set , how you get attrib ution, and how you then proceed to dowhatever needs to be done to first stop anythin g that's going on .If you h ave a server that's spewin g maliciou s code, to get t hatstopped and get it stopped in hours, not da ys and weeks. Then the next thin g isto try to understan d was this somethin g that the server, whoever own ed theserver, intention ally did ? Were they t he victim of a third - party, wh ether it besomebod y from the government or somebody, a private interest i n side in thatcountry, or was it somebody outside that country ju st usin g them as a vehicle toget into you ?I mean all of those are possib ilit ies. All of those need some sort of aformal approach to be able to deal with and to work you r way back throu gh theforensics of that kin d of activit y.But what you have t o deal with, and wh at we h ave t o deal with, Ithink, or what the milit ary has t o deal with is the immed iacy. So this is n ot unlikethe current laws that exist . Stop the t hreat.Now there's pl enty of ways to do that . Heretof ore, during my time inthe government for the last fou r or five years, the first thin g we did was go to theState Depart ment and say this server in this country is putting out badinformat ion. Go to that country and ask th em to stop in 48 hours. We're notjudgin g them. We're not judgin g whether they're the guilt y party. Ju st stop it.Now, we've never h ad a country refuse to do that that I'm aware of .5

But if they did, then you can in voke the right of self -defen se. The quest ion iswhat should that look like? My thou gh t process up until n ow has been that thatserver then without collateral damage around it is fair game to stop wherever it'slocated because you gave the country f air notice, stop it.That doesn 't mean yo u've eliminated t he threat. These things go allover the p lace, but it does mean that you have a venue b y which you can say t hatspecific server was cau sing me prob lems, we comp lained , n othing was done, st opit, and we have the tools to do that and to do that just to t hat server.Again , we've never had that problem. We've never had a nation stat eturn around and say no, we're not going to stop it . But it's that thought process.How are we going t o actually make that policy and legislat e that kindof activit y? You kn ow, wh at is the righ t of hot pursuit in t hese en viron ments? Isit one server? Is it two servers back? What's fair notice? What's declaratorypolicy look like? I t hink these are all things that we have t o start to get our mindaround, b ut it should not be unilateral.It shou ld be done in a collaborative fashion on an international basis,you know, first with our friends, and we have undert aken, t he government hasundertaken the work to go to the Five Eyes con stru ct in the intelligen cecommunity b ecause we have intellectual and classif ied exch ange activit ies therethat are sanct ioned , and we can move data back and forth. We can t alk aboutthings that we may not talk about in a more open en viron ment with the Five Eyes.If we could do tha t now with NATO, which best I can determine we'reon the path to do, t hat's almost 95 percent of the traffic on the wired side in theworld when you put the Five Eyes toget her with NATO. So I mean if we can cometo some common st andards on an internationa l b asis to talk about these issu esabout being attacked, describ ing those attacks, understanding what your standardrules of engagemen t would be on a military side, understan ding what declaratorypolicy and judicial p olicy wou ld look like in those environm ents, and what 'sappropriate and come to an agreement internation ally. Is it just to the f irstserver and stop it ? Is it to follow it back or do you wait an d do you go throughthe forensics throu gh a more formal n otice through the FBI, say, with thatcountry?Those are all thin gs that we're start ing to do informally but now needsome stru cture around them. I thin k p eople are starting t o understand this n ow,but the question is how do you put st ru cture in it, and how do you put st ructurein it in such a way b ecau se an y time you put structure to something, there's adown side to it. You're giving something up.And so that deb ate needs to be more p ublic, and it needs t o gobeyond our borders, but we h ave a part icular prob lem right now with the Chin ese,and it's more associated on the nation al securit y side, and I thin k that dialogu ehas got t o occur country -to- country. I've been a p art y to t wo session s with my6

counterparts to h ave this discussion, b ut quite fran kly, the Chinese military is notreally where you want to have this dialogue.You want to have this dialogue as a government -to-govern mentactivit y, not as a military -to-milit ary activit y. The mil -to-mil will come, and it 'simportant, but not as important as coming to an underst anding.I thin k those are kin d of the key issu es t hat I would h ighligh t, andthen I'm willing to f ollow you an yplace on question s.If I could just say a few word s on the n uclear side.HEARING CO -CHAIR FIED LER: Please.GENERAL CARTWRIGHT: Again, my worry, particularly, as we as agovernment start to disen gage, and be careful with that word, but start to moveout of Iraq and move out of Afghan istan, and start to reposition ou rselves in t heworld, whether we call it a p ivot or wh atever we want to call it , the realit y here iswe've always been in the Pacific. We're goin g back to the Pacif ic through theforces that we removed from that venue in order t o work in Afghanistan and Iraqto a large extent.But what sh ould that posture look like? What we clearly are doing istryin g to find a way to have a southern hub in the Pacific b ecau se we've alwayshad the northern hub. We're worried about the North Koreans. But the southernhub has been an area that we don't have the basin g rights. We moved out of ourtime in Taiwan . We'v e moved out of ou r basin g in the Ph ilippines. Now,permanent basin g in the South Pacific is a prob lem.For me, Aust ralia d oesn't count in that const ruct . It 's t oo far south.It's too far away. It is okay to u se as a t rainin g base and wh atnot, but it sh ou ldnot be con sidered an operation al activity.How are we going t o do that? Whether it's a lily pad const ruct wherewe kind of move from place to place as we're welcomed. As you watch thetension s rise in the Pacif ic, we gain more friends h ere, quit e f ran kly. We've gotto be careful about those friends, and we've got to be careful about demon izingChina as we do this.The intent here is n ot to enter into con flict . The intent is to havestability and ensu re the Strait s of Malacca and areas like that r emain open an dthat the con struct s that we h ave on an internation al side remain understood .So ext ended boundaries into the sea t o get min eral rights and energyrights, et cetera, are problematic for u s. Passage throu gh those areas is cut offand cost s comp anies large amounts of money to go around them. Those arethings we've got to worry about and that we should be con sidering ab out.So on the st rategic side, as you move f orward here, they aredevelop ing a nuclear cap ability. It is there. It is not somet hing they need toinvent, but the scale of it is the issue h ere, and we are in this mind -set right n owof a pure bilateral relation ship with the Russian s. They remain the potent arsenal7

out there. I understand that. But the realit y here is our trad e, our act ivities, ourrelationship s are so interdependent an d intert wined with t he Chinese that weneed to have this d ialogue.What worries me probably the most are the disconnects that tend tooccur bet ween their government and their milit ary. You can use the ASAT test.You can u se the stealth fighter flight while the Secretary was there. I mean an ynumber of things that point to a discon nect in command an d control bet ween t hecivilian leadership and the milit ary.They have a d ifferent concept than we do of how civil-milit ary comestogether, but at the end of the day, we need our sen ior leaders on the civilianside to be able to h ave a good relat ion ship, a tran sparent relationship . We n eedas a n ation to stop thinkin g bilaterally and now start to th ink mu ltilat eral wh enwe thin k about nuclear weapon s becau se the act ivities associated with Ch ina andhow mu ch it 's goin g to grow, as you watch Ru ssia and the United St ates start todraw their arsenals down, where do we want to end up in t his?What's the goal? What does it look like? Man y of our weap ons areassociated with f irst strike t ype activities or decap itatin g strike activities.There's a way to negotiate those activities. If we cou ld do that with the Ru ssians,we could d rast ically reduce the ars enals we have. D o we want to let the Chineseget beyond that and then have to negot iate back? Where do we want to be?The longer we wait on this thin g, the longer we put this off, the moreproblematic it's going to be for u s to h ave a multilateral appro ach to nuclearweap ons. And that 's not just the abilit y to st rike with those, but proliferationand nonprolif eration. All of those ven ues need to be d iscussed .It's not that they're not willin g, but how do we start to get this into amore authoritative activit y so that we can actually start to work in thisenvironment as we move forward ? I think this is very critical to how we goforward .So I'll h old there and open for quest ion s in an y of those areas or anyplace you 'd like to go.8

9QUESTIONS AND ANSWERSHEARING CO -CHAIR FIED LER: Than k you very mu ch, General.We do have a numb er of quest ions. I have a quick one. You said thatwe've n ever had a n ation st ate refuse t o help us when we've singled out a server.Does that in clude the Chinese?GENERAL CARTWRIGHT: I cannot comment on specific countries . Thechallenge--HEARING CO -CHAIR FIED LER: Is attribution.GENERAL CARTWRIGHT: --on man y of these is g etting back t o thatserver and actually finding it . There are fingerp rints --HEARING CO -CHAIR FIED LER: Right.GENERAL CARTWRIGHT: --with any of these attacks, and many ofthese attacks may h ave one country's fingerprints but be emanatin g from anot her,and so you're going to have to do f oren sics to some extent to start to follow thepath back, but if you find the server that's offending, getting at that server first,to me, is the logical step, whatever cou ntry it 's in, and then you work on theforensics after that.HEARING CO -CHAIR FIED LER: Right. Mike.COMMISSIONER WESSEL: Than k you for being here and for yourearlier testimon y and the visit we had , and I'd like to refer back. AsCommission er Fiedler had talked about, last time you were here, you had talkedabout being--cyber being the WMD of the future.You mentioned at the front end of your testimony questions about theequipment and the supply chain, and I wanted to get your thoughts. As there ismore globalizat ion of the supply ch ain, and th ere have been increasing con cernsabout certain vendors that have at t imes talked about mit igation step s, et cetera,how do you view that?Are there ways of t aking full mit igat ion that you can developconfiden ce in foreign vendors or is there always goin g to b e a certain amount ofrisk that we h ave to accept, and the question is what is the tipping point for t hatconfiden ce?GENERAL CARTWRIGHT: Yeah. I thin k t hat, you know, during my t ime,at least, in government, we probab ly went too far in on e d irecti on of believin gthat in man y cases, for critical compon ents, we were going to have U.S. -onlyfoundries, so t o speak. That 's really unrealistic. The systems are toointerconnected . It doesn't mean that we shouldn't b e wary, we shouldn't havesafegu ard s in place, testing, things like that, but the realit y here is that it willdrive the cost in su ch a way that many American companies oftentimes won 't beable to compete.Many of these vendors for things like SCADA systems and other types

of swit ches are so l everagin g in costs t o go offsh ore that it's very difficult to keepyour supply ch ain p ure.Air gappin g something, so let 's ju st say it's a special system, and youdon't want it connected to an ythin g, well, the f irst thing you find out is that italmost is connected , always touches something. If it didn't get designed thatway, some ingeniou s young person, old person, wh atever, will find a way to get itconnected because they'll be tryin g to help somebody.Oh, you'd like to have the weather at t he same time, here, let me ju stconnect this up for you. You know, if you're in the intelligence community,they're your best allies, and over t ime somebod y is going t o penetrate thatnetwork. You d idn't intend it.So the idea that the supply ch ain someh ow co uld be pure in thatnetwork is also pret ty remote because things b reak and bosses want things fixedright away so you'll go get what you can get, and oftentimes you d on't know thepedigree of that eq uipment.So having that , understanding that, is one side of this equation.Having t estin g, that 's important. M y sense is there ou ght t o be some sort oftesting h ere, and there ought to be some sort of cert ification that goes with it soyou have a reasonable underst anding of the risks that you're taking in you rnetwork, understan ding that it 's goin g to be connected to a network that's highlyrisky. D ot -com is st ill the wild, wild West.But as you look at t his, we n eed to take mitigation strat egies. From aperson who has spent the last several years on the of fensive side of cyber, one ofour best defen ses is probably a flaw for us, but there is no such thin g as ablueprint that is accurate. There isn 't. And there are swit ches put in and out,and as soon as you change a system, it's very d ifficult to at tack i t .You've now got to go back in . So we tend to be our best , our own bestdefense. We're also our own worst en emy in that we tend to be sloppy. But t heconst ant chan gin g in our networks, there's no two syst ems in the electric gridthat are exactly the same. None of them are purely to blu eprint.So having the b luep rints is an advantage, but it's not necessarily theanswer. This is a very difficu lt activity. This is not television where some 18 -year -old will come in and do it. This t akes a lot of wor k an d a lot of peop le to do.So the quest ion from the supply side from my standpoint is you n eedto start developing strategies, strategies that ch ange your configuration on aregular basis, strategies that mat ch con figurat ions with other systems to say a rethey both telling me the same thing? So having duplicate systems, back -upsystems, so that you know when you're being deceived, or that you find out asearly as possib le in the game.The military has got to get into this, too, and you cannot rely on asingle set of sen sors, weapon s and command and control in the future. It's just10

not reasonable. You're going t o have t o comp are mu ltiple sensors againstmultiple command and control nodes again st mult iple delivery systems.If you d on't do that , you won 't know when you're bein g lied to. Imean because I can make your display t ell you whatever you want to see. So, youknow, these are the kinds of thin gs that we have to start thinking. What are thecyb er st rategies? How do you understand this? But thi s en viron ment is soleveraging to busin ess and so leveragin g to defense, it 's a risk - gain act ivity thatyou go through .Nothing is without risk, you know, and you got to look at t he gain sthat you get for it and decide how much risk you're willin g to tak e, and thenobviou sly be prudent and understanding of the risk that you are takin g so thatwhen you undertake an activity, you're well aware of the risks that are there, too.I mean it's ju st like me going to my ban k online. I'm willin g to sign upfor a reduction in my privacy for higher assu ran ce that the t ransactions are, infact, goin g to happen, and that they'll b e cared for, and that they won't be lost orcompromised when they occu r.This id ea of voluntariness has to be there, but you're going to ma ke arisk- gain calcu lus each time you do it .HEARING CO -CHAIR FIED LER: Than k you .One more. D an.COMMISSIONER BLUMENTHAL: Yes.HEARING CO -CHAIR FIED LER: There are actually maybe t wo more.COMMISSIONER BLUMENTHAL: Than k you for you r test imony.I had a question regarding t aking the p oint that it sh ouldn't just be amilit ary-to-military dialogue. In my op inion, ju st following on this, the greatestrisk is ob viou sly a major, a major cyber attack, actually that the Chin ese are q uiteopen in writin g about and speakin g about, and not only on the sort of force -enablin g side in terms of what they might do in a conflict scen ario, but actuallyusing cyber as a strategic offen sive weapon like other cou ntries h ave alreadydone.And I ju st, if you could wal k me through the --and I underst and part ofthe problem with the PLA is they ju st won't talk. I mean that's on e of the reasonswe need the wh ole government approach is the PLA doesn 't like to talk to u s verymuch .So if you could walk me through this sort of deterren ce thinkin g onthis. I mean it is just so hard to get your head around. I mean, you know, how doyou deter a major, you know, a major cyber attack that is not physical in n ature,but can st ill, as you said years ago, bring down a ban kin g syst em and an elect ricgrid, or that 's the n ext typ e of thing that might be u sed against u s? Walk methrough the early st ages of how to thin k about deterren ce.GENERAL CARTWRIGHT: M y sen se is that the 21st century d eterren ce,11

whether it be nuclear, whether it be bio, wh ether it be cyb er, is going to, to alarge extent, be ab out anonymity and about attribution . Whether nuclear --youknow, it's mu ch more effect ive, rather than 300 ICBMs coming over the Pole, totake a pick-up truck and park it in the city. Ok ay.In bio, it's going to take u s a long time to understand where the attackcame from. In cyber, it's going to be much the same. Okay. So when you havethreats like that, the general deterrent const ruct is to remove as mu ch as possiblethe object ive from your ad versary. So passive defenses talk about, in the kineticsense, talk about hardening, stand -off d istan ces for terrorists so that vehiclescan't get close to b uildings, things like this.You have to thin k about the same things in cyber. What are the thingsthat you can do that would mitigate the likelihood that a cyber attack could , infact, d rop the whole electrical grid or a banking system or somethin g like that ?These are the t ypes of deterrent strategies that you have t o think about.Offense and mutual assu red dest ruct ion is relatively low in utilit y inthese typ es of en vironments. Okay. So you're thin kin g more about the t ypes ofdefenses that deny your ad versary their objective, and wh en you thin k ab out thatin cyber, as I ju st talked about, it 's h aving back -up systems, it's h aving goodhygiene, which is generally ou r biggest problem, and I've talked b efore publiclyabout there need s t o be some sort of p ublic -private organ ization --I u sed as anexample the FDIC--where you get the stamp o n the outsid e that says I have goodhygiene, I've looked at my h ard ware, I d o these kinds of in spection s. You canshop here or you can shop there, you know. It 's your choice.But have some sort of a venue like we d o with the FDIC that is notpure governm ent, b ut has the authorit y to lay down a st an dard again st wh ich youcan u se.In the deterrence constru ct, I go back t o the period of the '70s, '60s,'70s, '80s, where we were worried about hijacking in this country, and with a fewair marsh als, a very low percentage in comparison to the n umber of flights, thelikelihood that you were going to be su ccessful went down sufficiently that thehijackers went away.You're never goin g to make it go away completely, but wh at you 'relooking f or is the kn ee in the c urve. What does it t ake to make your ad versarybelieve that the likelihood of success h as been significantly diminished? Thatapplies all the way up to full -blown war.Now, I don 't believe anybod y is going to invade the Unit ed States. Butfor us, I think at least for the next five to ten years, the biggest threat that wehave is the unknown. It doesn 't take all the ban kin g system to come down. Onebank and somebody claimin g they cyber hacked it is en ough to make you quest ionwhether you should go back to the ban k tomorrow.It's the same with an airline or any other thing. So it's less the12

massive attack that you worry ab out; it's the loss of confidence in the countrythat can occur from a limited attack that is very difficu lt to put attribution to.Those are the kinds of things I thin k that we have to worry about.COMMISSIONER BLUMENTHAL: If you would, explain why t heretaliatory st rategy would not work?GENERAL CARTWRIGHT: Well, number one, it's not immediate andproximate.COMMISSIONER BLUMENT HAL: Okay.GENERAL CARTWRIGHT: I mean that's t he biggest problem.HEARING CO -CHAIR FIED LER: Time for one last question. LarryWortzel.HEARING CO -CHAIR WORTZEL: General, thank you very mu ch forthoughtful test imon y and for agreein g t o come out here a second time.I want to take you b ack to your days as the STRATCOM commander andtalk about nuclear issues. The Ru ssian s have chan ged mu ch of their warf ightin gdoctrin e, part icu larly in the Far East , an d are reintroducing tactical and even whatboils down to nuclear weapon s because of their lack of manpower and weakness.It seems to me that makes the f ire break bet ween con ventional andnuclear war more f ragile and makes nuclear war more likely. Is China likely tomirror that Russian doctrin e in self -def ense, and if they do, wh at does that do toINF forces and treat y?GENERAL CARTWRIGHT: I thin k there's a couple of axioms t hat stillseem to hold true. Nation stat es acquire nuclear weapons as a shield. Terroristsacquire them as a weapon, as a sword . That tends to still b e true.Nations that b elieve that the stren gth of countries that might, in fact,pose them threat, when that stren gth is substantial and outnumbers in significantways, whether it be in weapons or people, nuclear weapon s become a l eveler--okay--in their mind.Russian military is n ot growin g. It's decreasing, and you can look atthe demographics of the country. They're on the decline from a pure who couldbe in the military st andpoint. Th e number of systems they have are declin in g.When they look to t heir south, they see nothing but growth, and they see nothingbut large numbers.So for the Chinese, it doesn 't make a lot of sense t o go that path, butfor the Ru ssians, they're st artin g to perceive a threat . They may believe ther e isstill a threat from Europe. To us it d oesn't make sen se, but that's their ownpsyche.So they're lookin g at threats that they can no longer outman. Theycertainly can out -qualit y in many venues, but the numbers game is workingagainst them, and t he y look at these things as being right on their borders, notacross the ocean from them or something like that , and so they're very p roximate13

threats.As you start to look at treat y con stru ct s, as we go forward , wecertainly need to be mindful of that thre at and their p erception of that threat .It's very real to them. Okay. We can't just dismiss it with wh y can't you ju stagree t o get along?And so as we go beyond new START, we need to now start tounderstand the imp lication s of cyber, missile defense, l ong-ran ge convention al,and then nuclear. And we p robably need to start to f ind a way to get away fromjust a pure us versu s Ru ssia long -range strategic weapon s and get into a morefulsome d ialogue, b ut doing that in the silos of tactical, strategic, con v ention al isnot goin g to do us well.We've got t o start to make the prob lem harder to understand thecontext in which we're making these decision s because doing it in the Aegis is notworking for u s. Just takin g care of lon g ran ge st rategic makes us f eel good, b ut itisn't solvin g the global problem.HEARING CO -CHAIR WORTZEL: Th ank you very mu ch.HEARING CO -CHAIR FIED LER: Than k you very mu ch, General. Alwaysgood to see you again.GENERAL CARTWRIGHT: Th ank you . Take care.HEARING CO -CHAIR FIED LER: Than k you .The next pan el --ju st a couple of minutes wh ile the n ext p anelassembles.[Pause.]14

16OPENING STATEMENT OF RICHARD BEJTLICHCHIEF SECURITY OFFICE, MANDIANTMR. BEJTLICH: Good mornin g, Mr. Chairman, members of t hecommittee, and thank you for the opportunity to contribute to today's h earing.I'm the Ch ief Security Officer at Mandiant, and if I cou ld be the CTO,that wou ld probab ly be a n ice p rom ot ion, but for now I'm the Chief Securit yOfficer.We're a privat e company that provid es software and services to detectand respond to d igital intru sion s. M y t estimon y draws on our compan y'sexperien ce as well as four years def ending Gen eral Electric as Director of In cidentResp onse, and I've defended West ern interests again st serious intruders sin ce1998 when I was a captain in the Air Force.Becau se my most recent experience draws on work done in the privatesector, I'm not the person to ask about the stru cture of the Chinese military orthe actual root s that are behind it. However, I can give you my compan y and mycolleagues' perspectives on this problem.Our intelligen ce team tracks about 20 groups that we designate asAdvan ced Persisten t Threat ac tors. We tend to take the st rict def inition of APT,as defined b y the Air Force in 2006, as groups that are act ing from Chin a.We cu rrently categorize these groups as havin g different skill levels.We categorize ab ou t a quarter of those 20 to have wh at we would con sider highskill, about on e -quarter having medium skill, and, as you might expect, one -quarter havin g low skill. Th e final quarter are groups that we have just recentlyidentified , and we d on't have enough d ata yet to t ell you whether you con s id erthem high , mediu m or low.Most of the groups we track target the U.S. def ense indust rial b ase,but also some of these groups t arget U.S. govern ment agencies, thin k tan ks,political organizat ions, and other commercial and private t arget s, and our mostrecent report broke out the percentages of activit y again st different elements ofthis nation's infrast ructure.So 23 percent of the act ivit y that we saw covered commu nicat ionscompan ies, and b y t hat I don't mean ISPs, I mean p eople who make telecom gear ;18 percent affected aerosp ace and defense; 14 percent computer hard ware andsoftware; t en percent energy or oil and gas; ten percent electron ics; and theremain ing quarter was considered "ot her," of wh ich the f inancial sector was thelargest .You'll notice if you compare those sort s of companies and industriesto your last year's report, it match es u p pretty nicely with some of the strat egicsectors that Ch ina h as targeted .I have a couple of case studies wh ere I'd like to illu strate some trends

we've seen in intru sions lin ked to China. The first case describes APT actors whoassembled intellect ual propert y that they needed to replicate a product, and t hesecond one describ es APT actors who are present durin g merger and acquisitionactivit ies.In the first case, in early 2011, and these are all from just last year foryour referen ce, we were contacted b y an electronic comp onents manufacturer asa resu lt of a notif ication by a third -party, namely, a government agen cy.We discovered that this organiz a tion had had technology st olen fromit, and the victim d id not place a lot of value on that part icular componentbecau se what they said was this component is somethin g t hat you have to p airwith another piece of technology in order to have value. Now, cle arly, they weremaking it; they were selling it. But they said I don't understand why an intruderwould want this; you have to put it wit h somethin g else.Well, wouldn't you know t wo weeks lat er, we got a call from thatsecond compan y that made the other h alf of the componen t, and they saidsomebod y ju st stole this from us. We d on't underst and what the deal is, but wedon't thin k it has that much value because you need Part A. Well, we were in aposition t o see Part s A and B stolen, put them together, an d obviou sly theintruders h ad the same sort of interest as well.The second case in volved a large Europ ean defense contractor. Theyalso h ad received a third -part y notificat ion that there was a problem. Theysuffered the same sorts of intrusions as you p rob ably read in the news, maliciousPDF attachment, u ser clicks on it, the intruder then proliferates throughout theenvironment. In the course of ou r in vestigation, we found that the intruder hadultimately stolen ab out 50,000 files, an d the thing that w as interest ing about thiscase was that this large organization was in the course of doing merger andacquisit ion activities.Specifically, they were looking at buyin g a smaller comp an y, and wh atwe found was that t his smaller comp an y was completely compr omised b y Ch in eseactors, and so as a result of ou r work with both these organ ization s, we were ableto find the problem, take care of it, an d then move on .This id ea of the Chinese going after smaller organizat ions t hat havebeen identified as b eing abou t to b e acquired by larger ones seems t o be a trendbecau se a lot of the compan ies that you see rep resented in the audien ce today,they've done a good job harden ing themselves again st these bad gu ys, but thesmaller ones aren't there yet .I've got a coupl e ot her stat istics I'd like to share based on our analysisof these groups over the last year. 94 percent of ou r vict ims learn of thecompromise via third party. That 's mostly the FBI. There is some NCIX and someby some other means. Th at mean s only si x p ercent found it themselves. Most ofthese organiz ation s just don't h ave the tools, processes, staffs, or mind - set17

necessary to deal with these intruders.Secondly, the med ian number of days that elap sed bet ween where wefound the intruder getting into a comp any and someone d oing somethin g about itwas 416. In other word s, these intruders are in these organization s well over ayear, doin g whatever they want b efore anyone even not ices.The only bright sid e to this is this is act ually a decrease. Typic ally it'stwo to three years, and you have even seen the public Nortel case where it wassomethin g on the order of ten years.And, then, fin ally, we have seen the b ad guys using stolen credentialsin 100 percent of the cases. So whenever you focu s on too ls, you're going to missa lot of the cases b ecau se the bad guys are going in there stealin g credentials andthen look like n ormal users.Now, it's imp ortant to realize these groups use the level ofsophistication they need to accomplish their objective, but I prefer t o emphasizethe advan ced nature of the intrusion management skills wh en explainin g thatthese groups, you 've got some of the most motivated , well - resourced , well -staffed compan ies in the world fighting these gu ys, and no one has solved thisproblem. And so it really speaks to more of a larger picture than wh at we havehere.Finally, Mandiant is not aware of any specif ic attacks against anorgan ization 's supply ch ain or cloud infrastru cture. Supply chain attacks can b edetected, but to tel l you the t ruth, the cloud attacks really worry u s becau se it isdifficu lt for a cloud victim to know that somethin g has happened, and it 's d ifficultfor the cloud provid er to tell that something has happened .You want to talk ab out the Internet being the "Wild West ." The cloudis certainly a Wild West out there.And finally, two recommendations that I would make. First , Irecommend Congress con sider an "are you comp romised " assessment to be doneon an annual b asis t o tell if organizations have been compromised, as opposed tosomethin g like an "are you vu lnerab le ," because everyon e is vulnerable.And then, second ly, I recommend the adoption of an open standardfor exchan gin g tech nical data. Our company has somethin g called OpenIOC thatwould h elp in this regard .I than k you for the opportunity to t estify, and I welcome yourquestion s.18

19PREPARED STATEMENT OF RICHARD BEJTLICHCHIEF SECURITY OFFICE, MANDIANTMarch 26, 2012Richard BejtlichChief Security Officer, MandiantTestimony before the U.S.-China Economic and Security Review CommissionHearing on “Developments in China’s Cyber and Nuclear Capabilities”Mr. Chairman, members of the Committee, thank you for the opportunity to contribute to today’shearing. I am Chief Security Officer at Mandiant, a private company that provides software andservices to detect and respond to digital intrusions. My testimony draws on our company’sexperience, as well as four years defending General Electric as Director of Incident Response. I havedefended Western interests against serious intruders since 1998 when I worked as an analyst andintelligence officer at the Air Force Computer Emergency Response Team, the Air Force InformationWarfare Center, and the Air Intelligence Agency.Because my most recent experience relies on work done in the private sector and enterprisecustomers, I am not able to provide first-hand answers to questions concerning China’s military,security services, criminal groups, or other parties. Your recently released reported titled “Occupyingthe Information High Ground” is a better source of information on specific, named organizations withinChina, such as the People’s Liberation Army’s Third and Fourth Departments of the General StaffDepartment.However, I can comment on the characteristics of the groups that the Mandiant Intelligence Team hasidentified as Advanced Persistent Threat, or APT, actors. For the most part, our team and I use thestrict definition of APT as created by the Air Force in 2006, namely as an unclassified reference tointrusions sets ultimately traced back to actors in China. Members of our team have extensiveknowledge of these actors that includes time at Mandiant and other organizations focused on thethreat from the Asia-Pacific region. Mandiant’s assessment of APT actors is not based on any singleaspect of an intrusion, such as an IP address owned by a Chinese registrant, or the presence of Chineselanguage characters in malicious tools or other code. Rather, Mandiant dynamically tracks, over timeand subject to continuous modification and refinement, APT groups using a variety of indicators ofcompromise.Our intelligence team currently tracks approximately twenty distinct APT groups. These groups includeall of the parties identified by reports publicly released by other security companies, as well as actors

that we believe are unknown to many of those other companies. We have seen these groupsdemonstrate various levels of technical and organization skill, with approximately a quarter having“high” skills, one quarter having “medium” skills, one quarter having “low” skill, and one quarter toonew to make a characterization. Within APT groups we tend to see evidence of “crews,” meaningsmaller teams who specialize in various stages of a compromise. For example, one crew may be taskedwith obtaining access to the victim; a second crew moves laterally through the organization to gatherintellectual property or other data; and a third crew steals or exfiltrates the data.Most of the APT groups we track target the US defense industrial base (DIB). Some of these groupsalso target US government agencies, think tanks and political organizations, and other commercial orprivate targets. Our most recent M-Trends research report described our consulting caseload for 2011in these terms: Communications companies: 23% Aerospace and defense: 18% Computer hardware and software: 14% Energy or Oil and Gas: 10% Electronics: 10% Other, of which the financial sector was the largest component: 25%The following case studies illustrate the trends we have seen in computer intrusions linked to China.The first case describes APT actors assembling the intellectual property they need to replicate acomplete product. The second case describes APT actors present during merger and acquisitionactivities.In early 2011, an electronics component manufacturer contacted Mandiant as the result of receiving anotification of compromise from a government agency. After conducting sweeps to obtain forensicevidence, we realized that the attacker had been replacing their malware every six months during thetwo years they had been resident at the victim organization — and this replacement occurred againduring the course of our investigation.To maintain persistence, the attacker used a variety of backdoors, including some publically availableones. One interesting custom backdoor consisted of a custom miniport driver, which listened for aparticular “magic packet” that, when received, would activate the malware. Of the approximately 100compromised systems at this customer, the intruder installed malware on less than half of them. Foraccess to the other systems, the intruder relied on usernames and passwords stolen from theorganization.Mandiant consultants were able to forensically recover a partial listing of stolen intellectual property.The victim company did not place a high value on the stolen data since it was merely a sub-component20

of a more advanced technology, and the victim did not even produce the other component parts.While the more advanced product was extremely valuable, it could only be built by combining thevictim’s technology with parts from a second company in the supply chain. Within weeks, however, thesecond company called Mandiant. They had also been the victim of an advanced attack, and they alsolost intellectual property for a sub-component. It was only by connecting the dots between the twovictims that the attacker’s goal was clear: rather than targeting a single company for a particulartechnology, they had been tasked to acquire the more advanced, broader technology. The attackershad performed reconnaissance to determine what companies produced the component technologies,and then targeted those entities to steal what they needed.Later in 2011, a large European defense contractor contacted Mandiant just months after acquiring aspecialty service provider. The service provider had received information indicating that they had beenthe victim of a targeted attack, and the parent company was concerned about the extent of thepenetration.The attack began with a phishing email containing a malicious PDF attachment. Prior to sending theemail, the attacker had performed enough reconnaissance to uncover the name of an individual at acompeting organization with whom the victim user had previously corresponded. The sociallyengineered email purported to be from that individual. When the victim opened the maliciousattachment, an intruder established a foothold in the environment. The attacker leveraged this initialbackdoor to move laterally throughout the environment, obtained legitimate credentials, andultimately stole over 50,000 files.Based on the lessons learned from this incident, the parent company implemented a process requiringevery new acquisition to be vetted by the Mandiant Intelligent Response tool prior to being allowed tojoin the corporate network. This process paid off in late 2011 when the company discovered an APTgroup actively operating at another company they were about to acquire. The integration was put onhold until a thorough remediation and damage assessment was completed.Through these sorts of cases, Mandiant extracted several other statistics which describe trends seen incomputer intrusions attributed to APT groups. 94% of victims learn of compromise via third parties; only 6% discover intrusionsindependently. Victim organizations do not possess the tools, processes, staff, or mindsetnecessary to detect and respond to advanced intruders.The median number of days that elapse between compromise of a victim organization anddetection or Mandiant involvement is 416 days. Incredibly, this number is an improvementover past intruder “dwell time” measurements of two to three years.Advanced intruders installed malware on 54% of systems compromised during an incident.They did not use malware to access the other 46% of systems compromised during an incident,meaning relying on tools that find malicious software misses about half of all victim computers.21

Mandiant observed intruders using stolen credentials in 100% of the cases it worked in 2011.Intruders seek to use legitimate credentials and access methods as soon as possible, becausethey can then “blend in” with normal user activity.APT groups use the level of sophistication required to achieve their objective. For example, in 2011Mandiant observed an increase in the usage of publicly available malicious tools by APT actors. Weassess that the adversary uses publicly available tools for three reasons:1. They already exist, so the intruder does not need to expend research and developmentresources to create custom tools.2. Many organizations allow internal use of the sorts of tools favored by intruders.3. Publicly available tools rarely stand out against the “noise” created by lower-level intruderspursuing smash-and-grab or “botnet” intrusions.The use of public tools or leveraging publicly known vulnerabilities is a source of confusion for manysecurity professionals. They assume the “advanced” element of the APT term requires that Chineseactors deploy the most sophisticated digital weapons for all phases of an intrusion. I have personallyobserved APT actors escalating their technical sophistication to adapt to countermeasures deployed bycomputer incident response teams, so I know the APT can be as advanced as needed when the targetwarrants it.I prefer to emphasize the advanced nature of Chinese intrusion management skills when explaining thesophistication of APT groups. It is significant that the most well-resourced, highly professional, andmotivated network defenders on the planet have not yet “solved” the problem of Chinese intrusionactivity. At best we can keep them from stealing the bulk of an organization’s crown jewels, but onlyafter significant investment in improved technology, business and IT processes, partnerships, andstaffing.Mandiant is not aware of specific attacks against an organization’s supply chain or cloud infrastructurein order to steal intellectual property, beyond what has been publicly mentioned in the press. Attacksagainst the supply chain, when manifested as malicious code in trusted hardware or software, cansometimes be discovered by end user organizations. Local security staff can identify the maliciouscode by the action it takes on the network, or by the way an adversary interacts with it. It is difficultfor end user organizations, and any consultants they hire, to gain visibility and awareness concerningcompromise of cloud platforms. In general, do not expect cloud providers to be able to identifyadversary activity, because it is difficult for the cloud provider to differentiate between legitimate andillegitimate access and use.APT groups continue to focus on enterprise Windows computers, although other operating systemshave been compromised. Intruders exploit enterprise systems hosted in company-owned data centers,22

23and enterprise systems hosted at third party data centers. For the most part, mobile devices, true“cloud infrastructure,” and tablet computers do not yet appear to have been targeted.Concerning legislative or administrative actions that the U.S. Congress can take, I have tworecommendations. First, I believe far too much legislative and regulatory attention is paid tocompliance with standards and the question of “are we vulnerable?” In my professional opinion,compliance with standards is, at best, effective at stopping some lower-skilled intruders whoopportunistically exploit targets. Compliance regimes tend to devolve into a paperwork exercise basedon subjective interpretations and the whims of an auditor.Regarding the question of “are we vulnerable,” the answer for every organization is “yes.” Rather thanwasting time on this question, organizations should instead ask themselves “are we compromised?” Inother words, does the organization suffer an ongoing intrusion by a targeted intruder, whether fromChina, Russia or a criminal group? It is a waste of time and resources seeking compliance withstandards while intruders are actively stealing data from a victim organization. The adversary will adaptto any countermeasures deployed during the compliance exercise; I have seen this pattern repeatedregularly during my career.To this end, I recommend Congress consider the integration of an “are you compromised” assessmentinto any new requirements levied on specific industries. These assessments should occur no lessfrequently than once per year, although true continuous assessment on a 30-day cycle is much moreeffective in my professional judgement and experience. By requiring processes and technology toanswer the “are you compromised” question, regulators, Congress, and other appropriate parties will,for the first time, gather ground-truth knowledge on the state of security in selected industries.Without knowing the real “score of the game,” it is unreasonable to expect real progress in digitalsecurity.My second recommendation involves sharing threat intelligence. I offer a few principles based on myexperience as someone who has created, consumed, and shared threat intelligence in a variety ofpublic and private roles.1. First, adopt an open standard for exchanging technical data. Mandiant created the OpenIndicator of Compromise, or OpenIOC format (http://www.openioc.com) for this very purpose.It allows fine-grained description of threat intelligence for use by analysts and software and isfree of charge with an open specification available online.2. Second, recognize that dozens of effective threat intelligence sharing organizations alreadyexist. These include the Defense Industrial Base Collaborative Information Sharing Environment(DCISE), the Bay Area CISO Council, the Financial Services Information Sharing and AnalysisCenter (FS-ISAC), as well as other ISACs, and other groups. Understanding and coordinatingefforts among these groups is a good precursor to any additional sharing activity.

3. Third, please note that intelligence sharing networks do not necessarily improve as additionalmembers join. Having participated in these networks, I have seen a tendency for participantsto guard their contributions as the network adds those for whom trust cannot be establishedon an interpersonal basis. Intelligence sharing relies on trust in order to succeed, and trust isbuilt on personal relationships.Thank you again for the opportunity to testify. I welcome your questions and comments.24

25HEARING CO -CHAIR FIED LER: Than k you very mu ch.HEARING CO -CHAIR WORTZEL: Mr. Villeneuve.OPENING STATEMENT OF NART VILLENEUVESENIOR THREAT RESEARCHER, TREND MICROMR. VILLENEUVE: I would like to than k the members of theCommission f or in viting me tod ay.I spend most of my days investigat ing t argeted malware at tacks atTrend Micro. My st atement today is drawn from my experience in the t wo casesthat you mentioned , GhostNet and ShadowNet, but also a third report that I p utout recently called LURID , which demonstrated that the same threat actors thatwere attacking interests in the Un ited States h ave shifted focus and have startedtargetin g sp ace -related agen cies in Russia and the former Soviet Un ion.My statement is entirely my own opin ion and does not ne cessarilyreflect the views of my employer.I prefer t o call these targeted malware attacks, whereas others pref erto see them as a component of or directly call them Ad van ced Persistent Threatactivit y. I believe t hat this activit y can be tracked over time and linked throu ghspecific indicat ors t o threat actors operating in the Ch inese language or usin gcommand and control infrastru cture based in China or operating command andcontrol infrastru cture from Chin a.However, I recommend caution wh en attemp ting to determineattribution based solely on technical indicators that are f requently spoofed andoften mislead ing. As the General mentioned this mornin g, I don't believe there'sa "smokin g gun" in cyb ersp ace.While there have been a lot of accusations of hyp e surroundingseveral h igh ly publicized attacks, the p roblem of t argeted malware attacks isseverely understated, not overstated . Instead of focusing on the effect of theseattacks, most seem con cerned with the level of sophist ication and debate whe t herthese attacks are advan ced or not from a technical persp ective.So I wou ld like to emphasiz e three points:First, targeted malware attacks are extremely su ccessful. The scopeof the problem is t ruly global, extendin g far beyond the U.S. It affectsgovernments, milit aries, defen se indust ries, high -tech companies, the energy andfinance sectors, intergovernmental organization s, non governmental organizations,media outlets, acad emic inst itution s an d activists around t he world .Often these attacks tar get communities of interest that span thesecategories. And on ce a comp romised soft target is availab le, they can use that to

launch attacks on more hardened t arget s. And these attacks are su ccessfulbecau se they leverage social en gineerin g, or the art o f man ipulation , in order t otrick individuals into revealin g sensitive information or executin g maliciou s code.The second point I want to make is that these targeted malwareattacks are n ot isolated incidents of "smash and grab." We tend to see a lot offocus around particular events, but I b elieve that it 's better characterized asmalware-based esp ionage, or consisten t camp aign s that are a series of failed andsuccessful attacks again st targets over time. And the objective is to establish apersistent covert presen ce in a t arget's network so that information can beextracted as need ed.They don 't necessarily n eed to grab something right away, but theywant to be able to obtain the informat ion they want when they want it .And one of the most important and often overlooked element s ofthese campaign s is the reliance on human labor, which stands in st ark contrast tothe largely automat ed botnets operated by cyber criminals.In addition to manual reconnaissan ce, t he attackers will craftindividualized e -mails and package malware specif ically for an individual grou p ora group of t argets. In addition, they'll adjust their tactics in reaction to thedefenses of the vict im.One of the trends I'm seeing is a lot of malware groups that have beenused in the past heavily in North America are now sh ifting focus, focu sin g onformer Soviet Un ion , Taiwan , Jap an, an d Vietnam, as well.This customizat ion and low level of distribution provides t he attackerswith a signif icant advantage over defenders that are large ly relying on automatedsystems.Third, targeted malware attacks are not well understood . However,careful mon itorin g and investigation can leverage mistakes made by the attackersthat allow u s to get a glimpse inside their operation s.These camp aigns can be tracked over time through a combination oftechnical and contextual indicators, but this information is not often made public.While some might b elieve that the threat actors beh ind thesecamp aign s have myt hical capabilities both in terms of their o peration al secu rit yand the exp loit s an d malware tools they use, in fact, they often use old er exploitsand simp le malware. They do not always use "zero d ay" vu lnerabilities, orexploits for vu lnerabilities for wh ich there is no pat ch available.The obje ctives of these attacks is t o ob tain sen sitive d ata. Themalware used in the attacks is ju st an instrument.So I make the followin g recommendations:First, we need to b roaden the scope of the stakehold ers. While U.S.government, military, crit ical inf rastructure and defense in dustrial base are wellunderstood as targets and often exchan ge information amongst each other, the26

scop e ext ends globally, and government needs to en gage ad ditional stakeholders,both inside and outside the U.S.Major malware -based espion age campaigns h ave b een uncovered anddisclosed by researchers and privat e companies who need clear avenues forinformat ion exch an ge. One of the p roblems I've person ally faced is who to tellabout wh at I know.In addition, the NGO communit y, p articularly those involved indemocracy p romotion, human rights campaign s, as well as Tibetan activism, arealso b eing t argeted by the same camp aigns we see threaten ing the nationalsecu rit y of the Un it ed States.While man y of these threats are understoo d by a select few, includinga lot of peop le in this room today, the indicators that are so critical to def enseare rarely sh ared outside of tru sted circles in order to avoid potentially tippin goff the attackers, who may subsequently adapt and chan ge tact ics.However, the scope of the problem is so severe that I recommendbroadenin g stakeh older engagement with diverse communities in order to build awider net work of trust so that the threat intelligen ce that is so critical to defensecan be shared .Finally, I'd like to encourage respon sible disclosure of compromise.No one wants to ad mit that their organ ization has been compromised . However,this obscures the problem. It h ides the const ant attacks an d successfulpenetration s by a discrete set of malwa re-based esp ionage camp aign s.When Google b roke the disclosure barrier and revealed that they hadbeen breached in what is now known as "Operation Aurora," it firmly placed theissu e of targeted malware attacks in the public domain, an d they mad e it clearthat comp anies face the same attacks t hat had previou sly f ocused on govern mentand military net works.Recently the Securit ies and Exchan ge Commission has b eenencouragin g companies to disclose such attacks because t hey recognize the effectas well as the ir imp ortance to in vestors. Ultimately, the public n eeds tounderstand the full scop e of the cyber espionage problem, and unless in cidentdisclosure occurs, t he public will fail to grasp the severity of the situat ion.Thank you .27

28PREPARED STATEMENT OF NART VILLENEUVESENIOR THREAT RESEARCHER, TREND MICROU.S.-China Economic and Security Review CommissionHearing on “Developments in China’s Cyber and Nuclear Capabilities”Submission by Nart VilleneuveMarch 26, 2012I would like to thank the members of the U.S.-China Economic and Security Review Commission forinviting me to participate in today’s hearing on Developments in China’s Cyber and NuclearCapabilities. I spend my days investigating targeted malware attacks as a Senior Threat Researcher atTrend Micro Inc. While my statement today is drawn from my experience, particularly from an insideview into three cyber-espionage campaigns that I have helped uncover, GhostNet (which compromiseddiplomatic entities around the world), ShadowNet (which targeted the Indian government and military)and LURID (which targeted space-related agencies in the former Soviet Union), it is entirely my ownopinion and does not necessarily reflect the views of my employer.My testimony today focuses on malware-based espionage, or what some refer to as, or as a componentof, Advanced Persistent Threat (APT) activity. This APT activity can be tracked over time and linkedthrough specific indicators to threat actors operating in the Chinese language or using command andcontrol infrastructure in China. However, I recommend caution when attempting to determine attributionbased solely on technical indicators that are frequently spoofed and often misleading because there is no“smoking gun” in cyberspace.While there have been a lot of accusations of “hype” surrounding APT, the problem is severelyunderstated, not overstated. Instead of focusing on the effect of these attacks, most are concerned withthe level of “sophistication” and debate whether these attacks are “advanced” or not. I would like toemphasize three key points:Targeted malware attacks are extremely successful. The scope of the problem is truly global,extending far beyond the US. It affects governments, militaries, defense industries, high techcompanies, the energy and finance sectors, inter-governmental organizations, non-governmentalorganizations, media outlets, academic institutions, and activists around the world.Targeted malware attacks are not isolated incidents of “smash and grab” attacks. They are partof consistent campaigns aimed at establishing a persistent, covert presence in a target’s networkso that information can be extracted as needed.Targeted malware attacks are not well understood. However, careful monitoring can leveragemistakes made by the attackers that allow us to get a glimpse inside their operations. Moreover,these malware-based espionage campaigns can be tracked over time through a combination oftechnical and contextual indicators but this information is not often made public.1. Targeted Malware Attacks

There has been dramatic increase in targeted malware attacks. Unlike the largely indiscriminate attacksthat focus on stealing credit card and banking information associated with cybercrime, these targetedattacks are noticeably different and are better characterized as malware-based espionage. These highlytargeted attacks are computer intrusions staged by threat actors that aggressively pursue and compromisespecific targets, often leveraging social engineering or the “art of manipulation”, in order to maintain apersistent presence within the victim’s network so that they can move laterally and extract sensitiveinformation.In a typical targeted attack, a target receives a message – such as an email or instant message – that iscontextually relevant to the potential victim and encourages the target to click on a link or open a file.The links and files sent by the attacker contain malicious code that exploits vulnerabilities in popularsoftware. The payload of these exploits is malware that is silently executed on the target’s computer.This exploitation allows the attackers to take control of and obtain data from the compromisedcomputer. The malware connects back to command and control servers under the attacker’s control fromwhich the attackers may then command the compromised computer to download additional malware andtools that allow them to move laterally throughout the target’s network. These are not isolated incidentsof “smash and grab” attacks but are part of consistent campaigns aimed at establishing a covert presencein a target’s network so that information can be extracted as needed.TargetingWhile government and military networks have long been targets, these highly targeted attacks havespread to the defense industrial base and high tech companies, the energy and finance sectors,telecommunications companies as well as media outlets, civil society organizations and academicinstitutions. Often, these attacks target “communities of interest” that span the aforementionedcategories. Compromised “soft” targets can then be used to launch attacks against hardened targets.These attacks are successful because they are designed to manipulate individuals into revealing sensitiveinformation or executing malicious code. The delivery mechanism, usually an email, is often specificallyaddressed to the target and appears to have originated from someone within the target’s organization orsomeone in target’s social network. In extremely targeted cases, attackers may actually send emaildirectly from a compromised, but real, email account of someone the target knows and trusts.While some might believe that the threat actors behind targeted malware attacks have mythicalcapabilities, both in terms of their operational security and the exploits and malware tools used, they, infact, often use older exploits and simple malware. They do not always use “zero day” vulnerabilities –exploits for vulnerabilities for which there is no patch available. The objective of these attacks is toobtain sensitive data; the malware used in the attacks is just an instrument. The discovery of GhostNet,for example, highlighted the fact that attackers do not need to be technically “sophisticated” or“advanced”. With some functional but less-than-impressive code along with the publicly available gh0stRAT tool these attackers were able to compromise and maintain persistent control of embassies aroundthe world. They can be successful without being “advanced” because of their exploitation of trustthrough social engineering as well as the learning gained from continual probes as well as bothsuccessful and unsuccessful attacks. This allows the attackers to select exploits based on what they knowabout the target’s environment and they do leverage “zeroday” exploits when needed.29

CampaignsThese targeted attacks are rarely isolated events; in fact, they are constant. It is more useful to think ofthem as campaigns – a series of failed and successful attempts to compromise a target over a period oftime. In fact, the attackers themselves often keep track of the different attacks within a campaign inorder to determine which individual attack compromised a specific victim. As the attackers learn moreabout their targets, from open source research as well previous attacks, the specificity of the attacks maysharply increase.Once enough information is obtained from separate incidents indicators obtained from technical,operational and contextual artifacts can be assembled that allow attacks to be grouped in campaigns.This analysis is important because the information gleaned from any individual incident is usuallypartial because there are varying levels of visibility across the stages of an attack. For any one incident,we may have the attack vector, such as an email, or the malware payload of simply command andcontrol server activity. Others, especially those involved with incident response, may have informationon the attacker’s lateral movement and data ex-filtration points. But the most revealing informationusually comes from mis-configured command and control servers used by the attackers that reveal aninside look at their operations.30OperationsOne of the most important and often overlooked element of malware-based espionage is reliance onhuman labor which stands in stark contrast to the largely automated botnets operated by cybercriminals.In addition to manual reconnaissance the attacker will craft individualized emails and package malwarespecifically for an individual or group of targets. In addition, they will adjust their tactics in reaction tothe defenses of the victim. This customization and low distribution provides the attackers with asignificant advantage over defenders that are largely relying on automated systems. However, thishuman element also, occasionally, exposes one of their weaknesses.The attackers can and do make mistakes. Careful monitoring of their command and controlinfrastructure can reveal the inner workings of their operations. The data obtained from the attacker’sinfrastructure often reveals the length of the operation, the number of individual attacks, the identity ofthe victims, additional tools used by the attackers and sometimes even the data that has been ex-filtrated.The data often reveals the breadth of the victims the attackers are targeting and it is almost alwaysbroader than the conventional wisdom based on analysis of individual or even small clusters of activity.While a campaign may maintain subsets of infrastructure for specific geographic regions we have foundthat campaigns often have a global, thematic focus. While there are often exceptions, the attackers oftentarget “communities of interest” that stretch across geographic boundaries. We have found thatcampaigns that are well known in the U.S. aggressively targeting Asia (particularly Taiwan, Japan,South Korea and Vietnam) as well as Russia and Central Asian countries.

The information obtained from the attacker’s command and control servers reveals that the averagelength of compromise is considerable. In the case of GhostNet, for example, we found that the averagecompromise was 145 days with many being compromised for over 400 days (the longest was 660 days).In other cases, such as LURID, we were able to discover the campaign codes the attackers were usingwhich revealed that they had conducted 301 attacks in a two month period (between June 9 2011 andAugust 3 2011).The data may reveal the IP addresses from which the attackers are interacting with the command andcontrol servers. In the past, as was the case in GhostNet, the attackers often hosted their infrastructure inChina. We now see command and control servers hosted in a variety of countries, especially in the U.S.Furthermore, the attackers are often using tools such as “Htran” that allow them to “proxy” through anintermediary computer so that the attackers and the victims computers never directly connect to oneanother. These developments further obfuscate attribution.2. RecommendationsBroaden the scope of stakeholders. While the US government, military, critical infrastructure anddefense industrial base are well understood as targets and often share information amongst each other,the scope of the threat extends globally and government needs to engage additional stakeholders bothinside and outside the US. Major malware-based espionage campaigns have been uncovered anddisclosed by researchers and private companies who need clearer avenues of information exchange. Inaddition, the NGO community, particularly those involved in democracy promotion and Tibetanactivism, are also being targeted by the same campaigns that threaten the national security of the US.While many of these threats are understood by a select few, the indicators that are so critical to defenseare rarely shared outside trusted circles in order to avoid potentially tipping off the attackers who maysubsequently adapt and change tactics. However, the scope of the problem is so severe that I recommendbroadening stakeholder engagement with diverse communities in order to build a wider network of trustso that the threat intelligence that is so critical for an active defense can be shared.Encourage responsible disclosures of compromise. No one wants to admit that their organization hasbeen compromised. However, this obscures the true extent of the problem. It hides the constant attacksand successful penetrations by a discrete set of targeted malware campaigns affecting governments,businesses and civil society organizations around the world. When Google broke the disclosure barrierand revealed that they had been breached, in what is now known as “Aurora”, it firmly placed the issueof targeted malware attacks in the public domain and made it clear that companies face the same attacksthat had previously focused on government and military networks. Recently, the SEC has beenencouraging companies to disclose cyber attacks because they recognize the effect of such attacks andtheir importance to investors. Ultimately, the public needs to understand the full scope of the APTproblem.31Thank you for the opportunity to testify today on this very important issue. I appreciate the continuedgood work by the commission and your holding this field hearing here in Manassas. As you know,northern Virginia was really the birthplace of the Internet in the 1980s and 1990s and remains the East

32Coast “high tech” hub today.Today, northern Virginia is one of the frontlines in the emerging cybersecurity challenge, with asignificant cyber workforce that is supporting U.S. defense and civilian agencies.I have been deeply concerned about the cyber threat from China for nearly a decade. When I firststarted raising these concerns, the general attitude of the U.S. government was to keep everything secret– or in some cases – just to ignore the threat. In fact, when the Chinese attacked four of my officecomputers in 2006, along with many other House offices and committees, the FBI and others urged menot to disclose it publicly.After nearly two years of waiting, I took to the House floor in June 2008 to inform my colleagues – andthe American people – about the incident and warn of the growing threat to the U.S. government andbusinesses.I believed it was important for the public to better understand this threat and what the attackers wanted –not national security secrets, but information about Chinese dissidents with whom I had had worked.The attacker first hacked into the computer of my foreign policy and human rights staff person, then thecomputers of my chief of staff, my legislative director, and my judiciary staff person. On thesecomputers was information about all of the casework I have done on behalf of political dissidents andhuman rights activists around the world.The computers in the offices of several other Members were similarly compromised, as well as a majorcommittee of the House, the Foreign Affairs Committee.It is logical to assume that critical and sensitive information about U.S. foreign policy and the work ofCongress to help people who are suffering around the world was also open to view from these officialcomputers.In subsequent meetings with FBI officials, it was revealed that the outside sources responsible for thisattack came from within the People's Republic of China. These cyber attacks permitted the source toprobe our computers to evaluate our system’s defenses and to view and copy information. My suspicionis that I was targeted by Chinese sources because of my long history of speaking out about the Chinesegovernment’s abysmal human rights record.I have spent hours with countless Chinese dissidents ranging from Uyghur Muslim activist RebiyaKadeer, to house church pastor and advocate Bob Fu, to former laogai prisoner Harry Wu.Just recently I visited with an impressive group of Chinese lawyers in Washington for the NationalPrayer Breakfast. To a person, each loved their country and where rightly proud of their heritage. Butall sought fundamental change. They longed to live in a land where they could worship freely, speakopenly and enjoy the basic protections of a constitution grounded in rule of law. Their quarrel – andmine – is with a thin layer of leadership at the helm of the Chinese communist party that rules by fear

33and oppression.Since I spoke out in 2008, there has been a “sea change” in how senior defense and intelligence officialsare publicly discussing to the cyber threat. Four years ago, some of these same leaders who werewarning against even publicly acknowledging cyber attacks – much less the source of the threat – arenow publicly warning of the threat in very stark terms.I believe that this change has come about because these senior officials have determined that thesituation has become so dangerous, as our networks and technology and companies become sointerconnected, that they understand that public awareness is increasingly critical to dealing with thisthreat.For example, last month during an appearance before the Senate Select Committee on Intelligence FBIDirector Robert Mueller said that while terrorism is the greatest threat today, “down the road, the cyberthreat will be the number one threat to the country.”A 2010 Pentagon report found “… [i]n the case of key national security technologies, controlledequipment, and other materials not readily obtainable through commercial means or academia, thePeoples Republic of China resorts to more focused efforts, including the use of its intelligence servicesand other-than legal means, in violation of U.S. laws and export controls.”The report also highlighted China’s cyber-espionage efforts. The U.S. intelligence community notesthat China’s attempts to penetrate U.S. agencies are the most aggressive of all foreign intelligenceorganizations.Other senior U.S. military and intelligence officials have become increasingly vocal about their concernsabout the scope of Chinese espionage and cyberattacks. Defense Intelligence Agency chief General RonBurgess also recently testified that “China has used its intelligence services to gather information via asignificant network of agents and contacts using a variety of methods... In recent years, multiple casesof economic espionage and theft of dual-use and military technology have uncovered pervasive Chinesecollection efforts.”Last year, the usually-reticent Office of the National Counterintelligence Executive issued a warningthat “Chinese actors are the world’s most active and persistent perpetrators of economic espionage.”The counterintelligence office took this rare step of singling out the Chinese due to the severity of thethreat to U.S. national and economic security.And a March 8, 2012 Washington Post article described how “[f]or a decade or more, Chinese militaryofficials have talked about conducting warfare in cyberspace, but in recent years they have progressed totesting attack capabilities during exercises… The (PLA) probably would target transportation andlogistics networks before an actual conflict to try to delay or disrupt the United States’ ability to fight,according to the report prepared by Northrop Grumman” for this commission -- and I want to commendthis commission for requesting and publishing this important research.

We are beginning to witness the consequences of the cyber threat. According to a March 13, 2012 NewYork Times article “[d]uring the five-month period between October and February, there were 86reported attacks on computer systems in the United States that control critical infrastructure, factoriesand databases, according to the Department of Homeland Security, compared with 11 over the sameperiod a year ago.”In an interview with The New York Times, Homeland Security Secretary Janet Napolitano said “I thinkGeneral Dempsey said it best when he said that prior to 9/11, there were all kinds of information outthere that a catastrophic attack was looming. The information on a cyberattack is at the same frequencyand intensity and is bubbling at the same level, and we should not wait for an attack in order to dosomething.”Notably, Chinese espionage isn’t limited to government agencies. In an October 4, 2011 WashingtonPost article, Chairman Mike Rogers remarked: “When you talk to these companies behind closed doors,they describe attacks that originate in China, and have a level of sophistication and are clearly supportedby a level of resources that can only be a nation-state entity.”Cyberespionage is having a real and corrosive effect on job creation. Last year, the Washington Postreported that, “[t]he head of the military’s U.S. Cyber Command, Gen. Keith Alexander, said that oneU.S. company recently lost $1 billion worth of intellectual property over the course of a couple of days –‘technology that they’d worked on for 20-plus years – stolen by one of the adversaries.’”The record is clear: what policymakers used to reticently refer to as the “Advanced Persistent Threat” isnow increasingly acknowledged as China’s asymmetric warfare and economic strategy against the U.S.Because of our past reluctance to acknowledge the severity of this issue, the Congress and theadministration are now struggling to keep up. As many are aware, several comprehensive cybersecuritybills are stalled in the Senate amid jurisdictional and partisan wrangling.The House is quietly trying to advance more targeted bills and I want to commend my colleagues MikeRogers, chairman of the Intelligence Committee, and Peter King, chairman of the Homeland SecurityCommittee, for their excellent leadership on this issue.As chairman of the House Appropriations subcommittee that funds the FBI, Commerce Department andthe National Institute for Standards and Technology (NIST), my subcommittee has also been fundingsome of the key civilian and law enforcement agencies involved in the fight against the cyber threat.That is why I prioritized cybersecurity programs in the fiscal year 2012 Commerce-Justice-ScienceAppropriations bill, including significant increases to the FBI’s joint cyber task force and requiring eachagency to vet its IT equipment purchases. I also directed the FBI to produce an annual unclassifiedcyber report.I am planning take even more significant steps in the fiscal year 2013 bill that is currently underdevelopment, including adopting many of this commission’s recommendations.34

35Although the government and the private sector have finally come to appreciate this threat and start totake the necessary steps to address it, the threat is evolving and I am concerned that we may continue tobe behind the curve.One issue that the U.S. has failed to develop a coherent and strategic policy to address is the unique andunprecedented threat from Chinese state-owned or state-directed companies that are operating in theU.S. I believe this threat is particularly pronounced from Chinese telecom firms.Earlier this year, The Economist magazine published a special report on Communist Party managementof Chinese corporations. The article noted the Chinese government’s particular support for its telecomand IT industry noting that, “the end result is the creation of a new class of state companies: nationalchampions that may not be owned by governments but are nevertheless closely linked to them”The article reported that “[t]he (Communist) party has cells in most big companies – in the private aswell as state-owned sector – complete with their own offices and files on employees. It holds meetingsthat shadow formal board meetings and often trump their decisions”According to The Economist, the Chinese government even has an expression for this strategy: “Thestate advances while the private sector retreats.”Author Richard McGregor wrote that the executives at major Chinese companies have a “red machine”with an encrypted line to Beijing next to their Bloomberg terminals and personal items on their desks.Given this level of party control in China’s private sector, we shouldn’t be surprised to learn that thePLA has been operating cybermilitias out of telecom companies.Last year, The Financial Times reported that the PLA has even documented how it will use telecomfirms for foreign espionage and cyberattacks.A paper published in the Chinese Academy of Military Sciences’ journal noted: “[These cyber militia]should preferably be set up in the telecom sector, in the electronics and internet industries and ininstitutions of scientific research,” and its tasks should include “stealing, changing and erasing data” onenemy networks and their intrusion with the goal of “deception, jamming, disruption, throttling andparalysis.”The same article also documented the growing number PLA-led cyber militias housed in “private”Chinese telecom firms.The article reported on one example at the firm Nanhao [Nan-how]: “many of its 500 employees inHengshui [Hang-shoo], just south-west of Beijing, have a second job. Since 2005 Nanhao has beenhome to a cybermilitia unit organized by the People’s Liberation Army. The Nanhao operation is one ofthousands set up by the Chinese military over the past decade in technology companies and universitiesaround the country. These units form the backbone of the country’s internet warfare forces, increasingly

36seen as a serious threat at a time of escalating global cybertensions.”That is what makes me so concerned about Chinese telecom firms’ growing operations in the U.S.market. Chinese state-directed are collaborating and cooperating with the Chinese government to adegree that would be unfathomable in the U.S. or other Western economies.And as those Chinese state-backed firms enter the U.S. market, it is unclear whether they will be playingby our rules, or their own.Currently, the most concerning of these Chinese telecoms is Huawei, which is attempting to increase itsmarket share in the United States and around the world. Numerous government reports have linkedHuawei’s corporate leadership to the Chinese intelligence services and the People’s Liberation Army(PLA), raising concerns about Huawei networks and devices being subject to espionage by the Chinesegovernment.These connections are particularly noteworthy given Huawei’s rapid rise as a telecom giant. Accordingto a March 18 article in the Wall Street Journal, “Huawei Technologies Co. has almost doubled its workforce over the past five years as it strives to become a mobile technology heavyweight.”The article also noted that “Huawei's network business has thrived at the expense of struggling Westernnetwork companies such as Alcatel-Lucent Co. and Nokia Siemens Networks. Initially, Huaweisupplied low-cost phones to telecommunications operators in the West under their own brand, but overthe past year, Huawei has also been quietly building and investing in its own brand of high-endsmartphones and tablets.”Huawei executives make no secret of their goal to dominate the telecom market. In a March 6, 2012,interview with the technology news Web site, Engadget, Huawei device chief Richard Yu said “[i]nthree years we want Huawei to be the industry's top brand.”However, Huawei’s growth in the U.S. market should give all Americans serious pause. Last week,respected national security reporter Bill Gertz wrote in The Washington Free Beacon about thiscommission’s recently released cybersecurity report.Gertz wrote: “[n]ew information about Chinese civilian telecommunications companies’ close supportof the Chinese military and information warfare programs is raising fresh concerns about the companies’access to U.S. markets, according to a report by the congressional US-China Economic and SecurityReview Commission.”“One of the companies identified in the report as linked to the PLA is Huawei Technologies, a globalnetwork hardware manufacturer that has twice been blocked by the U.S. government since 2008 fromtrying to buy into U.S. telecommunications firms,” Gertz continued. “Huawei is a well establishedsupplier of specialized telecommunications equipment, training and related technology to the PLA thathas, along with others such as Zhongxing, and Datang, received direct funding for R&D on C4ISR[high-tech intelligence collection] systems capabilities.”

37The report further added, “[a]ll of these [Chinese telecom] firms originated as state research institutesand continue to receive preferential funding and support from the PLA.”Huawei’s efforts to sell telecom equipment to U.S. networks have long troubled the U.S. defense andintelligence community, which has been concerned that Huawei’s equipment could be easilycompromised and used in Chinese cyberattacks against the U.S. or to intercept phone calls and e-mailsfrom American telecom networks.According to a 2005 report by the RAND Corporation, “both the [Chinese] government and the militarytout Huawei as a national champion,” and “one does not need to dig too deeply to discover that [manyChinese information technology and telecommunications firms] are the public face for, sprang from, orare significantly engaged in joint research with state research institutes under the Ministry ofInformation Industry, defense-industrial corporations, or the military.”In fact, in 2009, The Washington Post reported that the National Security Agency “called AT&Tbecause of fears that China’s intelligence agencies could insert digital trapdoors into Huawei’stechnology that would serve as secret listening posts in the U.S. communications network.Over the last several years, Huawei’s top executives’ deep connections to the PLA and Chineseintelligence have been well documented. As Gertz summarized in his article, “a U.S. intelligence reportproduced last fall stated that Huawei Technologies was linked to the Ministry of State Security,specifically through Huawei’s chairwoman, Sun Yafang, who worked for the Ministry of State Security(MSS) Communications Department before joining the company.”That is why senior administration officials in the Bush and Obama administrations have repeatedlyintervened to block Huawei’s access to U.S. networks. “In 2008, the Treasury Department-ledCommittee on Foreign Investment in the United States (CFIUS) blocked Huawei from purchasing theU.S. telecommunications firm 3Com due to the company’s links to the Chinese military,” Gertzreported.“Last year, under pressure from the U.S. government, Huawei abandoned their efforts to purchase theU.S. server technology company 3Leaf. In 2010, Congress opposed Huawei’s proposal to supplymobile telecommunications gear to Sprint over concerns that Sprint was a major supplier to the U.S.military and intelligence agencies.”When the White House, Intelligence Community, Defense Department and the Commerce Departmentall have worked to block Huawei from gaining greater access to U.S. networks, the American peopleshould take notice.In all my years in Washington, very rarely have I seen the defense, intelligence and civilian agenciescome together in such a quiet but concerted effort to warn of a security threat from a foreign entity.It’s not just Huawei’s longstanding and tight connections to Chinese intelligence that should trouble us.

Huawei has also been a leading supplier of critical telecom services to some of the worst regimes aroundthe world. Last year, the Wall Street Journal reported that Huawei “now dominates Iran's governmentcontrolledmobile-phone industry…it plays a role in enabling Iran's state security network.”Gertz reported that Huawei has also been “linked to sanctions-busting in Saddam Hussein’s Iraq duringthe 1990s, when the company helped network Iraqi air defenses at a time when U.S. and allied jets wereflying patrols to enforce a no-fly zone. The company also worked with the Taliban during its short reignin Afghanistan to install a phone system in Kabul.”Given all of this information, there should be no doubt Huawei poses a serious national and economicsecurity threat to the U.S. It is no secret that the Peoples Republic of China has developed the mostaggressive espionage operation in modern history, especially given its focus on cyberattacks andcyberespionage.Perhaps that is why Beijing has ensured that Huawei is able to continue its global market growth by“unsustainably low prices and [Chinese] government export assistance,” according to this commission’sJanuary 2011 report on the national security implications of Chinese telecom companies.Due to China’s secrecy, the full extent of Huawei’s subsidies are not fully known. But given itsunrealistically low prices, it remains unknown whether Huawei is even making a profit as it seeks todominate the telecom market. Why would the Chinese government be willing to generously subsidizesuch unprofitable products?The American people have a right to know whether their government is doing everything it can toprotect their cell phone and data networks.But I fear that with Huawei’s rapid growth in the U.S. market, we may soon find that we are toointertwined with Huawei network equipment and devices to address potential security concerns. Wemust resolve these concerns before Chinese telecom firms make significant inroads on U.S. networks,not after.And as Huawei increases its lobbying presence in Washington, members should be fully aware of thefirm’s intimate links to the PLA and the serious concerns of our defense and intelligence community.Verizon, Sprint, AT&T, T-Mobile and other U.S. network carriers should not be selling Huawei devicesgiven these security concerns. But if they do, they have an obligation to inform their customers of thesethreats. This is especially important when carriers are selling Huawei phones and tablets to corporatecustomers. They have a right to know that Beijing may be listening.Thank you again for the opportunity to testify this morning. I look forward to working with thiscommission as we continue to address this challenge.38

39HEARING CO -CHAIR WORTZEL: Mr. Healey. Than k you.OPENING STATEMENT OF JASON HEALEYDIRECTOR, CYBER STATECRAFT INITIATIVE, ATLANTIC COUNCILMR. HEALEY: Than k you very mu ch. Good mornin g, Commissioners.Happy Monday morning. Than ks for the opportunit y to be here.The government is f inally, f inally becoming more c lear-minded aboutthe risk of Chin ese espionage and is ru shing toward s a solution, and I don't d oubtthe hard work, the patriotism of those people in the execu tive branch as they'replowing ahead on t his, but it 's n ot clear that we're headin g in the right direct ion.The threat of Chinese esp ionage is so critical that General Alexanderhas called it "the biggest tran sfer of wealth through theft and privacy in thehistory of man kind" --the history of man kind. So b ad, in f act, that the governmentmight have t o start regulating the p rivate sector, and our companies might haveto submit their communication s to government monitorin g.But the threat is not so bad apparently to interest the government inthe history of how we got here, or to go enough on the recor d about the threat totake risks to share needed information , or be willin g to tell the Ch inese to backoff, and I call these the government's four silences. Added together, I fearthey're drivin g us t o defeat.First, silen ce about how we got here. This silen ce is more ofignorance than interact ion. When I meet with them, too many of America's cyber -warriors and p olicymakers feel the p roblem st arted somewhere around 2003 t o2008. Th at is rough ly when they person ally got involved.It turns out that we'r e so busy ru shing into the future we haven 'tbothered to really look b ack and f igure out the lessons f rom the past , so nowonder we keep having t o learn new wake -up calls.So our understanding of the basic issu es is as old as I am: the DefenseScience Board that f irst discussed hard ware or software leakages, intrusions,supply chain attacks and appropriat e risk levels was researched in 1969 andpublished in 1970. Forty years, and we're still stru ggling t o understand this.We kn ow we face p atient and mot i vated adversaries with extensiveresearch ers that are adept in circumventing safeguards. Those exact phrasescome not f rom an y recent NCIX rep ort about the Advanced Persistent Threat, butthe National Research Council from 1991, the year that I got commis sion ed in t heAir Force.So for more than 20 years, the executive branch h as understood APTthreat, and yet we're still st rugglin g an d treating it like it's new.America suffered it s first state -spon sored espion age case n ot in 2003but in the mid -1980s. Our first Title 10 combat unit conducting offense and

defense st ood up in 1995, not 2005, an d we had a joint warfightin g cybercommander in 1998, not 2008.Looking back should teach u s important lessons, perhap s the mostimportant of wh ich is we're stuc k in a cycle of sufferin g. If we're goin g to learnfrom this history, we need to collect it and teach it. I've st arted a history serieswith the Atlantic Council start ing with "Lessons From Our First CyberCommanders" and am the prin cipal in vestigator fo r the f irst cyber conflict hist orybook.The government needs to begin it s own effort to go out, t o collect thishistory, start the oral histories with some of these commanders and otherfounding members t hat we can learn from it.And just like milita ry officers have to learn their h istory --Rich and Iwere at the Air Force Academy --we had to learn the lesson s of the early airpioneers and be ab le to apply them tod ay, learn the early air campaign s and units,and be able to apply those lesson s to t oday --we h ave to d o the same thing fortoday's cyb er warriors. The milit ary n eeds to do this. DHS needs a companionprogram to help make sure their people understand.Second, silen ce about the threats we face. Govern ment officials seemkeen to leak info on ho w bad Chin ese espionage is, but unwillin g to actually t ellthe American people or our comp anies and critical infrastructure. If espion age issuch a problem, how come we h ave t o hear about it f rom t he press or fromexpert s like those sharing this pan el wit h me today? Th an k goodness for theCommission 's reports.When I ask the executive branch wh y they can't say more, I get arange of overlappin g but insufficient reason s:We are sharing; did n't you see the NCIX report ? I have no opinion;it's classified above my level. We'd like to share; it 's cau ght up in interagen cy.We can't prove it's China. If we say Ch ina is doin g it, they may get an gry and stoplending u s money. There's nothin g illegal about sp yin g. If we declassif y what weknow of the threat, people would pan ic. The private sector isn't sharing with us,so why should we share with them? M y response of "government for the people"win s that argument less than y ou might imagine.If we discu ssed this, it wouldn't matter sin ce the Chinese won 'tchange their b ehavior. It's a wilderness of mirrors. If we discussed this, then theChinese would know that we know that we know that they know. If we t alk, t henour intelligence t ake wou ldn't be quite as good.None of these reasons sin gly or in comb ination can possibly besufficient given how bad ly we're losin g. If the private sector is tru ly critical, wehave to chan ge our mind -set . We treat this as a state secret even from thoseunder attack. The government is creating our own "wilderness of mirrors" builtentirely around itself. We're not facing a sin gle monolithic KGB, but a splash of40

non-state hacker groups loosely affiliat ed with d ifferent of ficial organ s of theChinese st ate.Government mu st f ollow the example of this Commission and be clearabout the depth of the problem and name the problem in volved: Ch ina. We'llnever make progress if everyone looks for their classificat ion stamp s when theword s "Chin a," "cyber," and "espion age" are u sed together. The sp y -versu s-sp ymentalit y is driving us into defeat. We have to take every opportunity to b e clearand public about what we f ace.Third, silence about pract ical informat ion which could help the privatesector. While the government has start ed projects, most n otably the DIB cyberpilot to sh are NSA's sign atures of malicious software, these require securit yclearan ces and secu re facilities. Th ey likely increase our work f actor more thanthat of our ad versari es.We have to sh ift the government's min d -set to seeing the privatesector as the "supported command" rat her than the "supporting command." Toomany of the govern ment's p lan s put the government at the center and look t o theprivate sector t o give the go vernment support, and that's obviou sly the reverse ofwhat 's need ed.As one bold step , we could simply declassify the signatures. After all,the bad guys have t hemselves alread y made their maliciou s software public b yreleasin g it , so sources and method s sh ould not be a sign ificant prob lem, be lessexpen sive in the lon g run, and wou ld bolster rather than su pplant the securitymarket .Last , silen ce to the Chinese about ou r increasin g fury. I was at arecent event at Georgetown that had b oth China cyber and nonproliferationpeople, or people t hat have dealt with China on these issu es. Thenonproliferators were able to d raw on a range of conversations they had with theChinese. When we talked to them ab out Iran or North Korea, they're helpful.When we t alk ab out Pakistan , they're not helpful. Sometimes it helps if we goreally public and sp lash y. Other times it helps if we go really quiet , and we makesure it 's not in the press.When we talked to the cyb er peop le, we found out there h as beennothing s imilar, not hing like that kind of conversation with the Chinese. We'vementioned it to them, as I've b een told Vice President Biden did, but not a ran geof con versation s like the nonprolif erat ion people found to be very su ccessful.If this is as bad as we say it is, if this is so b ad we might h ave to passnew laws to regu lat e the private sector, and we're keepin g it private, I meansecret from the private sector, we have to bring it up in every opportunity that wecan, to p oke the Chinese in the chest p ub licly and private t o say regard less ofwhether this is actually your government doing this, you must help us stop itbecau se fran kly it's getting towards one of our red lines.41

Thank you .42

43PREPARED STATEMENT OF JASON HEALEYDIRECTOR, CYBER STATECRAFT INITIATIVE, ATLANTIC COUNCILThe Government’s Four Cyber SilencesTestimony ofJason HealeyDirector, Cyber Statecraft Initiative, Atlantic Council to theUS-China Economic and Security Review Commission on“Developments in China’s Cyber and Nuclear Capabilities”Monday, March 26, 2012George Mason University, Manassas, VirginiaThank you for the opportunity to be here.I am going to speak very plainly today. The government is finally becoming more clear-minded aboutthe risks of Chinese cyber espionage and is rushing towards solutions. And while there is no doubtingthe hard work and patriotism of those behind these efforts, it is not clear we are heading in the rightdirection.The threat of Chinese espionage is so critical that the commander of our military cyber defenses hascalled it the “the biggest transfer of wealth through theft and piracy in the history of mankind.” It is sobad, in fact, the United States may need to regulate the private sector and our companies need to submitto government monitoring.But the threat has not bad enough to interest the government in the history of how we got here, orenough to go on the record about the threat, to take risks to share needed information or be willing to tellthe Chinese to back off.I call these the government’s Four Silences. Added together I fear they are driving us to defeat.

44First: Silence about how we got here. This silence is more of ignorance than inaction. When I meetwith them, too many of America’s cyber warriors and policy makers feel the battle only startedsometime between 2003 and 2008 – that is, roughly when they personally got involved. We have beenbreathlessly rushing into the future, rarely looking back to learn what has happened before. No wonderwe keep having new wake-up calls.Our understanding of the basic issues is as old as I am. The Defense Science Board report that discussedhardware and software leakages, intrusions, supply chain attacks, and risk levels was researched in 1969.And yet we’re still struggling.We know we face adversaries that have “extensive resources in money, personnel, and technology;” andare “adept in circumventing physical and procedural safeguards,” “patient and motivated,” and “capableof exploiting a successful attack for maximum long-term gain.” However, those exact phrases come, notfrom any recent NCIX report, but the 1991 “Computers at Risk” report from the National ResearchCouncil.For more than 20 years, then the Executive branch has understood the advanced persistent threat … andyet we’re still struggling.America had its first state-sponsored cyber espionage case not in 2003, but in the mid-1980s. Our firstTitle 10 combat unit conducting offense and defense stood up in 1995, not 2005. We had a jointwarfighting cyber commander in 1998 not 2008.We treat cyber as forever novel and so we can’t learn any lessons. No wonder we’re forever struggling.Looking back should teach us important lessons, perhaps the most important of which is we’re stuck in acycle of suffering.If we’re going to learn from this history we need to collect it and teach it. The Atlantic Council has

45started a history series, starting with “Lessons from the First Cyber Commanders” to help and I amprincipal investigator with the Cyber Conflict Studies Association on the first cyber conflict historybook. The US government should begin their own efforts, to collect key documents, conduct oralhistories with the first generations of cyber warriors and start codifying the lessons learned.And just as today’s military officers learn the lessons of Cannae, Trafalgar, the Chosin Reservoir, andMIG Alley, so must DoD’s new cyber cadre study yesterday’s cyber operations to understand those oftomorrow. This history should be part of the professional military training of our new military officersand a core part of the curriculum in courses to build military cyber warriors. DHS should likewiseinclude this in their own coursework as part of their education projects to ensure it reaches the civilianworkforce.Second: Silence about the threat we face.Government officials seem keen to leak information on how bad Chinese espionage is, but unwilling toactually tell the American people or our companies in critical infrastructure.If espionage is such aproblem, how come we have to hear about it from the press or from experts like those sharing this panelwith me today? Thank goodness for the Commission’s reports.When I poke government officials about this, they get giddy about trifles, a few sentences in an NCIXreport or pat themselves on the back because a few members of industry in critical sectors have receivedsecurity clearances and get periodic briefings. These are worthy achievements, but pale before theproblem.When I ask why the Executive branch cannot say more, I get a range of overlapping but contradictoryresponses:

461. We are sharing, didn’t you see those sentences in the NCIX report?2. I have no opinion and can’t discuss this: it is classified way above my pay grade.3. We would like to but it is caught up in the interagency.4. We can’t prove it’s really China.5. If we say China is doing it, they may get angry and stop lending us money.6. There’s nothing illegal about spying; after all, we do it!7. If we declassified what we knew of the threat, people would panic.8. The private sector isn’t sharing with us, so why should we share with them? (Somehow, my response of,“government for the people” wins that argument less than you’d imagine.)9. If we discussed this, it wouldn’t matter since the Chinese would not change their behavior.10. It’s a wilderness of mirrors. If we discussed this, then the Chinese would know that we know.11. If we talk, then our intelligence take won’t be as good.None of these reasons given, singly or in combination, are sufficient given how badly we’re losing. Ifthe private sector is truly critical, we have to change our mindset to be able to discuss the problem.Intelligence officers love to collect, more and more, and if they act it on that collection it might disruptthe flow. But by treating this problem as a state secret, even from those under attack, the government iscreating our own wilderness of mirrors, built entirely around itself. Worse, this familiarcounterintelligence game is one our adversaries do not even know. We are not facing a single,monolithic KGB but a splash of non-state hacker groups loosely affiliated with many different officialorgans of the Chinese state.What must be done? The government must follow the example of the Commission and be clear aboutthe depth of the problem and name the country involved: China. If it is time for action we need to takethis out of intelligence and counterintelligence channels and declassify significant portions, something

47that can only be done from the top.We will never make progress if everyone looks for their classification stamps when the words “China,”“cyber” and “espionage” are used together. The spy-versus-spy mentality is driving us into defeat.Given that it has said so little, no wonder there are so many skeptics of the government’s motives. If theadministration wants America to take it seriously, it must be clear: repeated speeches from seniorofficials, not just occasional sound bites; not just one NCIX report, but a slew of them; not just leaks tomedia, but interviews. The frequency and seriousness of their statements need to match the crisis athand and this should start from the White House.Third: Silence about practical information which could help the private sector.A related point to the one I just made is that the government has been far too cautious giving neededpractical information to the private sector. The reasons are usually the same, but the impact affects theirday-to-day defenses. When the private sector does not share, then they are either not patriots or toofixated on their shareholders. When the government does not share, it is okay, because it is classified,stuck in the interagency, someone else’s job, or we had a Deputies Committee say it was permissible tonot share it for intel gain/loss.In cyber conflict, the offense already begins with a head start. To beat them, the defenders need tosignificantly increase the bad guys’ work factor more than their own. While the government has startedprojects, most notably the DIB cyber pilot to share NSA’s signatures of malicious software, thesetypically don’t easily scale, requiring security clearances and secure facilities. They likely increase ourwork factor probably more than our adversaries.Indeed, a recent study found that only 1% of NSA’s signatures shared with the Defense Industrial Base

48were novel. How many hours were spent in interagency meetings for that one percent? Some inCongress and the military seem to want constitutionally troubling government monitoring of privatesector companies, but does this make sense for marginal gains?The fix is to shift the government’s mindset: in cyber conflict, the private sector is usually the“supported command” not the “supporting command.” They are the targets, the ones fighting in thetrenches every day, and if we want to win they need more help. Think about past cyber crises: in howmany did the solution depend primarily on government solutions? In most cases, the critical solutionsinstead came from McAfee, or Microsoft, not from any a department or agency. The exceptions tend tobe attacks that predominantly only affected the government to begin with. Yet too many of thegovernment’s plans put the government at the center, and look to the private sector to give support. Thisis the reverse of what is needed: it is the private sector that will fix the problem and the governmentshould be supporting them.To put it another way, we are finishing two major wars. When American soldiers have been in harm'sway, intelligence agencies will take significant risks to declassify the right information to keep themsafe. Though it is a different kind of fight, the US government should be willing to take similarly boldrisks to support our embattled companies on the front lines against Chinese espionage.As just one example of how to do this, we should simply declassify the signatures. After all, byreleasing their attacks “in the wild” over the Internet, the bad guys have themselves already made theirmalicious software public. This will be far less expensive in the long run and more effective as it wouldbolster, not supplant, the security monitoring market.This leads us to the last silence.Fourth: Silence to the Chinese about our increasing fury.

49A recent event at Georgetown University discussed the US experience dealing with China both forWMD non-proliferation and for cyber. The non-proliferation experts explained their long dialog withthe Chinese on this sensitive topic, through which they learned some keys to success.By drawing on a range of discussions, some successful and some not, these negotiators discovered theChinese government was more willing to limit proliferation to some countries but not others.Sometimes they discovered a discrete word to the Chinese leadership would work, while other timespublic shaming was needed. They still haven’t figured everything out, of course, but they can point toprogress in influencing Chinese behavior.When asked the same question, America’s cyber experts answered with a sheepish look, admitting thatwe have not yet told the Chinese leadership, in any similar fashion, that we are upset with their activitiesagainst us. We have mentioned it to them, but rarely more.How can this be? The first answer I receive is usually that we don’t want to upset the Chinese. Afterall, they own bazillions of US Treasury bonds. But is it true the United States is willing to square offagainst China on tire imports and rare earths, but not on “the biggest transfer of wealth through theft andpiracy in the history of mankind” in General Alexander’s words?We don’t need to pick an international fight (or perhaps we do) but at least, let’s start the official dialog.We must raise Chinese cyber espionage in every military-to-military dialogue, in ever JCCT meeting, inthe Strategic and Economic Dialogue, and with visits from all of their state leaders. How can we say weare trying to stop their espionage by doing anything less? How can we even consider governmentmonitoring of private networks before our own government has even told the Chinese they need to backoff? Better yet, we can choose from at least the United Kingdom, Australia, Germany, France andCanada to be a good cop to counter our bad cop routine.

Better yet, we don’t have to prove without doubt that every single espionage case is coming from Chinaor that the Chinese government itself is conducting50them. The Atlantic Council just published a ten-pointspectrum to help assign responsibility for cyber events(see table 1). This is just one tool that can help usaddress the forest of Chinese intrusions, rather than thetrees of the forensics of each case. As a nationalsecurity matter, we can simply decide to not care if theseare sponsored by the Chinese government or not. If thegovernment (and private sector) releases sufficientevidence showing the incidents are sourced from thatcountry, the administration can just hold themresponsible to make it stop. This approach of “nationalresponsibility” is likely to be far more effective thanforcing ourselves to jump over the needlessly high barof proving technical attribution.Table 1:The Spectrum of StateResponsibility1. State-prohibited. The nationalgovernment will help stop the third-partyattack2. State-prohibited-but-inadequate. Thenational government is cooperative butunable to stop the third-party attack3. State-ignored. The national governmentknows about the third-party attacks but isunwilling to take any official action4. State-encouraged. Third parties controland conduct the attack, but the nationalgovernment encourages them as a matterof policy5. State-shaped. Third parties control andconduct the attack, but the state providessome support6. State-coordinated. The nationalgovernment coordinates third-partyattackers such as by “suggesting”operational details7. State-ordered. The national governmentdirects third-party proxies to conduct theattack on its behalf8. State-rogue-conducted. Out-of-controlelements of cyber forces of the nationalgovernment conduct the attack9. State-executed. The national governmentconducts the attack using cyber forcesunder their direct control10. State-integrated. The nationalgovernment attacks using integratedthird-party proxies and government cyberforces

51ConclusionThe Administration and Congress are taking cyber espionage seriously, more seriously than they have inyears. Yet it is far from clear we are doing enough or heading in the right direction.We must at least tackle these four cyber silences:1. Silence about how we got here2. Silence about the threat we face3. Silence about practical information which could help the private sector4. Silence to the Chinese about our increasing furyThese will not by themselves solve the problem, but at least we will all understand the scope of theproblem and have us towards solutions that may break the cycle of suffering. To win, we must speak.To speak we have to declassify. To declassify we must be bold. And we must do this today.

52PANEL I – QUESTIONS AND ANSWERSHEARING CO -CHAIR WORTZEL: Well, thank you very mu ch, a ll three ofyou, especially for putting in pract ical recommendat ions.I want to ask Mr. Healey, if I might, wh en I look at some of your otherwritings, you seem to advise that the U.S. shou ld hold governments respon sibleand not focu s so mu ch on attributi on even if we can't attrib ute to a specif icorgan ization .And if I've characterized it right, I won der if you cou ld exp lain thatview and whether t here are legal steps such as General Cartwright outlined thatwe should be taking?And if the others have thoughts on this, please contribute.MR. HEALEY: Than k you very mu ch, Commissioner.This was one of my recent publication s, and I brou ght extra copies forCommission ers or f or attendees, that says I don 't thin k dip lomat s or generalsshould ever u se t he word "attribution ."Attribution is important if you 're a secu rity researcher. It's importantif you 're law enforcement because it h elps you find out the person respon sib le.The word "attribution" makes us start t hinking we have to begin at the techni callevel and then work our way up, and maybe at the end of t hat process, we canfind out if there was a government responsible.I thin k for dip lomat s and gen erals, that 's a su cker's game, and weshouldn't p lay it . Look at Eston ia. Forensically, we were told that 178 countrieshad servers that were resp onsib le in the attack. That is not helpful. That isforensic informat ion that clouds the fact that if the president wanted to makethat attack stop, he had to do one thin g, or he had to st art in one plac e, and t hatwas pick up the phone and call the Kremlin . 178 countries didn't matter. Onecountry mattered. Russia.So that's what I say, we don't have to p lay the game of difficultattribution . It 's an important step, and we need t o continue also doin g that, b utif I were in the situation room, again, advising the p resident when this happens,or let's take it to Ch inese espion age --I'm sorry--let's be direct about this --wedon't have to prove that the Chinese government is beh ind any of this. We haveenough eviden ce from security researchers and from our own intelligen ce to comeout and say, look, enough is enough . We don't care if you're behind it or not, butthere is enough that shows that Chinese cit izens and organ ization s are involved.We are gett in g to a red line. Please make it stop .HEARING CO -CHAIR WORTZEL: Th ank you.Anythin g to add on that?MR. BEJTLICH: I would add that for cases where you can say this is aserious prob lem, that it does make sen se to contact the country that you believ e

is respon sible. I think that there's a range of that that hap pens in the non - cyb erworld. I mean clearly what happened af ter 9/11 is we felt t hat Afghan istan washarborin g a group of people that we did not like, and it reached the level of“we're goin g to do something about that. ”I thin k that there are probably cyber eq uivalents where you can saythis is su ch a p roblem, and maybe it doesn't have to be a major cyber attack, itcould simp ly b e a p attern of activit y over man y years, which is what we've h a dnow for the last seven, eight, nine years, that you could say we have identifiedthe followin g systems. Con sistently over the cou rse of that time, they have beeninvolved in the deat h -by-a-thou sand-cu ts sort of economic espionage, and wewould want you t o t ake them down.I was actually shocked this morning to hear Gen eral Cart wrightmention that we had done something like that in Ch ina. M y compan y, we cou ldprobably provide lists of infrastru cture we wou ld like t aken down if --HEARING CO -CHAIR FIED LER: That 's wh y I asked the question.[Laughter.]MR. BEJTLICH: --it's su ch a possibility.MR. VILLENEUVE: Yes. From a purely t echnical perspect ive, I'veactually personally had decent luck dealing with the Ch inese server to getindividual servers t urned off. I treat it like a normal botnet case, as I would inany other, and report it as mali ciou s activit y, and they u su ally shut them down.The problem is that we u sed to see a lot of servers actually hosted inChina, but now we see them host ed all over the world, a lot actually in the UnitedStates.Now, of cou rse, det erminin g who's con trolli n g these servers is adifferent quest ion. But even that, there's been some fantastic work by JoeStewart looking at t he originatin g IP ad dresses of those wh o are controllin g sortof intermed iary servers that were host ed in third countries. So there is mor ework to be done there. I thin k the trick is whether a lot of the law enforcementagen cies who would be respon sible for shutting these down would rather keepthem up and watch them or shut them down for d efensive purposes.HEARING CO -CHAIR WORTZEL: Th a nk you very mu ch.Commission er Shea, or Ch airman Shea.CHAIRMAN SHEA: Thank you . Than k you for your testimon y, all threeof you .I just want to get at the point that you 're makin g, Mr. Healey. Youmentioned General Alexander's quote sayin g that this is the biggest transfer ofwealth through thef t and piracy in the history of man kind. We're familiar withthe NCIX report of last October.Read ing an op - ed from the former Director of the NSA, the head ofHomeland Secu rity, and Deputy Secretary of Defen se:53

The Chin ese govern ment has a nation al policy of econ omic espionagein cyberspace. In fact, the Chinese are the world's most active and persistentpract itioners of cyb er esp ionage today. And then they say t his cost s us easilybillions of dollars and m illions of job s --these three individuals who arerespon sible for our nation's nation al securit y.And then I hear from General Cartwright that we should, t hegovernment should, prospectively en gage in a d ialogue on this issue, and if this isthat big a deal, wh y haven 't we raised t his issue with the Chinese d irectly? I'mbeginnin g to thin k maybe it's not that big a deal, and this is ju st a lot ofhyperbole.If all these statements are tru e, I'm just sort of mystified as to whythis is not at the center of our relationship and discussion s. All three of you ifyou can an swer.MR. HEALEY: It mystifies me also that we're willin g to poke about somany d ifferent WTO cases, whether it 's solar panels or tires, and I know t ires canbe important, but many other issues, we're willing to poke the Chinese about, butnot for this.I thin k it 's becau se the spy/counter sp y, the counterintelligencementalit y, that if we share this, then we might lose some collection , and thatreally d isappoints me having spent so much time in the private sector, havingbeen a taxpayer an d a taxp aying comp any, to f ind out that we're being allowed tosuffer in the p rivate sect or so that our intelligence community can get bettertake, so that our spyin g can be a bit better.The benefits of esp ionage predomin antly accrue to the government.The espionage that we're seein g penalizes primarily the private sector, and I t hinkthat's an imbalan ce that we can no lon ger afford.MR. BEJTLICH: I would agree with that . We just d on't have aconst ruct for thin king about this. Righ t now, my company is respondin g tosomewhere bet ween 12 and 16 intru sions that are serious. We don't take smallwork. We take the worst of the worst, and we work to keep that out of the news.So these are comp anies tha t they do not want to be known that their mostsensitive intellectual property is now overseas, and these are all compan ies t hathave had this happen. These are all intrusion s that st arted last year or earlier , sowe ju st don't know how to thin k about thi s.And these compan ies don't know how t o think about it . We haveconversation s where they say “we ju st lost all this data. ” It takes them months totry to figure out wh at the econ omic value is, and then they make decisions or t heythink ab out decisions like “do we have to sell ourselves to a larger comp any inorder to preserve some type of shareh older value in the event that this get s outin six months or a year? ”I mean these are the sort s of conversat ions we're havin g t hat no one54

knows h ow to thin k ab out it, and very rarely does it get to the level of a CEOmaking a decision, well, “ I'm ju st not going to do business in Chin a an ymore. ”Most of these comp anies still continue to do business.MR. VILLENEUVE: I'll ju st quickly echo what 's been said. In thesecu rit y communit y, we're often under NDAs or we h ave cu stomers who haveprivacy to prot ect , and a lot of u s report, we disclose compromises d irectly to thevictims, and that's a tough job to phone somebod y up and tell them that they'vebeen breached, and a lot of this is happening, but there is no sort of public recordof it, which is why p eople thin k that we're often overst ating the problem.MR. HEALEY: If I may, if a private company doesn't share, then it'stoo beholden to it s shareholders or it's beholden to China or they're not pat riots.If the govern ment d oesn't share, it 's intel gain loss and the deputies committeesaid it was okay.HEARING CO -CHAIR WORTZEL: Mr. Wolf has arrived . He's going tostart at 11 , so we're goin g to continue with que stion ing, and then a coupleminutes before that I'll break , and we'll get read y for h im.Commission er Wessel.COMMISSIONER WESSEL: Than k you, gentlemen, f or bein g here. Ihope that you --I have probab ly a numb er of hours of quest ions --that you 'll bewillin g to respond t o a mu ch short er su bset in writing later for anything that wemay not get to with the panel today.I wanted to ask a q uestion of the whole panel startin g wit h you aboutthe movement towards the cloud, wh ich, in the desire to reduce the fe deralbudget deficit, there is a view that going to the cloud has enormou s cost savings,and it certain ly d oes, but the lateral movement of d ata wit hin a cloud is actuallypretty sign ificant --correct me if I'm wrong --from a technical perspective. Youdon't have a dedicated server in the cloud. Data is written to the next availablewhatever, and the software makes sure that your d ata is, in fact, relayed b ack toyou upon demand.So the abilit y, as I understand it , for cyber intrusions or cross -migration and the abilit y to get somebody else's data is p robably p rettysign ificant if you go into root kit s or an ything else within a server farm within t hecloud, so to say.Last week I saw an article from the Au stralian press, Ch inesetechnology giant Hu awei has been banned by the federal government f romparticipatin g in ten ders worth b illions of dollars to supply equipment to thenational b roadband network, et cetera, stemming from con cern s that doin gbusiness with Huawei cou ld make the NBN vu lnerab le to cyber at tacks originat ingin Chin a.I asked that quest ion of the General before. What sh ould we belooking at in terms of the supply ch ain s, and now movin g t owards the cloud, t hat55

the provision of the equipment, are those new vectors for attack? Shou ld we belooking at them an y differently than we look at the current phishin g malware,other attacks? Is that an in creasin g problem, decreasing? How shou ld we belooking at it ? And each of the p anelist s if you could ?MR. BEJTLICH: Sure. The cloud is one of the most comp licated --Imean if enterprise securit y wasn't already complicated, factoring in the cloudmakes it exceptionally more complicated.There's a comp lex set of tradeoffs h ere. If you 're a small company ormid-size compan y, and you have zero t o one security peop le or perh aps zero t oone IT peop le, you get a defin ite ad van tage in securit y going to the cloud becauseyou would imagine the cloud people have somethin g security - wise.COMMISSIONER WESSEL: Firewalls or anything else that you may notwant to spend the money on .MR. BEJTLICH: Absolutely.COMMISSIONER WESSEL: Yes.MR. BEJTLICH: So f or man y of the companies that we're seeing h itnow, there's a b ig advantage to going t o the cloud b ecause you're ju st better off.However, at the higher end wh en you can staff a team, wh at happensis when you go t o the cloud, you tend to lose visib ilit y. You can't inspect yourown equipment now to see what the state of it is b ecause it 's all hostedsomep lace else.And again, you have to sort of differentiat e bet ween what 's cloud,what 's hosted . We have seen the Chinese actors going after hosted en vironments.In other word s, equipment that is controlled b y an organ ization, but it's hou sedsomep lace else. So we have seen that h appening.We haven't seen attacks against sort of pure cloud like aSalesForce.com or something like that . But as the data is increasin gly in thoseplaces, I'm su re we're going to see it . Well, I say we'll see it, but that's really theproblem as well. Who will see it ? The victim p robably won't.I mean , can you tell when you use you r Gmail account if someone hasbeen there looking at your e -mail? Probably not . I mean, guess what, Gmailhardly kn ows either. So those are the challen ges I see.COMMISSIONER WESSEL: But then the in tersection bet ween, again, anincreasing movement to the cloud and the globalizat ion of supply ch ains --MR. BEJTLICH: Righ t.COMMISSIONER WESSEL: --again , as you're pointing out, it moves outof your shop to somewhere else. Small guy, yes, it's better for the government.MR. BEJTLICH: Yeah .COMMISSIONER WESSEL: Does that in crease the security risks ordecrease them? What's your view about the intersection there?MR. BEJTLICH: I would say overall there is, I'll just tell you what we're56

doing. We 're movin g our e -mail in-hou se. I feel that if you can run it you rself,you're going to gain the securit y benefit. We saw with the Aurora attacks, theywent after Gmail to get the dissid ent e- mails. So we're going to see more of thatas more people put sensitive data in those locat ions.MR. VILLENEUVE: I can't really expand too much on wh at Richard justsaid , but wh at I will also p oint out is that the cloud also provides new avenues forthe attackers. So what we're actually seeing is malware that make s use of thecloud for elements of command and control, so whereas b efore you cou ld look atyour net work t raffic and say, you know, wh y are there st range connect ions to thisother part of the world in the middle of the night, now, if you're looking at thetraffic, all you'll see is connection s to Gmail.COMMISSIONER WESSEL: Your b ilateral traffic. Right. Right.MR. VILLENEUVE: We've seen malware that uses Google's encryptedGtalk Chat as a mechanism of command and control. Cloud file sh are hostin gservices u sed as elements of command and control and also to drop exfiltrateddata. So all of those things start obscu ring an y geographical indicators that weused to look at before.COMMISSIONER WESSEL: Mr. Healey, any?MR. HEALEY: Than k you.Very b riefly, it's ju st the latest in a long history of rush ing ahead andthen figurin g out the securit y afterwards. Whether it was the Internet it self oralmost every product that's ever come out, people h ave said, well, put this ou tand we'll figu re out how to do it securely afterward s. So in that way, it's reallynot surprisin g.And the cloud is d oing this, which is wearing f or espionage, but muchmore wearing f or me is doing it also for industrial control systems, that we'retakin g these things that really b r eak, things of steel and concrete, that you can'tjust reboot and rep lace, that when they break, peop le will die, and that we'resaying, wait , let 's connect that to the Internet.And I understand, it 's great economic reason s for doing it , but itneeds to worry u s very deep ly.COMMISSIONER WESSEL: Than k you.HEARING CO -CHAIR WORTZEL: Commissioner Fiedler.HEARING CO -CHAIR FIED LER: Mr. Bejtlich, you talked abou tcommunication s companies bein g 23 p ercent of the t arget . You're talking aboutmanufacturer s. You 're talking about IP providers. I'm t ryin g to get at two thin gs.I mean stealin g technology is one thin g. Everybod y is st ealin g everything.MR. BEJTLICH: Righ t.HEARING CO -CHAIR FIED LER: Listen ing or scoopin g up communication swithin the Un ite d St ates is another. How extensive do you believe Chineseinterception of communication s, public regular communicat ions that all of u s d eal57

with daily, is goin g on?MR. BEJTLICH: So t he cases that I talked about are the h ardware andsoftware manufacturers, and as far as we haven 't seen an y eviden ce of Chinesecollect ion again st American target s using that sort of thin g.HEARING CO -CHAIR FIED LER: If we can do it all over the world, wh ycan't they? And wh y aren 't we talking about that?MR. BEJTLICH: Well, so puttin g on my intel hat for a secon d, I wouldimagine that they would be pursu ing the same sorts of syst ems that we h ave overtime--satellite-based systems and that sort of thin g.We see them takin g the technology from these telecom co mpanies toimprove their own capabilities and then also t o come out with low -costcompet itors wh o can then outbid everyone else on these sort s of nat ionalinfrast ructure projects.HEARING CO -CHAIR FIED LER: And are we seein g the ad aptation, if youwill, of hard ware by Chinese manufacturers that allows them to do an ythingnefariou s in the United States?MR. BEJTLICH: I'm not personally aware of anything like t hatalthough --HEARING CO -CHAIR FIED LER: An ybod y?MR. BEJTLICH: --ju st on a quick point about that, we do see themtryin g to allay peop le's fears b y sayin g, well, we'll have nat ional cert ification andtesting and this and that.The problem is if an y of these systems are remotely upgradable, andeverythin g is, becau se you need to apply security p atches, they'll test everything,they'll say it's clean . As soon as they ship it, and they need to upgrade it, that'swhen they'll slip in the back doors.So I wou ld caution anyone who thinks t hat the testin g is --HEARING CO -CHAIR FIED LER: So it's a p erpetual problem?MR. BEJTLICH: Oh , absolutely, if it is p ossible to modif y the deviceremotely.HEARING CO -CHAIR FIED LER: That 's wh at the General was referring toabout chan ge --MR. BEJTLICH: Yes.HEARING CO -CHAIR FIED LER: --and p lugging this and plugging that in .It also sounds to me, as a layman, that we're talking about what isessentially an indef ensible problem. I mean we're doin g t his for years; we don'thave a d efense. We don't have an effective defen se. The p rivate sector d oesn 'thave an effect ive d efense. The defen se establish ment doesn't have an effect ivedefense. This is a p roblem.MR. BEJTLICH: It is, but it's interesting to me that it now resemblesthe real world . Non e of us came h ere in a tank. None of u s put our kid s to s chool58

in Kevlar vests and helmets. We've developed ways to d eal with an inherentlyvulnerable person b iology system.And we're there now with computers. It's been a f ict ion over time tothink that we cou ld defend computers in a way that we cou ldn't def end an ythingelse, I think.HEARING CO -CHAIR FIED LER: Well, so let's get to that for a second. Imean are you sayin g that it's indef ensible ultimately?MR. BEJTLICH: If you are dealing with a professional intruder, theprofessional intruder will win. There's an inherent ad vantage to offen se in cyber,I believe.MR. HEALEY: The b est that we can do is make it more difficult forthem. You know, ju st like conflict in an y other domain , it's going to be one forceactin g on another one, and this continual campaign , as Nart just discu ssed .So the more things that we can do to make it more difficult for them,force them into other places, in crease their work factor, make them give up, t henthat's the best that we can do, and if you look at the kinds of thin gs thatMandiant does or other people come out with, most of these intru sion s are notdifficu lt.They're ab le to use very simple --they d on't have to be ad vanced . Theydon't even h ave to be that persistent, and the more that we force them to b eadvan ced and persistent, the better off we'll b e.HEARING CO -CHAIR FIED LER: Than k you .We're going to break for a moment --HEARING CO -CHAIR WORTZEL: We're going to break now.HEARING CO -CHAIR FIED LER: --gentlemen, and we'll call you back inafter--HEARING CO-CHAIR WORTZEL: We'll call you b ack in . We've got morequestion s.HEARING CO -CHAIR FIED LER: We've got a lot more quest ions.HEARING CO -CHAIR WORTZEL: We got a lot of Commissioners thathave more question s for you. Than k you.Congressman Fran k Wolf is the Representative for Virgin ia's 10thCongression al District, serving in Congress sin ce 1981. He's also Chairman of t heHouse Appropriations Subcommittee on Commerce -Ju stice -Science and RelatedAgen cies; co - chair of the Tom Lantos Hu man Rights Commis sion; and a member ofour sister commission, the Con gression al -Executive Commission on Ch ina.Chairman Wolf has also b een a leader of congression al efforts toaddress cyber security con cerns related to China. In 2006, congression alcomputers that con tain ed information about political dissidents from around t heworld were comp romised b y peop le working from within China, in cludingcomputers in Con gressman Wolf's office.59

In addition to working to raise awareness of cyber threats, theCongressman authored a number of cyb er security provisions as p art of thespending b ill that f unds the Departments of Commerce an d Justice, NASA, an d theNational Scien ce Foundation for FY 2012.Some of these in clu de: a Joint Cyber Securit y Center for FederalCivilian Agen cies; new statutory certif ication requirements of IT systems toensure supply ch ain secu rit y; expan sion of trainin g for FBI cyb er agents; increasedfunding and resources for the FBI's uniq ue cyber -related au thorities andexpert ise; and requiring the FBI to prod uce an annual Nat ional Cyber ThreatAssessment.Congressman, the Commission is very p leased to have you here and tohave your support . The nation is fortunate to have you as a leader in Congress.We're honored b y your presence and look forward to your te stimon y.60

61STATEMENT OF FRANK WOLFA U.S. REPRESENTATIVE FROM THE STATE OF VIRGINIAMR. WOLF: Well, thank you very mu ch, and I appreciate theopportunity to t estify.At the outset, I don 't know if you saw t oday's --on the Internet --theWash ington Post, Associated Press update, Monday, March 26, 5:21 a.m., out ofAustralia. It says Australia has banned Chinese technology giant Huawei frombidding to help build a nation wide h igh -speed Internet net work due to con cernsabout cyber attacks traced to Ch ina.Australian Prime Minister Julia Gillard said Monday the move wasamong, quote, "pru dent decision s" to ensure that the plan ned network functionsproperly. The ban highlights con cern about Beijin g's cyber warfare efforts, aspate of hackin g attempts aimed at Western companies and the role of Chineseequipment providers, which are expanding abroad .So it's interest ing t hat this story came out the very day that you havethe hearin g.I want to than k you for the opportunit y to testif y today on t his veryimportant issue, and I appreciate more than I can tell you the continued goodwork b y the Commission and your h olding this f ield hearin g in Manassas.As you know, northern Virginia was really the birthplace of theInternet in the 1980s and '90s and remains th e East Coast "high tech" hub today.Today, northern Virginia is one of the f rontlines in the emergin gcyb ersecurity challenge, with a signif icant cyber workforce that is supportin g U.S.defense and civilian agen cies.I have been deep ly con cerned ab out th e cyber threat from China fornearly a decade. When I first st arted raising these concerns, the general attit udeof the U.S. government was to keep everythin g secret or, in some cases, ju st toignore the threat . In fact, when the Chinese attacked four of my office computersin 2006, along with many other House offices --I think there were about 17members if I remember --I rememb er Congressman Kirk was one; Con gressmanChris Smith was one --the FBI and others urged me n ot to disclose it publicly.After near ly t wo years of waitin g, I took to the House floor in June of2008 to inform my colleagues, and the American p eople, about the incident andwarn of the growing threat to the U.S. government and businesses.I believed it was important for the public to bet ter understand thisthreat and what the attackers wanted , not national securit y secrets, butinformat ion about Chinese d issidents that I had worked for.The attacker first h acked into the computer of my f oreign policy andhuman rights staff person, then the computers of my chief of staff, my legislat ivedirect or and my judiciary st aff person. On these computers was information

about all of the casework we have don e on behalf of political d issidents andhuman rights activists around the world .The computers, as I said , in other offices, in cluding the House ForeignAffairs Committee, were also compromised.It is logical to assu me that critical and sensit ive information aboutU.S. foreign policy and the work of Congress to help peop le wh o are sufferingaround the world was also op en to view from these official computers.In subsequent meet ings with the FBI of ficials, it was revealed that theoutside sources responsible for this attack came f rom within the People'sRepublic of Chin a. These cyb er attacks permitted the source to prob e ourcomputers to evalu ate our system's defenses and to view and cop y information.My su spicion is that I was t argeted and th e other memb ers, like CongressmanChris Smith and Sen ator Kirk, b y Ch inese sources because of our history ofspeakin g out about the Chinese govern ment's abysmal human rights record.I have spent hou rs with countless Ch in ese dissidents, ran ging fromUyghur Muslim activist Reb iya Kad eer, to house church pastor and ad vocate BobFu, to former laogai prisoner, Harry Wu .Just recently, I visit ed with an imp ressive group of Chinese lawyers inWash ington for the National Prayer Breakfast . To a person , each loved theircountry and were rightly p roud of their heritage, but all sought fundamentalchange. Th ey longed to live in a land where they cou ld worship freely, sp eakopenly and enjoy the basic protect ions of a con stitution grounded in rule of law.Their quarre l, and mine, is with a thin layer of leadership at the helm of theChinese Communist Party that rules by f ear and oppression .Keep in mind Liu Xiaobo, the 2010 Nob el Prize winner, was not evenpermitted to leave his prison cell to go to Oslo, nor was h is wife allowed to leavetheir residen ce. Sh e was under hou se arrest.Since I spoke out in 2008, there h as been a sea ch ange in how seniordefense and intelligence officials are p ublicly d iscu ssin g the cyber threat. Fouryears ago, some of these same leader s who were warnin g again st even publiclyacknowled gin g cyber attacks, much less the source of the t hreats, are n owpublicly warnin g of the threat in very st ark terms.I believe that this change has come ab out becau se these seniorofficials have determined that the situation has become so dangerous, as ou rnetworks and technology and comp anies become so interconnected, that theyunderstand that public awaren ess is in creasin gly crit ical t o deal with this threat.For examp le, last month, during the ap pearan c e before the SenateSelect Committee on Intelligen ce, FBI D irector Robert Mueller said that whileterrorism is the greatest threat today, quote, "down the road, the cyber threatwill be the number one threat to the country."2010 Pentagon report found, qu ote: "In the case of key nat ional62

secu rit y technologies, controlled equip ment and other mat erials not readilyobtainable through commercial means or academia, the People's Republic of Chinaresort s to more focused effort s, in cluding the use of its intellig en ce services andother-than-legal means, in violat ion of U.S. laws and export controls."The report also high lighted Chin a's cyber espionage efforts. The U.S.intelligen ce commu nity notes that Chin a's attempts t o pen etrate U.S. agen cies arethe most agg ressive of all foreign intelligen ce organiz ation s --far great er than t heKGB ever was durin g the days of communism in the Soviet Union and during the'70s and '80s, and in many other areas, too.Other senior U.S. military and intelligence officials have b e comeincreasingly vocal about their concerns about the scope of Chinese espionage andcyb er attacks. Defense Intelligen ce Agency Chief General Ron Burgess alsorecently testif ied that --quote--he said: "Ch ina has used its intelligen ce services togather in formation via a signif icant net work of agents and contacts u sin g a varietyof methods. In recent years, multip le cases of economic espionage and theft ofdual-use and military technology h ave u ncovered pervasive Chinese collect ionefforts."Last year, th e u sual ly reticent Office of the NationalCounterintelligen ce Executive issued a warning that, quote, "Chinese actors arethe world's most active and persistent perpetrators of economic esp ionage." TheCounterintelligen ce Office took this rare step of sin gling out the Chinese due tothe severit y of the t hreats to the U.S. n ational and economic securit y.And a March 8, 2012, Washin gton Post article described how, quote:"For a decade or more, Chinese milit ary officials h ave talked about conductin gwarfare in cyberspace, but in recent years, they h ave p rogressed to testin g attackcapab ilit ies during exercises. The PLA" --the People's Liberation Army --"prob ablywould t arget tran sportation and logist ics net works before an actual conflict to tryto delay or disrupt t he United States' abilit y to fight, according to the rep ortprepared b y Northrop Grumman" --for t his Commission , an d I want to commendthe Commission and thank the Commission for requesting and publishin g thisimportant research.We are b eginning to witness the con seq uences of the cyber threat.Accordin g to a M arch 13, 2012, N ew York Times article, quote:"Durin g the five -month period bet ween Octob er and Febru ary, therewere 86 reported at tacks on computer systems in the Un ited States that controlcrit ical infrast ructure, factories, and d atabases, according to the Department ofHomeland Secu rity, compared with 11 over the same period a year ago."In an interview with the New York Times, Homeland Securit y Secret aryJanet Napolitano said, quote:"I thin k General Dempsey said it best when he said that p rior to 9/11,there were all kinds of informat ion out there that a catastrophic attack was63

loomin g. The information on a cyber attack is at the same frequency andintensit y and is bubbling at the same l evel, and we sh ould not wait for an attackin order to do something."Notably, Chinese espionage isn 't limited to government agencies. Inan October 4, 2011, Wash ington Post article, Chairman M ike Rogers remarked,quote:"When you talk to t hese compan ies b ehind closed doors, they describeattacks that origin ate in Ch ina and have a level of sophistication and are clearlysupported b y a level of resources that can only be a nat ion - state entit y."Cyb er espionage is havin g a real and corrosive effec t on job creat ion,creat ing and causin g job s. You're t akin g job s away from America, and last year,the Wash ington Post reported that, quote:"The head of the military's U.S. Cyber Command, General KeithAlexander, said one U.S. comp any recently lost $1 b illion--$1 billion --worth ofintellectual propert y over the course of a couple of days --t echnology that theyworked on for 20 p lus years stolen by one adversary."The record is clear: what policymakers used to ret icently refer to as,quote, the "Ad van ced Persistent Th reat" is now increasin gly acknowledged asChina's asymmetric warfare and economic strat egy again st our country, again stAmerica.Becau se of our p ast relu ctance to ackn owledge the severit y of thisissu e, the Congress and the admin istrat ion ar e now stru ggling to keep up. Asmany are aware, several comprehen sive cybersecu rit y bills have stalled in theSenate amid ju risd ictional and partisan wrangling.The Hou se is quiet ly trying t o advance more targeted b ills, and I wantto commend and thank m y colleagues, Mike Rogers, chairman of the IntelligenceCommittee, and also Dutch Ruppersberger, the D emocrat ic --the Ran kin g Memb er,and Peter King, ch airman of the Homeland Security Commit tee, for their excellentleadership on this issue.As chairman of the House Appropriations Subcommittee that funds theFBI, Commerce and National In stitute f or Standards and Technology, mysubcommittee has also been funding some of the key civilian and law enforcementagen cies in volved in the fight again st cyber threat.That is wh y I priorit ized cyber securit y programs in Fiscal Year 2012Commerce-Ju stice-Scien ce Approp riations bill, in cluding significant in creases inthe FBI's joint cyber task force and requiring each agency to vet it s IT equipmen tpurchases. I also d i rected the FBI to produce an annual unclassified cyber rep ort.I am p lannin g to take even more sign ificant steps in the Fiscal Year2013 bill that is cu rrently under development, in cludin g --I want to tell this panel --adopting many of this Commission 's recommendations. Your recommendation swill not go unrecognized or ignored . We are goin g to adopt them , and we're going64

to put them into law.Although the government and the private sector h ave f inally come toappreciate this threat and start to take the necessary step s to address it , thethreat is evolving, and I am con cerned t hat we may continue to be behind thecurve.One issue that the U.S. h as failed to d evelop a coherent and strategicpolicy to address is the unique and unprecedented threat f rom Ch inese stat e -owned and state -directed compan ies that are operatin g in the U.S. I believe t histhreat is particularly pronounced in Chinese telecom firms.Earlier this year, Th e Economist magazine published a special reporton Communist Part y management of Chinese corporation s. The article n oted theChinese governmen t's particular support for its t elecom an d IT industry, notin gthat, quote, "the en d result is the creat ion of a new class of a state comp anies:national champion s that may n ot be owned by gove rn ments but are neverthelessclosely lin ked to them."The article reported that "the Communist Part y has cells" --and that'sa quote--"cells in most companies, in t he private as well as state - owned sector--complete with their own offices and files on emp lo yees. It holds meetings thatshadow formal board meetings and often trump their decisions."Accordin g to The Economist , the Chinese government even has anexpression for this strategy, quote: "Th e state ad van ces wh ile the private sectorretreat s."Author Rich ard M cGregor wrote that the executives at major Ch inesecompan ies have a, quote, "red machin e" with an en crypted line to Beijin g next totheir Bloomberg t erminals and person al items on their desks.Given this level of p arty control in Chin a's p rivat e sector, weshouldn't be surp rised to learn that the PLA has been operating cyber militias outof telecom compan ies.Last year, The Finan cial Times reported that the PLA has evendocumented how it will u se telecom firms for foreign esp ionage and cyberattacks.A paper published in the Chinese Acad emy of M ilit ary Sciences'journal n oted, quot e:"These cyber militia should pref erably b e set up in the telecom sector,in the electron ics and internet industries, and in in stitutions of scientificresearch ," and its t asks should include, quote, "stealing, changin g and erasingdata" on en emy net works and their intrusion with the goal of "deception,jamming, d isruption , throttlin g, and p aralysis."The same art icle also documented the growing numb er of PLA -ledcyb er milit ias h oused in "private" --private--Ch inese t elecom firms.The article reported on one example at the firm Nanhao: "Many of it s65

500 employees in Hengshui, ju st southwest of Beijing, have a second job. Sin ce2005, Nanhao has b een home to a cyber mi litia unit organized by the Peop le'sLiberation Army. The Nanhao operation is one of thou san ds set up b y the Chinesemilit ary over the past decade in technology compan ies and universit ies aroundthe country. These units form the backbone of the country's Internet warfareforces, increasingly seen as a serious threat at a t ime of escalating glob alcyb ertensions."This is what makes me so con cerned ab out Chinese telecom firms'growin g operation s in the U.S. market. Chinese st ate -direct ed firms arecollaborating and cooperatin g with the Chinese governmen t to a degree thatwould b e unfathomable in the U.S. or other West ern countries.And as these Chinese state -backed firms enter the U.S. market, it isunclear whether they will be playing b y our ru les or the ir own .Currently, the most con cernin g of these Chinese telecoms is Hu awei --and I read this report today, which you 'll see later --which is attemptin g toincrease its market share in the Un ited States and around t he world . Numerou sgovernment reports ha ve lin ked Huawei's corporate leadership to the Ch ineseintelligen ce services and the Peop le's Liberation Army, raising concerns aboutHuawei's networks and devices bein g subject to espion age by the Chinesegovernment.These connection s are part icu larly no t eworthy given Hu awei's rapidrise as a telecom giant. Accordin g to a March 18 article in the Wall StreetJournal, quote: "Hu awei Technologies Company h as almost doubled its workforceover the p ast five years as it strives to become a mob ile technology he avyweight."The article also not es that Huawei's n etwork business h as thrived atthe expen se of st ru ggling Western net work comp anies su ch as Alcatel - Lucent andNokia Siemen s Net works. Init ially, Hu awei supplied low -cost phones totelecommunicat ions opera tion s in the West under their own brand, but over thepast year, Hu awei h as been quietly building and in vesting in its own brand ofhigh-end smartphon es and tab lets.Huawei executives make no secret of t heir goal to dominate thetelecom market. In a Marc h 6, 2012 interview with the technology news Web site,Engadget, Huawei d evice chief Richard Yu said , quote: "In t hree years we wantHuawei t o be the in dustry's top b rand."However, Huawei's growth in the U.S. market sh ould give allAmerican s seriou s p aus e. Last week, respected n ational securit y rep orter BillGertz wrote in The Wash ington Free Beacon ab out this Commission's recentlyreleased cyb ersecurity rep ort.Gertz wrote, quote: "New information about Chinese civiliantelecommunicat ions compan ies' cl ose support of the Ch inese military andinformat ion warf are programs is raisin g fresh concerns about the compan ies'66

access to U.S. markets, accord ing to a report by the Con gressional U.S. -Ch inaEconomic and Security Review Commission.""One of the compan i es id entified in the report as lin ked t o the PLA isHuawei Technologies, a glob al net work hardware manufact urer that has t wicebeen blocked by the U.S. government since 2008 f rom tryin g to buy into U.S.telecommunicat ions firms."Gertz continued, quote: " Huawei is a well -established supplier ofspecialized telecommunication s equipment, train ing and related technology to thePLA that has, alon g with others such as ZTE and Datan g, received d irect fundingfor R&D on the C4ISR. That's the high -tech intelligen ce collection systemscapab ilit ies."The report further adds: "All these Chin ese telecom firms originatedas st ate research in stitutes and continue to receive preferential fundin g andsupport of the PLA."Huawei's efforts t o sell t elecom equipment to U.S . n etworks has longtroubled the U.S. d efense and intelligence communities, which has beencon cerned that Huawei's equipment could easily be compromised and used inChinese cyber attacks against the U.S. or to intercept phone calls and e -mailsfrom the American t elecom net works.Accordin g to a 2005 report by the RAND Corporation , quote, "both theChinese governmen t and the military t out Huawei as a nat ional champ ion, an d onedoes not need to d ig too deeply to d iscover that man y Ch in ese informat iontechnolo gy and telecommunication s firms are the public face for, sprang from, orare sign ificantly en gaged in joint research with state research in stitutes under theMinistry of Information Indust ry, defen se -industrial corporations, and themilit ary.In fact, the Wash ington Post reported t hat the National Securit yAgen cy called AT&T becau se of fears that Chin a's intelligen ce agen cies couldinsert d igit al trapdoors into Huawei's technology that would serve as secretlisten ing posts in the U.S. communicat ions net wor k.Over the last several years, Huawei's top executives' deep connection sto the PLA and Chin ese intelligen ce have been well documented. As Gertzsummarized in his article, quote:"A U.S. intelligen ce report produced last fall st ated that Hu aweiTechnologies was linked to the Min ist ry of Stat e Securit y, specifically throughHuawei's chairwoman, Sun Yaf ang, wh o worked f or the Min istry of St ate Security,MSS, Communications Department before join ing the comp any."That is wh y senior administ ration officials in the Bush and the Obamaadministrat ions h ave repeated ly intervened to block Hu awei's access to U.S.networks."In 2008, the Treasury Department -led Committee on Foreign67

Investment in the United States, CFIUS, blocked Huawei from purch asin g t he U.S.telecommunicat ions firm 3Com due to the comp any's lin ks to the Chinesemilit ary," Gertz rep orted."Last year, under pressure from the U.S. govern ment, Huaweiabandoned their efforts to purchase the U.S. server technology compan y 3Leaf . In2010, Congress opposed Huawei's p rop osal to supply mob ile telecommunicationsgear to Sprint over con cerns that Sprin t was a major supplier to the U.S. milit aryand intelligen ce agencies."And I would say this: when the White House, the intelligencecommunity, the Def ense Department, and the Commerce D epartment --we hadSecretary Bryson b efore us last week --all have worked to b lock Hu awei fromgain ing access to U.S. net works, the American people shou ld really take notice.In all my years in Washin gton, very rarel y have I seen defen se,intelligen ce and civilian agen cies come together in su ch a q uiet but con certedeffort to warn of a secu rit y threat from a foreign entity.It is n ot just Huawei's longstandin g and tight connect ions t o Chineseintelligen ce that sh ould trouble u s. Hu awei has also been a lead ing supplier ofcrit ical telecom services to some of the worst regimes around the world. Lastyear, the Wall Street Journal reported t hat Huawei, quote, "now domin ates Iran'sgovernment - controlled mobile -phone industry." Iran. Everyone is concernedabout Iran gettin g a nuclear weapon . You cannot not turn on the news and hearthis. "It plays a role in enabling Iran 's state secu rit y net work."You know what the state secu rit y net work does to the Iran ian people?And they're cooperating and helpin g.Gertz reported that Huawei has also been "lin ked to san ctions -bustin gin Saddam Hu ssein's Iraq durin g the 1990s when that comp any help ed net workIraq i air defenses at a time when U.S. and allied jet s were f lyin g patro ls t oenforce the no -fly z one." They were helping the Iraq is. Th ey were h elpin gSaddam.I mean that, I mean they now --well, I won't go off on another --but Imean that sh ould really get p eople very con cerned . The company also workedwith the Talib an during it s short reign in Afghanistan to install a phon e system inKabul. Almost 200 people from my dist rict d ied in the attack on the World TradeCenter.Now, everyon e knew bin Laden lived in Sudan from '91 to '94. Whenhe left and went there, they knew t he connection . Everyone knew theconnection . If you were deaf, maybe you didn't know it, or if you weren'tfollowin g it, you d id n't know it, but everyone knew the con nection with theTaliban . Mullah Omar never sent bin Laden out and allowed him to st ay, and t heyput a telephone system in for the Talib an. That should h ave everyone con cerned.That should h ave --h ave you been up to the World Trade Center?68

Given all this information, there should have been no dou bt thatHuawei p oses--and how does somebod y represent Hu awei? I understand they justhired a former member of Con gress t o now ---how do you d o that? Th at's like theSimon and Garfunkel son g "The Boxer." Remember that son g, "A man hears whathe wants to hear an d disregard s the rest."How do you di sregard that and come an d register and lobby for acompan y that h as b een involved like this? Given all this in formation , there sh ouldbe no doubt Huawei poses serious n ational and economic securit y threat to theU.S. It is no secret that the People's Rep ublic of Ch ina has developed the mostaggressive espionage operations in mod ern history, esp ecially given it s focus oncyb er attacks and cyber espion age.Perhaps that is wh y Beijin g has ensured that Huawei is able tocontinue its global market growth by u nsustainably low p rices and Ch inesegovernment export assist ance, accordin g to this Commission's January 2011report on the nat ional security implications of Chinese telecom companies.Due to Chin a's secrecy, the full extent of Huawei's subsidies are notfully known , but given its unrealistically low prices, it remains unknown whet herHuawei is even making a profit as it seeks t o domin ate the telecom market.Why would the Ch in ese government be willin g to generou sly subsidizesuch unprofitable p roduct s?The American people have a right to kn ow whether their governmentis doin g everything it can to p rotect their cell phone and d ata net works. But Ifear that with Huawei's rap id growth in the U.S. market , we may soon f ind that weare too intert wined with Huawei net work equipment and d evices to addresspotential securit y concern s. We mu st resolve these concerns before Chinesetelecom firms make sign ificant in road s on U.S. n etworks an d not after.As Huawei increases its lobbying p resence in Wash ington ever ycongression al office should know when they come in their connection to theIran ian issue, their connection to the Iraqi issue, their con nection to the Talib an.We did a p iece in the Con gressional Record a week ago. We're sendin g it to everymember of t he Hou se so they can 't say, well, I d idn't know, so they all know.And as Huawei in creases lobbyin g presence in Washington , membersshould be fully aware of the firm's intimate lin ks to the PLA and the seriou scon cerns of our def ense and intelligen ce co mmunit y.Verizon, Sprint, AT&T, T -Mob ile and ot her networks should not beselling Huawei devices given these security con cern s. But if they do, they h ave anobligation to inform their cu stomers of these threat s. This is especially import antwhen carrier s are sellin g Hu awei phon es and tab lets to corporate customers.They have a right to know that Beijin g may be listenin g.I want to than k you again for the opportunity to testify, an d I lookforward to working with the Commission on these issues, and, fra n kly, if the69

Commission wasn 't looking at some of t hese issues, I'm not so su re that an ybodyelse wou ld, and I want the Commission ers to know that your work has not b een invain .We are goin g to take a lot of this and we're goin g to use it, and we'regoing t o discu ss it on the floor. It 's going to be in the b ill so it's not ju st like, it'snot a resolution , it's going to be a law that we're goin g to come and push . Withthat, I than k you very mu ch .70

71PREPARED STATEMENT OF FRANK WOLFA U.S. REPRESENTATIVE FROM THE STATE OF VIRGINIAThank you for the opportunity to testify today on this very important issue. I appreciate the continuedgood work by the commission and your holding this field hearing here in Manassas. As you know,northern Virginia was really the birthplace of the Internet in the 1980s and 1990s and remains the EastCoast “high tech” hub today.Today, northern Virginia is one of the frontlines in the emerging cybersecurity challenge, with asignificant cyber workforce that is supporting U.S. defense and civilian agencies.I have been deeply concerned about the cyber threat from China for nearly a decade. When I firststarted raising these concerns, the general attitude of the U.S. government was to keep everything secret– or in some cases – just to ignore the threat. In fact, when the Chinese attacked four of my officecomputers in 2006, along with many other House offices and committees, the FBI and others urged menot to disclose it publicly.After nearly two years of waiting, I took to the House floor in June 2008 to inform my colleagues – andthe American people – about the incident and warn of the growing threat to the U.S. government andbusinesses.I believed it was important for the public to better understand this threat and what the attackers wanted –not national security secrets, but information about Chinese dissidents with whom I had had worked.The attacker first hacked into the computer of my foreign policy and human rights staff person, then thecomputers of my chief of staff, my legislative director, and my judiciary staff person. On thesecomputers was information about all of the casework I have done on behalf of political dissidents andhuman rights activists around the world.The computers in the offices of several other Members were similarly compromised, as well as a majorcommittee of the House, the Foreign Affairs Committee.It is logical to assume that critical and sensitive information about U.S. foreign policy and the work ofCongress to help people who are suffering around the world was also open to view from these officialcomputers.In subsequent meetings with FBI officials, it was revealed that the outside sources responsible for thisattack came from within the People's Republic of China. These cyber attacks permitted the source toprobe our computers to evaluate our system’s defenses and to view and copy information. My suspicionis that I was targeted by Chinese sources because of my long history of speaking out about the Chinesegovernment’s abysmal human rights record.I have spent hours with countless Chinese dissidents ranging from Uyghur Muslim activist RebiyaKadeer, to house church pastor and advocate Bob Fu, to former laogai prisoner Harry Wu.

72Just recently I visited with an impressive group of Chinese lawyers in Washington for the NationalPrayer Breakfast. To a person, each loved their country and where rightly proud of their heritage. Butall sought fundamental change. They longed to live in a land where they could worship freely, speakopenly and enjoy the basic protections of a constitution grounded in rule of law. Their quarrel – andmine – is with a thin layer of leadership at the helm of the Chinese communist party that rules by fearand oppression.Since I spoke out in 2008, there has been a “sea change” in how senior defense and intelligence officialsare publicly discussing to the cyber threat. Four years ago, some of these same leaders who werewarning against even publicly acknowledging cyber attacks – much less the source of the threat – arenow publicly warning of the threat in very stark terms.I believe that this change has come about because these senior officials have determined that thesituation has become so dangerous, as our networks and technology and companies become sointerconnected, that they understand that public awareness is increasingly critical to dealing with thisthreat.For example, last month during an appearance before the Senate Select Committee on Intelligence FBIDirector Robert Mueller said that while terrorism is the greatest threat today, “down the road, the cyberthreat will be the number one threat to the country.”A 2010 Pentagon report found “… [i]n the case of key national security technologies, controlledequipment, and other materials not readily obtainable through commercial means or academia, thePeoples Republic of China resorts to more focused efforts, including the use of its intelligence servicesand other-than legal means, in violation of U.S. laws and export controls.”The report also highlighted China’s cyber-espionage efforts. The U.S. intelligence community notesthat China’s attempts to penetrate U.S. agencies are the most aggressive of all foreign intelligenceorganizations.Other senior U.S. military and intelligence officials have become increasingly vocal about their concernsabout the scope of Chinese espionage and cyberattacks. Defense Intelligence Agency chief General RonBurgess also recently testified that “China has used its intelligence services to gather information via asignificant network of agents and contacts using a variety of methods... In recent years, multiple casesof economic espionage and theft of dual-use and military technology have uncovered pervasive Chinesecollection efforts.”Last year, the usually-reticent Office of the National Counterintelligence Executive issued a warningthat “Chinese actors are the world’s most active and persistent perpetrators of economic espionage.”The counterintelligence office took this rare step of singling out the Chinese due to the severity of thethreat to U.S. national and economic security.And a March 8, 2012 Washington Post article described how “[f]or a decade or more, Chinese military

officials have talked about conducting warfare in cyberspace, but in recent years they have progressed totesting attack capabilities during exercises… The (PLA) probably would target transportation andlogistics networks before an actual conflict to try to delay or disrupt the United States’ ability to fight,according to the report prepared by Northrop Grumman” for this commission -- and I want to commendthis commission for requesting and publishing this important research.We are beginning to witness the consequences of the cyber threat. According to a March 13, 2012 NewYork Times article “[d]uring the five-month period between October and February, there were 86reported attacks on computer systems in the United States that control critical infrastructure, factoriesand databases, according to the Department of Homeland Security, compared with 11 over the sameperiod a year ago.”In an interview with The New York Times, Homeland Security Secretary Janet Napolitano said “I thinkGeneral Dempsey said it best when he said that prior to 9/11, there were all kinds of information outthere that a catastrophic attack was looming. The information on a cyberattack is at the same frequencyand intensity and is bubbling at the same level, and we should not wait for an attack in order to dosomething.”Notably, Chinese espionage isn’t limited to government agencies. In an October 4, 2011 WashingtonPost article, Chairman Mike Rogers remarked: “When you talk to these companies behind closed doors,they describe attacks that originate in China, and have a level of sophistication and are clearly supportedby a level of resources that can only be a nation-state entity.”Cyberespionage is having a real and corrosive effect on job creation. Last year, the Washington Postreported that, “[t]he head of the military’s U.S. Cyber Command, Gen. Keith Alexander, said that oneU.S. company recently lost $1 billion worth of intellectual property over the course of a couple of days –‘technology that they’d worked on for 20-plus years – stolen by one of the adversaries.’”The record is clear: what policymakers used to reticently refer to as the “Advanced Persistent Threat” isnow increasingly acknowledged as China’s asymmetric warfare and economic strategy against the U.S.Because of our past reluctance to acknowledge the severity of this issue, the Congress and theadministration are now struggling to keep up. As many are aware, several comprehensive cybersecuritybills are stalled in the Senate amid jurisdictional and partisan wrangling.The House is quietly trying to advance more targeted bills and I want to commend my colleagues MikeRogers, chairman of the Intelligence Committee, and Peter King, chairman of the Homeland SecurityCommittee, for their excellent leadership on this issue.As chairman of the House Appropriations subcommittee that funds the FBI, Commerce Department andthe National Institute for Standards and Technology (NIST), my subcommittee has also been fundingsome of the key civilian and law enforcement agencies involved in the fight against the cyber threat.That is why I prioritized cybersecurity programs in the fiscal year 2012 Commerce-Justice-Science73

Appropriations bill, including significant increases to the FBI’s joint cyber task force and requiring eachagency to vet its IT equipment purchases. I also directed the FBI to produce an annual unclassifiedcyber report.I am planning take even more significant steps in the fiscal year 2013 bill that is currently underdevelopment, including adopting many of this commission’s recommendations.Although the government and the private sector have finally come to appreciate this threat and start totake the necessary steps to address it, the threat is evolving and I am concerned that we may continue tobe behind the curve.One issue that the U.S. has failed to develop a coherent and strategic policy to address is the unique andunprecedented threat from Chinese state-owned or state-directed companies that are operating in theU.S. I believe this threat is particularly pronounced from Chinese telecom firms.Earlier this year, The Economist magazine published a special report on Communist Party managementof Chinese corporations. The article noted the Chinese government’s particular support for its telecomand IT industry noting that, “the end result is the creation of a new class of state companies: nationalchampions that may not be owned by governments but are nevertheless closely linked to them”The article reported that “[t]he (Communist) party has cells in most big companies – in the private aswell as state-owned sector – complete with their own offices and files on employees. It holds meetingsthat shadow formal board meetings and often trump their decisions”According to The Economist, the Chinese government even has an expression for this strategy: “Thestate advances while the private sector retreats.”Author Richard McGregor wrote that the executives at major Chinese companies have a “red machine”with an encrypted line to Beijing next to their Bloomberg terminals and personal items on their desks.Given this level of party control in China’s private sector, we shouldn’t be surprised to learn that thePLA has been operating cybermilitias out of telecom companies.Last year, The Financial Times reported that the PLA has even documented how it will use telecomfirms for foreign espionage and cyberattacks.A paper published in the Chinese Academy of Military Sciences’ journal noted: “[These cyber militia]should preferably be set up in the telecom sector, in the electronics and internet industries and ininstitutions of scientific research,” and its tasks should include “stealing, changing and erasing data” onenemy networks and their intrusion with the goal of “deception, jamming, disruption, throttling andparalysis.”The same article also documented the growing number PLA-led cyber militias housed in “private”Chinese telecom firms.74

75The article reported on one example at the firm Nanhao [Nan-how]: “many of its 500 employees inHengshui [Hang-shoo], just south-west of Beijing, have a second job. Since 2005 Nanhao has beenhome to a cybermilitia unit organized by the People’s Liberation Army. The Nanhao operation is one ofthousands set up by the Chinese military over the past decade in technology companies and universitiesaround the country. These units form the backbone of the country’s internet warfare forces, increasinglyseen as a serious threat at a time of escalating global cybertensions.”That is what makes me so concerned about Chinese telecom firms’ growing operations in the U.S.market. Chinese state-directed are collaborating and cooperating with the Chinese government to adegree that would be unfathomable in the U.S. or other Western economies.And as those Chinese state-backed firms enter the U.S. market, it is unclear whether they will be playingby our rules, or their own.Currently, the most concerning of these Chinese telecoms is Huawei, which is attempting to increase itsmarket share in the United States and around the world. Numerous government reports have linkedHuawei’s corporate leadership to the Chinese intelligence services and the People’s Liberation Army(PLA), raising concerns about Huawei networks and devices being subject to espionage by the Chinesegovernment.These connections are particularly noteworthy given Huawei’s rapid rise as a telecom giant. Accordingto a March 18 article in the Wall Street Journal, “Huawei Technologies Co. has almost doubled its workforce over the past five years as it strives to become a mobile technology heavyweight.”The article also noted that “Huawei's network business has thrived at the expense of struggling Westernnetwork companies such as Alcatel-Lucent Co. and Nokia Siemens Networks. Initially, Huaweisupplied low-cost phones to telecommunications operators in the West under their own brand, but overthe past year, Huawei has also been quietly building and investing in its own brand of high-endsmartphones and tablets.”Huawei executives make no secret of their goal to dominate the telecom market. In a March 6, 2012,interview with the technology news Web site, Engadget, Huawei device chief Richard Yu said “[i]nthree years we want Huawei to be the industry's top brand.”However, Huawei’s growth in the U.S. market should give all Americans serious pause. Last week,respected national security reporter Bill Gertz wrote in The Washington Free Beacon about thiscommission’s recently released cybersecurity report.Gertz wrote: “[n]ew information about Chinese civilian telecommunications companies’ close supportof the Chinese military and information warfare programs is raising fresh concerns about the companies’access to U.S. markets, according to a report by the congressional US-China Economic and SecurityReview Commission.”

“One of the companies identified in the report as linked to the PLA is Huawei Technologies, a globalnetwork hardware manufacturer that has twice been blocked by the U.S. government since 2008 fromtrying to buy into U.S. telecommunications firms,” Gertz continued. “Huawei is a well establishedsupplier of specialized telecommunications equipment, training and related technology to the PLA thathas, along with others such as Zhongxing, and Datang, received direct funding for R&D on C4ISR[high-tech intelligence collection] systems capabilities.”The report further added, “[a]ll of these [Chinese telecom] firms originated as state research institutesand continue to receive preferential funding and support from the PLA.”Huawei’s efforts to sell telecom equipment to U.S. networks have long troubled the U.S. defense andintelligence community, which has been concerned that Huawei’s equipment could be easilycompromised and used in Chinese cyberattacks against the U.S. or to intercept phone calls and e-mailsfrom American telecom networks.According to a 2005 report by the RAND Corporation, “both the [Chinese] government and the militarytout Huawei as a national champion,” and “one does not need to dig too deeply to discover that [manyChinese information technology and telecommunications firms] are the public face for, sprang from, orare significantly engaged in joint research with state research institutes under the Ministry ofInformation Industry, defense-industrial corporations, or the military.”In fact, in 2009, The Washington Post reported that the National Security Agency “called AT&Tbecause of fears that China’s intelligence agencies could insert digital trapdoors into Huawei’stechnology that would serve as secret listening posts in the U.S. communications network.Over the last several years, Huawei’s top executives’ deep connections to the PLA and Chineseintelligence have been well documented. As Gertz summarized in his article, “a U.S. intelligence reportproduced last fall stated that Huawei Technologies was linked to the Ministry of State Security,specifically through Huawei’s chairwoman, Sun Yafang, who worked for the Ministry of State Security(MSS) Communications Department before joining the company.”That is why senior administration officials in the Bush and Obama administrations have repeatedlyintervened to block Huawei’s access to U.S. networks. “In 2008, the Treasury Department-ledCommittee on Foreign Investment in the United States (CFIUS) blocked Huawei from purchasing theU.S. telecommunications firm 3Com due to the company’s links to the Chinese military,” Gertzreported.“Last year, under pressure from the U.S. government, Huawei abandoned their efforts to purchase theU.S. server technology company 3Leaf. In 2010, Congress opposed Huawei’s proposal to supplymobile telecommunications gear to Sprint over concerns that Sprint was a major supplier to the U.S.military and intelligence agencies.”When the White House, Intelligence Community, Defense Department and the Commerce Departmentall have worked to block Huawei from gaining greater access to U.S. networks, the American people76

77should take notice.In all my years in Washington, very rarely have I seen the defense, intelligence and civilian agenciescome together in such a quiet but concerted effort to warn of a security threat from a foreign entity.It’s not just Huawei’s longstanding and tight connections to Chinese intelligence that should trouble us.Huawei has also been a leading supplier of critical telecom services to some of the worst regimes aroundthe world. Last year, the Wall Street Journal reported that Huawei “now dominates Iran's governmentcontrolledmobile-phone industry…it plays a role in enabling Iran's state security network.”Gertz reported that Huawei has also been “linked to sanctions-busting in Saddam Hussein’s Iraq duringthe 1990s, when the company helped network Iraqi air defenses at a time when U.S. and allied jets wereflying patrols to enforce a no-fly zone. The company also worked with the Taliban during its short reignin Afghanistan to install a phone system in Kabul.”Given all of this information, there should be no doubt Huawei poses a serious national and economicsecurity threat to the U.S. It is no secret that the Peoples Republic of China has developed the mostaggressive espionage operation in modern history, especially given its focus on cyberattacks andcyberespionage.Perhaps that is why Beijing has ensured that Huawei is able to continue its global market growth by“unsustainably low prices and [Chinese] government export assistance,” according to this commission’sJanuary 2011 report on the national security implications of Chinese telecom companies.Due to China’s secrecy, the full extent of Huawei’s subsidies are not fully known. But given itsunrealistically low prices, it remains unknown whether Huawei is even making a profit as it seeks todominate the telecom market. Why would the Chinese government be willing to generously subsidizesuch unprofitable products?The American people have a right to know whether their government is doing everything it can toprotect their cell phone and data networks.But I fear that with Huawei’s rapid growth in the U.S. market, we may soon find that we are toointertwined with Huawei network equipment and devices to address potential security concerns. Wemust resolve these concerns before Chinese telecom firms make significant inroads on U.S. networks,not after.And as Huawei increases its lobbying presence in Washington, members should be fully aware of thefirm’s intimate links to the PLA and the serious concerns of our defense and intelligence community.Verizon, Sprint, AT&T, T-Mobile and other U.S. network carriers should not be selling Huawei devicesgiven these security concerns. But if they do, they have an obligation to inform their customers of thesethreats. This is especially important when carriers are selling Huawei phones and tablets to corporatecustomers. They have a right to know that Beijing may be listening.

Thank you again for the opportunity to testify this morning. I look forward to working with thiscommission as we continue to address this challenge.78

HEARING CO -CHAIR WORTZEL: Th ank you, Con gressman Wolf.MR. WOLF: Than k you so mu ch.HEARING CO -CHAIR WORTZEL: Do you h ave time for a couple ofquestion s?MR. WOLF: Sure, I do. Yes, sir.HEARING CO -CHAIR WORTZEL: Commissioner Wessel.COMMISSIONER WESSEL: Mr. Ch airman , I actually don't h ave aquestion . I h ave more of a statement of thanks for all that you do. I'm aDemocrat, as you know. This Commission has worked h ard over all of our years. Ithink that each of the last f ive years, we've h ad a bip artisan unanimou s report ,and your leadersh ip on these issu es is d eeply appreciat ed.I know it hasn't been easy. You've taken on some b ig transaction s.Each t ime you've done that, it's been validated b y law enforcement and otherofficials in the gov ernment.And as you ju st pointed out with the Washin gton Post article, Huaweiis bein g banned f rom one of our major allies. I d on't thin k there can be an yquestion about Huawei's ties to the government, what they're trying to d o toinfiltrate our teleco mmunication system, and your persist ence goin g at this. Ithink this is a great tribute to your work over the years an d appreciated b y thepublic for what you do.MR. WOLF: Well, thank you very mu ch.COMMISSIONER WESSEL: Than k you.MR. WOLF: And thi s is t otally a bipart isan or a nonpart isan issu ehere.COMMISSIONER WESSEL: Agree.MR. WOLF: Yes. Th ank you .HEARING CO -CHAIR WORTZEL: Th ank you.Commission er Fiedler.HEARING CO -CHAIR FIED LER: I would ju st like to say, Fran k, that weknow each o ther for 20 years, and today you've done again what you always d o,which is you speak truth to power.Thank you, again .MR. WOLF: Than k you. Appreciate that .HEARING CO -CHAIR WORTZEL: Th ank you, sir.MR. WOLF: Okay. Thank you very mu ch.HEARING CO-CHAIR WORTZEL: We're going to take a short five -minutebreak. I'll try and h old us to that t ime and then come right back with you threegentlemen.[Whereupon, a sh ort recess was taken .]79

80PANEL I – QUESTIONS AND ANSWERS (continued)HEARING CO -CHAIR WORTZEL: Commissioner Cleveland will lead offwith the next question.COMMISSIONER CLEVELAND: Actually I was interested in yourcomment that it was 416 days on average before the b reach was detected. Whydoes it take so long? And then what f inally catch es the at tention of a compan y toaddress the issue?MR. BEJTLICH: I'll answer the easier part. The easier part is thereason wh y peop le f inally discover a problem has been third -party not ification .94 percent of the cases we worked someone had to come in and say you 've gotthis prob lem.COMMISSIONER CLEVELAND: And how did they know?MR. BEJTLICH: Pard on?COMMISSIONER CLEVELAND: And how did they know? Wh at was thesequence?MR. BEJTLICH: Man y times the law enforcement agency, t he intelagen cy, is workin g other cases, and they see activit y that suddenly in volves othercompan ies, and they say, well, those companies are comp romised as well, an d sothey sort of leapfrog. Just as the activity leapfrogs, the intel analysts leapfrogand say, all right, we now need to do n otification of these other organizat ions.COMMISSIONER CLEVELAND: So you're suggestin g that mostnotification s in 94 p ercent of these cases do come from law enforcement or t hegovernment?MR. BEJTLICH: Of t he cases we worked , y es, they were, almost all ofthem were FBI. The FBI has been very good over the last five years in terms oftellin g people abou t this.COMMISSIONER CLEVELAND: Interestin g.MR. BEJTLICH: This is a game ch anger becau se you can't ignore eitherthat visit by an agent or that piece of paper with that FBI logo that says you h avea serious p roblem, and if you can get into a cleared f acilit y, we'll t alk to youabout wh at it is.COMMISSIONER CLEVELAND: Interestin g. Okay.MR. BEJTLICH: You asked why it take s so long?COMMISSIONER CLEVELAND: Right.MR. BEJTLICH: I would say, believe it or not, man y compan ies aresimp ly not stru ctured to deal with this. There is a perception that if you simp lybuy enough of the right technology, an d you deploy enou gh of i t, and the wall ishigh enou gh, then you're okay. And that is pat ently not true.We've got t eams now that --to give you an example, at Gen eral Electricit took me building a team of 40 p eople with a $10 million budget to even make a

dent in this problem, and it took several years to get to that cap ability, and I hadto call in every favor and get every friend that I could to join me to try to fightthese gu ys.You cannot do that at every sin gle one of these victims out there, andthere are hundreds, if n ot thousands. So it is very d ifficu lt. Now, the top tiercompan ies, top -end defense contractors, those sorts of people, can afford [it],and finan cials can afford this sort of thing. Almost everyon e else, it 's just wellbeyond their capability, and so t hat's why a lot of them have to turn to outsid epartners or something like that .It is a wake -up call for a compan y to realize that all of these million sof dollars they've spent over the years have ju st mad e no d ent against a d edicatedintruder.COMMISSIONER CLEVELAND: Okay. Are any of you aware of theLieberman - Collin s legislat ion on the Hill?MR. BEJTLICH: Yes.COMMISSIONER CLEVELAND: Again, I guess the question is for you .Do you thin k that , as it's characterized in a New York Times article, th e greaterauthorit y to regulat e the securit y used by companies that run the nation'sinfrast ructure and establish and enforce minimum st andards on companies wh oseservice or p roduct s would lead to mass casualties, evacu ations or major economicdamage, do you think that that legislat ion squares with your kind of analysis ofare we compromised rather than are we vulnerable?MR. BEJTLICH: I don't oppose regu lation. I f ear that regu lation thatresult s in more pap erwork is not going to be the right resu lt. W e've seen thatwith FISMA. FISMA has been pretty mu ch an ab ject failu re over the last ten years.Not that the law is written poorly, but the implementation was terrible. It justbecame a giant pap erwork exercise.If we spent more attention on the regul atory side sayin g “if you're acovered entit y of critical infrast ructure and maybe a publicly traded compan y,once a year”--I'd p refer more often, but say “on ce a year you should find if youare compromised .” That's the game changer. That t akes it from b ein g a reactivestance with the FBI visitin g to a more p roact ive stan ce of regularly findin g out ifyou have this problem.Once you do that, you can tailor defenses based on what's found asopposed to going through sort of an academic exercise where you h ave astandard , are you compliant with the standard; it 's more of an audit. I prefer itto be based on wh at's the score of the game as opposed to how tall the playersare, where they went to college, how f ast they can run the 40, those sort s ofinputs.COMMISSIONER CLEVELAND: Would the compan ies carry ou t this kindof audit themselves or do you thin k this is something that should be done b y some81

extern al public-private?MR. BEJTLICH: I think it has to be --so t hat if the companies aren 'tcapab le of defe nding themselves, and most of them aren 't , I thin k it would haveto be done by a third party, maybe someone wh o is a certif ied assessor similar towhat 's done in PCI.COMMISSIONER CLEVELAND: Okay. An d General Cart wrigh t urged amultilateral approach to this. What I h aven 't heard is t wo dimensions of it. Thefirst is what do you think the Eu ropean respon se would be to a more con certedeffort to get ah ead of this prob lem or at least cat ch up?And second, wou ld one of you choose t o comp are what the Chine seare accused of doin g with, say, what the Russians are doin g? D raw, differentiateit, if you will, the scope, the target, the management b y the government. Wh at'sthe--how wou ld you distin guish b etween the Russian cyber espionage efforts andthe Chinese? And t hen, the second question, the European?That's the way you get in under your t ime.[Laughter.]MR. BEJTLICH: In the act ivit y that we've seen, Ch inese act ivit y farexceeds [Ru ssian activit y] . And this isn 't sort of us looking at just generalreportin g. Th is is ou r workload . The Chinese activit y far exceeds the Russianactivit y.We have certain p laybooks that we can judge an actor by. When wesee the Chinese, it's very ob vious it 's t hem. The Ru ssians tend to be much moreselective, creative. They tend to play by the rules of the Cold War.When I did con sulting and we found the Russians, wh en we pushedback on them, they would d isappear for six months. Th ey would show you somerespect. They would not seek to st ay p resent the way the Chin ese do. TheChinese, you kick them out on Friday; t hey're comin g back on Monday or mayb ethey're comin g back on Sunday n ight. It's a comp letely different set of actorsbecau se they know that there's going t o be a spokesman on TV on Mondaymornin g sayin g we denounce hackin g; we're a victim. The Russian s, they don 't actthat way at all.MR. HEALEY: Both do have unclear ties, though , bet ween thegovernment and non -state actors, and whether that's organized crime orcompan ies or private hackin g groups, t ha t does confuse things, but, again , it onlyconfuses thin gs if we let it . We can still go government to government.MR. VILLENEUVE: Yes. M y challenge is sortin g out attacks that areinterest ing from the general run -of-the-mill cyber crime activit y that you seeconst antly. So when it comes to a few interest ing cases in volvin g wh at appears tobe Russian cyber crime infrastru cture, I've seen some infrastructure that'stypically associated with malware associated with ban kin g f raud, peop le that tryto steal you r credit card numbers and d rain your ban k account, being u sed for82

activit ies that look more like esp ionage than it does cyber crime, and that is thatthese systems are u sually designed sp ecifically to st eal b ankin g -relatedinformat ion.But we've seen some variants that have a secondary payload thatsucks up all the documents on a computer, and it makes me wonder why is a gangor a cyber criminal outfit that's interested in ban k accounts and credit cardnumbers stealing all of the docu ments, PowerPoints and Excel sheet s [in cluded ],off the target 's computer?HEARING CO -CHAIR WORTZEL: Th ank you very mu ch.Commission er D'Amato.COMMISSIONER CLEVELAND: Can they answer the European question ?COMMISSIONER D'AMATO: Th ank you very mu ch, Mr. Chairman. An d Iwant to than k the p anel for very interesting testimony and the dialogue here.It is a very, very important area which cries out, in my opinion, formore effective U.S. government action. It seems to me that the whole stru ctureof deterren ce and p en alties and in centives is inadequate to the problem here.We kn ow wh at a deterren ce is in the n uclear area. Ob viously, if someb ody isgoing t o attack us, the Russians, f or example, the nuclear field, they faceunacceptable damage in return. We don't have any kind of unacceptable damageto the Chinese for this sort of behavior.So, let me ask you just a couple of questions, and if you have someadditional ideas after the hearing, we'd like to hear them as well in a f ollow -up.But in terms of industry, what does industry n eed in the way of moreincentives to come to the U.S. government for intercession ? What kind ofincentives can we p rovid e indust ry to d o that?And, secondly, more difficu lt, is how can we d evelop a moresystemat ic and effective st ruct ure of p enalties when we find out after thedisclosure who and what has been don e to us?What always comes to my mind is that, you know, we h ave to tradeapples for oranges becau se you have n ot necessarily got apples for apples here.The thing that 's t he most important to the Chinese is access to the Un ited Stat esmarket . When you affect their access t o the United States market, it get s theirattention. That would be a penalty or a stru cture of pen alties that might beavailab le.There may be other pe nalties that are available. Right now, we don'thave effective deterrence. We don't h ave effective pen alt ies, and we don't h aveeffective in centives. Wou ld you agree with that , and do you have any thou gh tsabout how that can be more effectively improved ?MR. BEJTLICH: I can make a short comment. I have a feeling Jason hasmore to say about t his. You used a phrase that I heard all t he time when I was inprivate indust ry. Well, I'm st ill in private industry, but wh en I wasn't a service83

provider--"access to market s." That is the number one concern of the Americancompan ies. They want to maintain access to the Ch inese markets, and so wh athappens is they're willin g to accept these outrageou s tech nology tran sfer deals,these supposed saf eguard s that say, well, “we will not have uniformed PLAmembers on the contract with the American compan y; we will not have militaryintelligen ce officers on the contract with the comp any. ”It's clearly, it 's silly, and yet the American compan ies are willin g tomake these deals b ecau se --I've heard this firsthand as well --if we don't get inthere, then the French will, the Germans will, the Au stralians will. Of course,then the Chinese st eal everythin g they need from them as well. So that argu mentis kind of bogus.But that's me. Until we can get the top level of these companiesbelieving that, no, they don't , the Chin ese don't p lay fair, they will takeeverythin g they can from you through t he tech tran sfer, an d then they'll stealeverythin g else that they need, I thin k t hat's where the first point --once you makethat connection with the management t hat's makin g these business decision s, Ithink that wou ld be a good start .MR. HEALEY: Than k you for the question.I do gen erally agree. First , brief ly, on d eterren ce. I t hin k d eterren ceis working if you 're looking at ju st a narrow range of things. We h aven 't had t helarge-scale disruptive 9/11 kind of attack yet , and I thin k d eterren ce, you know,only Russia and China governments can really an attack that's sign ificant a ndcontinue it on for t he weeks or months --the camp aign that Nart talked about.So I thin k det erren ce is good for that range of cyber conflicts becausewe haven 't seen --there are man y kinds of cyber conflict s that are possible. We'veonly seen a small su bset of the possib le range of cyber conflict s. So I thin kdeterren ce is useful for that part .Your question asks some, a little bit ab out our face to Ch in a and somethe government's face with the individual companies. I'll address each of those.I do a gree that there's a wide range of carrots and sticks t hat wecould possibly use t o influen ce Chinese behavior. We've h eard ju st one thismornin g with what Australia d id in saying we're not going t o buy your stuffanymore. That usu ally doesn't get brought up in conversations within thegovernment. Usually they're thin king about, well, we can attack them back, or,you know, a limited set of things.I would really en courage the government to have a wider range ofcarrots and sticks. Normally, that's a r ole that thin k tan ks and other people getinvolved with, you know, f or what are our options with Iran ; what are ou r optionswith Pakist an? We have daily events at the Atlantic Council on a discu ssion forthat. We d on't have that discussion h ere because e veryon e says I'm sorry, wecan't h ave that con versation , it's classified.84

It's absolutely biz arre to me that we're classifying ou rselves into aplace wh ere we can 't have a real conversation about our leverage.And, second, wh en it's facin g for the U.S. c omp anies, there are somethings that only the government can do, and that's why, as I mentioned in mytestimon y, I'd like t he government to come out and put some pressure on Ch inawith carrots and sticks. I thin k there are some real facts t hat can get out .This summer we were having a con versation with the Aspen StrategyGroup, with Joe Nye and Madeleine Alb right and others, t o try and con vin ce them.We had to use Nart 's report s. We had t o use Mike Gross's reporting in Van ity Fairand Ellen Nakash ima articles. We h ad no fact s from the government, onlyassertion s that Chin a was bad . I'd love to see more of that .And, in general, I am not against regu lation, but it need s t o beregulation that increases the attacker's work f actor mu ch, much more than it doesours, and I don 't have a lot of confiden ce that the regulation that wou ld beimplemented would do that. I'm afraid , like Rich pointed out, that it would be apaperwork exercise, that it would be a lot of make - work that doesn 't necessarilyhelp our secu rit y at all. It just makes b ureaucrats f eel better.HEARING CO -CHAIR WORTZEL: Vice Ch airman Reinsch.VICE CHAIRMAN REINSCH: Than k you .I was reflectin g as you we re talking that I haven't read the articleabout the Australians, but it occurs t o me that one of the reason s the Au stralianscould do wh at they did is becau se Chin a hasn 't signed the WTO GovernmentProcurement Agreement so the Au stralians have no obligat i ons to them.Of cou rse Australia's policy, as well as our policy, is to get the Chineseto sign b ecause we want access to their market . So there are tradeoffs. Chin ahas no obligation s t o us either, which t hen goes back to what you were saying.My experience with the comp anies you 're talkin g about, an d I represent a lot ofthem, is I think you 're right, that they are not at the top focused in the way youwant them to be focused .One of the reason s is they're making a lot of money, and that allowsthem to not thin k about this prob lem --sort of short -term versus long -term--but adifferent discu ssion .I was goin g to ask you about the cloud, but Mike d id that. Let me aska relat ed question. Thinking more ab ou t attacks designed t o create disruption srather than to try t o obtain informat ion, to wh at ext ent are our effort s here t opromote interconnectedness of the electric grid or various other networks goin gto make that prob lem more d ifficult to solve shou ld su ch an attack occur?MR. BEJTLICH: I think it m akes it exceptionally d ifficu lt. Consider allof the smart meters being put all over t he country. These devices in many casesare bein g sh ipped such that they cannot be upgraded . In other words, if there's avulnerability found, it's perman ent, an d the only way to f ix it is to spend mon ey,85

some dollars, to rep lace them, and that's not going to happen. These thin gs areon a ten -year refresh cycle, 15 -20 year refresh cycle in some cases.But yet they're goin g forward b ecause in some ways it seems anenvironmental measure, it's a cost saving measure, it's a convenien ce measure,and that sort of thing. So it exposes a huge vu lnerab ilit y.VICE CHAIRMAN REINSCH: But it also means that there are cost s tonot doing it , which you've ju st enumerated.MR. BEJTLICH: Yes.VICE CHAIRMAN REINSCH: In terms of efficien cies and environmentand so on .MR. BEJTLICH: Righ t. Right.VICE CHAIRMAN REINSCH: An ybod y else want to comment on that?I've got another on e.MR. HEALEY: It 's been interesting, as we've look ed back at the historyof cyber conflict, there are a couple of things that we've learned from thathistory. And in some way, they go against some of the myt hs that we have aboutthings that are doable in cyber.One, the large -scale conflict s have either been short -term and widelydisruptive--thin k of Aurora, like a viru s or a worm that hits, but it's gone a weeklater--or targeted and persistent, mean ing they only affect a small amount oftarget s, and becau se it's a small amount of target s, you can keep it for a longtime.We have not seen something that was both wide scale and persistentover a lon g period of time. Now, becau se so much of cyber damage, you can ju streplace, you can replace the drives, you can reload your in formation , and you'reback.Connecting t o the industrial control systems t o the Intern et is one ofthose things that can make that not tru e anymore where n ow you can creat e morepermanent damage. So who might wan t to do that? When it's coming tohacktivists and nuisance groups, w e've found there are lots of hackers that wouldbe interested in trying to get into these systems, either because they'redisgruntled or they've got too mu ch Mountain Dew rollin g around in their system,and they're bored at 2 a.m.Some of the new h activis t groups could certainly want to d o it to showtheir an ger and rage over the issue that they might want, and that's p ossible, butagain it would prob ably be more localiz ed disruption and n ot wid espread over alarge area.It really does come down to nat ion st at es, particularly Ru ssia andChina, that may, that have the cap ability and may some d ay have the intent to dosuch thin gs. Fortunately, as was mentioned in the other one, they're the on es --that's the problem where deterrence is most helpful becau se th ey're unlikely t o86

want to do that outside of a real geopolitical crisis. It's not the kind of thingthat's just going t o happen on the first mornin g most likely, but, as Nart talkedabout, this system of camp aigns that goes on for d ays and weeks.It's fran kly a myth at that level of cyber conflict that it's going to bespeed of light. I was in the Air Force. A sin gle dog fight might be over veryquickly, but air campaign s would last weeks, months and years, and it is likelythat cyber camp aigns are goin g to be t he same.VICE CHAIRMAN REINSCH: I was in Hou ston last week givin g a sp eech ,and someone approached me afterward s to tell me her story about IP theft. Th eymay be one of your customers, Mr. Bejt lich . I don't know. She didn't say. But itwas a case in volvin g hundreds of millions of dollars, if not a billion, of their IP, allof which had been stolen.But the operative factor here was wh at the Chinese did was steal h eremployees. Th ey got people who were working for her to leave and go work f o rbasically a shell f irm and they took wit h them a lot of information as well asaccess codes that allowed them to obtain further informat ion.How big a piece of the problem is that compared to what we've b eentalking about heret ofore?MR. BEJTLICH: I would say that's defin itely an escalation . That's n otsomethin g I've seen too often, but at any point where it escalates into a physicalmanifestation like t hat, that's pretty worrying.MR. HEALEY: I wou ld say that happen s within Ch ina it self . I mean Iwas in Hong Kong with one of the major banks, and it was well - known that it wasone of the reasons we didn't expand as much as we might have in Ch ina becau seyou would have employees that wou ld happily go over to some other comp any andtake information . I t wasn't ju st in b ankin g. It was across all these informations.You didn't have that same kind of loyalty or feelin g, those norms that you wou ldin a U.S. compan y.VICE CHAIRMAN REINSCH: Is there an yt hing that you can d o aboutthat?HEARING CO -CHAIR WORTZEL: Bill, I'm going t o move on to the nextCommission er, and if there's time for a second round, we'll let you continue.Commission er Bartholomew.COMMISSIONER BARTHOLOMEW: Than ks very much , and thank you,gentlemen, both for you r testimony tod ay and for the work that you've beendoing, p articularly your work that has h ad a huge impact in the public sector.Mr. Villeneu ve, I'd like t o ackn owledge really that I thin k it was a lotof the GhostNet work that b roke a lot of this out into the public domain so thatthe debate is bein g carried on more fulsomely than p erhap s it would h ave beenotherwise. So than k you very much f or that.I thin k what I've heard from all of you is a need for more information87

to be shared, that p eople be w illin g to admit when their systems h ave beenhacked into or compromised so that people can learn how it's h appening, whatthe target s are, and what potentially could be done.I'm interested part icularly when it comes to publicly -tradedcompan ies, and ob vi ously there's a lot of propriet ary information . You all haveworked with busin esses, and wh at I'm struggling with a little bit is underst andingif the thefts are material, and on ce they are material, they need to be report ed.So is there an incen tive for companies t o act like ostriches, put their head in t hesand and not know becau se they don't want to h ave to go public with theinformat ion, that a billion dollars' wort h of their intellectual property has beenstolen and it will have an impact on their ea rn ings?MR. BEJTLICH: You have nailed it. Our CEO Kevin Mandia h as saidseveral t imes that h e's called many t imes a week b y companies saying “thefollowin g has happened to me, what do I do? Do I tell someone? ” And they say“what will make this breach material?”And the experien ce has been if you rep ort the breach, it b ecomesmaterial, wh ich is a terrible --it's completely counter to wh at we're t rying topromote, I would imagin e. However, I would say that if you're a publicly -tradedcompan y and you are not tellin g your shareholders that you've h ad a breach , t hatthat is directly contrary to the SEC's gu idance.Now, of cou rse, this could be seen as another disincentive to gopublic, but be that as it may, that to me is the p lace where you've got to appl yleverage.COMMISSIONER BARTHOLOMEW: Becau se you're lying. You're lyin g toyour shareh olders and to your potential shareholders if you are not admittin g thatthis sort of thin g has happened .MR. BEJTLICH: Well, I don 't kn ow if I would go so far as sa yin g lyingbecau se man y of these compan ies just don't kn ow h ow t o t hink about this. Th eydon't kn ow wh at it means to h ave h ad their IP stolen, and you can't necessarilysay because the IP was stolen, it's goin g to end up in a competing product . I thinkthat wou ld be kind of naive.But man y of the companies just d on't know how to value what theyhave, but still I wou ld err on the side of it has to go into the disclosure.COMMISSIONER BARTHOLOMEW: And you have said , one of you hadsaid , that 94 percen t o f the comp anies learn about the compromise from a thirdparty, mu ch of which is government -related third part ies.Do they have an y mechanism to report to the SEC, for example? Isthere an y in centive or reason for them to have to say to somebody else in the U.S.government that this has h appened ? I'm trying to figure out ways to b reak op enthis privacy which is preventing things from movin g forward?MR. BEJTLICH: The only stru ctures that I'm aware of are on es that, for88

example, b y contracts or certain memb ers of the defen se in dustrial base by virt ueof being part of a framework that they've signed , they h ave to report, they h aveto provid e certain eviden ce and that sort of thing. Outside of that, you d on't seequite as much .MR. VILLENEUVE: One of t he things I n otice is that a lot of timescompan ies, peop le expect the attackers to steal design documents or thin gs t hatwould b e kind of locked away or secured, but a lot of t imes, the attackers aremore interested in t he simp le thin gs that people don 't realize are su ch a valuablesource of informat ion like e -mail.So one of the thin gs that often happens when the attackers break intoa system is they force the compromised computers to down load tools that allowthem to start accessing p eople's e - mail on the mail servers in the network. An d alot of people look at that and think it's not a big deal; it's my e - mail. Butcontain ed in there is actually a lot of really valuab le information that is asvalu able as those d esign docu ments you have locked away.COMMISSIONER BARTHOLOMEW: M r. Healey.MR. HEALEY: I like the idea of regulating for tran sparency. I think theSEC guidan ce h as d one a great job for transparency without governmentoverreaching. There are other ways that that can b e done. California te n yearsago passed a law sayin g that if the information of any Calif ornian is disclosed orcompromised, then the comp any has to tell them.I was working at a b ank at the time, an d that drove u s glob ally to say,all right, if a large d atabase, for example, get s taken, we're going to telleverybod y because we don 't want to ju st tell the Californians. Th at's bad press,and what if we get it wron g? What if we get someone that was a Californ ian andwe didn't know?Great way of gettin g the word out there in a different man ner thanjust whether it's material or not . It 's much more black and white.COMMISSIONER BARTHOLOMEW: It's in terestin g, too, because if youthink ab out doing t hat sort of thing, it also p rovides an in centive for companies toharden their systems because then they don't have to report if there is some sortof theft that has taken place. So than k you.HEARING CO -CHAIR WORTZEL: We have a few minutes left, and threeCommission ers that wanted to either f inish up or ask a second question . So if wecan really do it in about two minutes each, we will get through that, and the f irstis Commission er Fiedler.HEARING CO -CHAIR FIED LER: I just wan ted to follow up on yourelucidation of a problem of counterintelligence. In old f orms ofcounterintelligen ce, the problem that was allowed to continue was small, wasnarrow, not as great as we're talking about here. So it seems to me that there's arequirement to rethink that . Th is gets t o the public, and it's a very controversial89

ole of the National S ecu rity Agen cy, the top practitioners on our sid e and theirrole in public-privat e partnerships.What's you r view?MR. BEJTLICH: Just from the privacy perspective, and this is comin gfrom an old Air Force intel guy, I fear that the public would be too s usp icious ofthe NSA having the lead documentin g role for this. I think it wou ld have to be runthrough DHS, maybe with NSA as support provider or exp ertise provid er, but if theNSA were known as being a lead role, I mean EPIC is suin g t he government to f indout what 's goin g on between Google and NSA, and that was to me, that 's probablythe biggest cyb er breach in terms of publicity that we've h ad in the last couple ofyears.MR. HEALEY: And NSA has been fairly clear that they want to collectsign als int elligence, and I'm a SIGINT, I'm also an Air Force intel officer, SignalsIntelligen ce, and it 's time to stop collecting. It's time to give up, and it 's time towant to win.HEARING CO -CHAIR FIED LER: Than k you .HEARING CO -CHAIR WORTZEL: Th ank you.Commission er Cleveland, you want to ask you r European q uestion ?COMMISSIONER CLEVELAND: Can we ju st go back to what 's your senseof how cooperative the European s would be? Back to the q uestion that I askedearlier about the Eu ropeans and what t heir reac t ions wou ld be?MR. BEJTLICH: Sure. I h ad firsthand experien ce dealing with theBrit s. They are very much interested in this. I've also seen publicpronouncements b y the Germans and the Fren ch directly callin g out the Chinesethat this has to stop. S o just looking at those three countries, I think there wouldbe some con sensu s.MR. VILLENEUVE: Yes. I'm Canad ian, and we face a lot of the same,the same p roblems, and in terms of the scop e of the activit y we see, although alot of people are focused o n activities t hat happen in the U.S., we def initely seethe same campaigns havin g targets in t he European countries as well.MR. HEALEY: So I t hink there is room f or the countries to cometogether and come up with a common approach , and I thin k the more that the U.S.government can come up with non -technical solution s, you know, the more wetalk about mon itoring, the more it 's going to sound like d eep -packet inspection,and the more it's going to put the Europeans off into a dat a privacy f ight that wejust don't need to h ave. There's lot s of other ways to address this.MR. BEJTLICH: And just a quick note on that as well. The Japaneseare terrified . They are doin g a lot of work this year as a result of thin gs that wereannounced publicly last year. So there would b e a great place to work as well.COMMISSIONER CLEVELAND: Can you all come up with, for the record,a couple of, I mean sort of what the best approach is in t erms of coming up wit h a90

coord inated or universal, not universal, but a coordinated response?Thanks.MR. BEJTLICH: Yes.MR. HEALEY: Certainly.HEARING CO -CHAIR WORTZEL: Commissioner Rein sch , or ViceChairman Reinsch, you want to f inish up here?VICE CHAIRMAN REINSCH: Well, I'll just go back to what I asked . Isthere an y so lution ? Anythin g to be don e about the employee problem?MR. HEALEY: I thin k, b ased on wh at I h ave seen, and man y morepeople on the Commission h ave more experien ce in China than I do, it seems likethere was somethin g about Chinese culture. It was n ot yet seen as wron g topirate Microsoft or jump from on e country to another and t ake the secret s.So in that sense, we're ju st a symptom of that problem, that if they'renot worried about stealin g from each other, why wou ld they be worried aboutstealing fr om us?So I thin k the more things that we can do to help address thatproblem, and it might even be possible that China is goin g to develop that itself,that it says if we're going t o really be a power and really, really want intellect ualproperty f or ou r own compan ies, we have to support this.MR. BEJTLICH: I act ually welcome an y time I see a physical componentbecau se we have a long est ablished hist ory of knowing how to deal with peop le.They have addresses, they have histories, there's background ch ecks, there's allsorts of things we can do that we ju st cannot do for someone remote, 5,000 milesaway, at a keyboard .I used to joke with my counterpart in t he physical securit y part ofGeneral Elect ric that my goal was to make my cyb er prob lem his phys ical problem.[Laughter.]MR. BEJTLICH: Because on ce it was a q uestion of spies and that sortof thing, we knew h ow to deal with that a lot easier.HEARING CO -CHAIR WORTZEL: Well, it also strikes me that whenyou're dealing with a country that doesn't have a trad ition of rule of law, eithernoncompete, you can't go to work f or a compet itor, or nondisclosure agreementsare pretty mu ch unenforceable.Gentlemen, this has been a very rich discu ssion. We really appreciateyour time. Some of the other Com missioners wonder if they submitted somewritten questions t o you, wou ld you be willin g to contribute some other thin gs forthe record?MR. BEJTLICH: Yes.MR. HEALEY: Yes.HEARING CO -CHAIR WORTZEL: Well, thank you very mu ch. We'regoing t o break now--for wh at --50 minutes; is it ?91

92HEARING CO -CHAIR FIED LER: Yes.HEARING CO -CHAIR WORTZEL: All right.HEARING CO -CHAIR FIED LER: 12:50.HEARING CO -CHAIR WORTZEL: 12:50 we'll reconven e. Th ank youagain.[Whereupon, at 12:00 noon, the hearin g recessed, t o reconvene at12:52 p.m., this same day.]

93PANEL II – FISSILE MATERIAL PRODUCTION ANDNUCLEAR COOPERATIONHEARING CO -CHAIR FIED LER: In the interest of being on t ime,welcome back. This is our second panel of the day, and we'll address Ch in a'sfissile material p roduction, its internat ional nuclear activit ies and related areas.Joinin g us tod ay are two seasoned experts in the f ield: Hen ry Sokolskiand Dr. Ph ilip Karber.Mr. Sokolski is Executive Director of the Nonprolif eration PolicyEducation Center. Previously he served in a variet y of posts in the Pentagon andintelligen ce commu nity. He's also been appointed to t wo congression alcommission s. So he's goin g to be quite familiar with the seven -minute rule.MR. SOKOLSKI: You have my con dolences.[Laughter.]HEARING CO -CHAIR FIED LER: Dr. Karber is ad junct professor atGeorgetown Un iversit y and has several decades of experience in defen se andsecu rit y policy, p art icularly nuclear issu es.You'll each have seven minutes to make your pre sentat ions, and thereason we do that is so that the Commissioners can ask you many more questions.Thank you .Dr. Karber.

94OPENING STATEMENT OF DR. PHILLIP A. KARBERADJUNCT PROFESSOR, GEORGETOWN UNIVERSITYDR. KARBER: The focus of my comments, it act ually prob ab ly in someways makes more sense if Henry went first, but we're goin g to interrelat e so itdoesn't really matter.Henry is going to ad dress in his paper t he issue of China's f issilematerial and f issile production . I was going to address that partially in mypresentat ion, but t owards the end. M y major focus is on China's "Undergrou ndGreat Wall," wh ich went public last su mmer and still is relatively unknown interms of a lot of the details. I mean there's been some controversy, but man y ofthe operation al and even st rategic imp licat ions of it have n ot been addressed so Ithought I'd u se this today to summarize that, and then, in f act, that comes b ackto the issue of fissile material.On the 11th of December 2009, Ch ina announced that they ha d beenworking sin ce 1985, for 27 years, 29 years, on an "Underground Great Wall."That's their name f or it. And by their definition , a facilit y to hide nuclearweap ons and missiles.The aspects associated with the Underground Great Wall d o notinclud e civil defen se. They do not in clude the 40 some airbases that have tunneland underground complexes, and they d on't in clude the doz en or so n avalcomplexes. It 's just the strategic rocket forces, their missiles, and the country'snuclear weapon s assets.What's interestin g about that, if you'll turn to the slides, h opefully,that each of you h ave, I'll ju st refer to a few of them in p assin g, is that this slideshows the growth in the number of those len gth of the tunnels. These areactually PLA numbers, havin g listed ab out 2,500 kilometers' worth of tunnels in1995, and 5,000 kilometers cu mulative in the last year -an d-a-half .The sheer size and magnitude of that, to give you an idea, would b ethe largest --if it's true--wou ld be the largest con stru ction p roject in recordedhuman history. There's nothing else man has done that would equal the size andscale of that act ivit y.The issue was reported in Ch ina. It also was rep orted in Asia inDecember, but basically d id not get mentioned in the West ern pres s until lastsummer. So for about 22 months, it essentially went unnot iced in the Westernpress.There are three major aspect s that I would say ought to call yourattention. First, I'll call it the tactical operation al issu e. The majorit y of China'smissile force is tact ical and operation al; that is, they cover theater targets andtactical targets. Th at's the D F -21, the DF-15, DF-11 and D H-10 cruise missile.Those missiles are a substantial amount of these --account f or much of these

tunnels.While the numbers of launch ers of those missiles are less t han 400,they equate to over 1,500 missiles, and what the Chinese appear to have done isincorp orate the tunnel complex into a warfighting strategy at the tactical andoperation al level. That is the missi le units are kept --most of their asset s are keptin the tunnels on alert. People are brought in, unit s are ready. On a signal, theythen literally su rge out of the tunnels along with lots of decoys, go to f irin gposition s, can go in to launch , and then eit her reload out in the open or go backinto the tunnel complex and even a different tunnel complex to fire thosesystems.The second, and understandin g that op eration al theater issue,particularly in light of the fact that we and the Ru ssians h ave gotten r id of mostof our equivalent systems under the INF Treat y, and ou r forces and our allies areextremely vu lnerable in Asia, of cou rse, is worth giving some serious thou ght t o.Second major aspect I would en courage you to take a look at is thegrowth in the size of the tunnels, not ju st that they are growin g in the length, butthe sheer volu me of them. I've in cluded about a dozen pages in here, ju stbecau se these phot ographs essentially haven't b een shown . Almost all of themare captured from Chinese TV. All the constru ction crews working on them areSecond Artillery. That is they are rocket force p eople. Th ese aren't civiliancontractors.And you 'll not ice the sheer size of them. Some of them are largerwidth and h eight than this room, and you can actu ally see into infinit y down acorridor perhaps a half a kilometer of t hat kind of facility.That is that it can h old not just one missile, but actually three trains'worth of missiles. The reason that's important is there seems to be anassociation with their new st rategic rocket forces and these large tunnels. Thatwould include the mobile D F -31 ICBM, what appears to be a larger mobile system,sometimes d escribed as, again, road mobile, called the D F -41, larger because itcould probably contain missiles as well, and then we've also seen photographs ofwhat they call the intercontin ental ballistic missile train , and that train has beenseen going in and out of tunnels.So wh at you might have here then is a substantial part of t heirstrategic forces that could actually target the United States being in thesetunnels.The United States, depending on who and how one counts, variousestimates go the Ch inese h ave a nuclear force of 100 to 400 warhead s. Generally,that's focused on operational systems. It do es n ot count reserve warh eads, whichwe can go into and describe in more d etail.I don't know how many nuclear weapon s the Ch inese have. I knowthat they've been p roducin g them for over 40 years. The early production rates in95

the late '60s and early '70 s and early '80s of about seven a year would at that rategive them today a t otal, and if it contin ued, a force stru cture of over 3,000warheads.I can and will talk t o you about the f orce st ructure. Their forcestructure could cert ainly handle that man y warheads. But let's assume theydon't. Let's assume that basically because of either the limitation s on fissilematerial or policy, t hey haven't built those warh eads.What's signif icant about the tunnel complex is it is a matter of theirchoice. The y could start producin g. I h ave a slide in here showin g the growth ofChina's f issile material, planned purch ases of reactors. If you look at the sheergrowth of their plan ned reactors, whatever your assumptions are tod ay aboutwhether they have a fissil e limitat ion or not, there's a serious issue that they areunlikely to be fissilely limited in the future.And the significan ce of that is that if t hat is comb ined wit h a forcestructure which can have nuclear missiles then put on top of con ventionallaunchers, which they can, you 're in a position where they could actually chan gethe strategic balance, certain ly the t act ical and theat er balance, very quickly andwould go virtually u ndetected becau se of the tunnel complex.So the combinat ion of the tunnel complex and a robust force stru ctureand a future potential for f issile mat erial has a very signif icant breakoutpotential, and I thin k it is worth the Commission givin g con siderable attention toit.I'm n ot trying to demonize the Chinese. They have ever y right to doit. They're not limited by treat y. On t he other hand, they themselves have b eenextremely amb iguous about mu ch of these aspects, and they ought to b econfronted and held accountable.Thank you .96

97HEARING CO -CHAIR FIED LER: Than k you .Mr. Sokolski.OPENING STATEMENT OF HENRY SOKOLSKIEXECUTIVE DIRECTOR, NONPROLIFERATION POLICY EDUCATION CENTERMR. SOKOLSKI: First of all, I want to thank you for inviting me totestif y. I don't know where the next one is goin g to be. I barely got h ere, but Igot here just in t ime.I guess if there are only t wo thin gs t o take away from wh at I'm goin gto say today it 's that, first , I d on't thin k we know how many nuclear weapon sChina h as or might get relatively quickly; and t wo, if we're serious abo ut our owndefense planning, our securit y alliances, and nuclear arms reduction s, we need tofind out.Unfortunately, Ch in a keeps all of this information secret . Here's Ithink a b ase case of what we might know. Enriched u raniu m, which is one of t hekey in gredients to make bomb s, China operates several relatively n ew Ru ssian -designed centrifuge plants that en rich, and they have an in digenou s centrifugeplant, and the estimates lookin g at the buildin gs in the pictures is that probablytwo million SWUs, or separate work units.The most h ighly regarded unclassif ied estimat es made b y theInternat ional Panel on Fissile Materials is that China h as 16 tons of weapon s -grade u ranium p lus or minus four ton s. That gives you some idea of theuncertainties. That 's enou gh to make b etween rough ly 1,000 crude f irst -generat ion design weapons and maybe as many as 3,000 if they used advanceddesigns.If you know anythin g about what they know about our weaponsdesigns, I thin k you should assu me they are very advanced.As for p lutonium, it 's unclear to what extent, if any, China hasdismantled the existing plants, but we know they've been shut down . We cancheck with thermal sign atures.If one assu mes even the most conservat ive estimates made by, again,this Internatio n al Panel, Chin a cou ld b uild an arsen al of as man y as 450 crude --that's Nagasaki st yle becau se we're talkin g plutoniu m --devices, and rough ly t wiceas many if they h ave advan ced designs.I might add we don 't know how mu ch plutonium these p lan ts haveproduced when they were shut down. So there's a lot of u ncertainty here.As for electrical power p lutonium - related activit ies, China currentlyhas a p ilot rep rocessing p lant and wants to buy an enormous plant from AREVA --the Fren ch --that could produce a thou sand crude b ombs' worth of plutoniumannually.

It's decided to place this civilian facilit y right next to its major nuclearmilit ary production facilities, wh ich one Chinese lady told me they d id because itwould b e con venien t, and that can be t aken a num ber of different ways.From this discussion, it's easy t o see h ow difficu lt it is to pinpointhow many nuclear warheads Ch ina has and how man y it could produce quickly. Tocope with these uncertainties, most exp erts, who clu ster their estimat es around200 deployed nuclear weapon s depend heavily on how man y nuclear missilesthere are--this is the reason I think Ph il's here --may not kn ow that numb er.They also assume a single large thermonuclear warhead in almostevery case for each long -range missile t h at's ob served and a few gravit y bomb sand spares.Now a lot is presumed here, and almost all the assumption s arerebuttable. They in clude there are no missile reloads, that the cruise missiles areonly con ventionally armed, that there are no tactical wea p ons on the battlefield,that everythin g is a large thermonuclear warhead that con sumes a lot of fissilematerial in each case.Now, I thin k, as I said, all of these assu mptions and others arerebuttable, but even if one makes them, there's a problem. Re cently, one of thenation's leading exp erts on Chinese nuclear forces knocked down con cerns thatChina might have 3,000 deployed nuclear warheads. He explained in some det ailwh y theoret ically the Chinese could h ave no more than 1,660 nuclear weap ons,i.e ., roughly the number of warh eads t he U.S. currently has deployed .His analysis, of course, was intended to reassure, but it's d ifficu lt tosee how su ch a wid e range of uncertainty cou ld do an ything but rattle.Why? Well, we've got four reasons wh y. F irst , su ch est imates beardirect ly on how threatening Chin a's military might be. It's fair to note, and I'veseen people on the right and left both say this, that wh at matters is how willing acountry is to use what they have, n ot the number of weap ons th ey h ave.That may be, but I t hink the willingness to risk or engage in nuclearconflict or threaten to do so may turn on calcu lation s of h ow many t argets itmight be able to destroy in a nuclear first strike and how many of its nuclearsystems might su rvi ve after an ad versary has stru ck.In these matters, to paraphrase Stalin, quantity may h ave a qualit y allof its own .Second, and related to how many weap ons Ch ina may h ave and howwillin g it is to u se t hem, is how we might prepare our defenses and the R u ssiansor other countries. I don't thin k, you know, either Washin gton or Moscow wouldlike to consider a future in which the Chinese had so many nuclear weapon s itwould feel confiden t about usin g its conventional weapon s, wh ich are quit eadvan ced now.They would t ry to d eal with this in a variety of ways, everything from98

missile defenses to maintaining certain strike capab ilities. So that number maymatter in that regard.Also, Ch inese nuclear numbers ultimat ely relat e to how much armscontrol we'll e n gage in. I don't think either the Un ited States or Moscow wouldgo very low, and we're now talking about going to a thousand or as low as 300, ifthey thought it would end up givin g Ch ina an advantage in numbers.Finally, there's the question of how the se numbers might impact theactivit ies of n eighboring states like Jap an, South Korea , an d India. In the firstinstan ce, Japan and South Korea are in the throes of trying to decide wh ether torecycle pluton ium t hat could b e used n ot only in civilian reacto rs but bomb s, andrecycle it in a big way.India, of course, is t ryin g to gauge h ow much it needs to build up todeal with Pakistan and China.In con sideration of all this, I've got fou r recommendation s. First, Ithink you need to d emand that our gove rnment do more in classified andunclassified forums to clarif y what it thinks Chin a has in the way of a d eployednumber of nuclear weap ons and reserve nuclear warheads.How mu ch nuclear weap ons materials and nuclear weap on s usab lematerial production cap acit y does it ha ve?We can also work with our allies, and to the extent possible, I wou ldrecommend we work with China. I don't know that there is much you can do withthem, but I wou ld go through the mot ions at least .Gaming, wh ich is I guess really Ph il's su ggestion --I'm takin g his ideahere--with senior officials about these question s and possible military crisesscen arios and how all the numb ers might alter or n ot alter these scen arios an dpossible arms control negot iation s with Russia and other st at es is somethin g t hatwould b e useful to do. I d on't thin k it 's been done, certainly not the latter, witharms control.Also, I wou ld explore nuclear missile talks, in itially with Ru ssia andChina and then other countries, and in these talks, the most thr eaten ing missilesare the ground -based nuclear capab le missiles. We h ave them in silos. Ru ssia hasthem on ground mobile systems, and China has man y of them, as you just h eard,in tunnels.I thin k these are the drivers of uncertainties with regard t o Chin a, andtherefore it wou ld be a useful thing to discuss.Finally, I would get China, South Korea, and Japan to follow America'sexample, and foreswear making more highly -enrich ed uranium or recycl in gplutonium either for civil or military purposes.Not knowin g what t hey're doin g, mu ch less what they've d one, is partof the general package, and we need to bear down on this diplomat ically.Thank you . That concludes my presentation. I would ask t hat the99

cop y of my test imony that I h ave, which corrected two or t hree grammaticalerrors, be the one t hat's u sed in the record .100

101PREPARED STATEMENT OF HENRY SOKOLSKIEXECUTIVE DIRECTOR, NONPROLIFERATION POLICY EDUCATION CENTERChina’s Nuclear Weapons and Fissile Materials Holdings:Uncertainties and ConcernsByHenry SokolskiExecutive DirectorThe Nonproliferation Policy Education Centerwww.npolicy.orgTestimony before the U.S. Economic and Security Review Commission“Developments in China’s Cyber and Nuclear Capabilities”March 26, 2012George Mason University, Manassas, VAMr. Chairman, members of the commission, I want to thank you for allowing me to testify beforeyou today on the question of what China’s nuclear weapons materials holdings and production might beand what the security implications might be of the U.S. and other states not having clear answers tothese questions.Some of What We KnowAs the most definitive current, public assessments of Chinese fissile materials assets and

102production capabilities notes in the 2010 Global Fissile Material Report, there is little officialinformation about China’s nuclear arsenal. One can speculate but, as this analysis explains,Without knowledge of the operating history and power of China’s plutonium-production reactorsand the capacities of its uranium enrichment plants, any estimates of China’s fissile material stocks willnecessarily have great uncertainties. 1 China, unfortunately, keeps nearly all information about its stocksof fissile materials and nuclear weapons secret. Unlike the other four other permanent members of theUnited Nations Security Council, China has made no declaration of how much fissile material it has inexcess of its military requirements or announced whether or not it has ceased production of weaponsplutonium or uranium.Regarding current production of enriched uranium, China is known to operate several relativelynew Russian-designed uranium centrifuge enrichment plants and an indigenous centrifuge plant that arebelieved together to be capable of producing roughly 2 million separate work units (SWUs) per year. 2The International Panel on Fissile Materials offers a conservative estimate that China has 16 tons ofweapons grade uranium (plus or minus 4 tons) – enough to make between roughly 1,000 (crude firstgenerationdesign) and 3,000 (advanced design) nominal 20-kiloton explosive devices. 3As for plutonium, it is unclear to what extent, if any, China has dismantled its existing militaryplutonium production plants but it is believed to have shut them down. Precisely when they were shutdown and precisely how much plutonium they produced is not known. The most definitive, publicestimates of how much plutonium China has produced presume that the plants in question, which havenot been visited, are “like” ones that China built underground for reserve production and has recentlyput on public display. 4As a result, estimates of how much separated plutonium China has on hand are hardly hard andfast. If one assumes even the most conservative estimates made in the International Fissile MaterialPanel report of 2011 (i.e., 1.8 tons), though, China could build an arsenal of as many as 450 crudeplutonium devices and roughly twice as many advanced designed plutonium warheads. 51 See International Panel on Fissile Materials, Global Fissile Material Report 2010: Balancing the Books,Production and Stocks, pp. 97-98., available at http://fissilematerials.org/library/gfmr10.pdf.2 See International Panel on Fissile Materials, Global Fissile Material Report 2011: Nuclear Weapon and FissileMaterial Stockpiles and Production, January 2012, available at http://fissilematerials.org/library/gfmr11.pdf. Forreference, it takes roughly 200 separative work units (swus) to produce 1 kilogram of weapons grade highlyenriched uranium (HEU) and roughly 20 kilograms of HEU to make a crude nuclear weapon. A crude nuclearweapon is defined as a first generation device like that used in the Second World War. The Hiroshima bomb used29 kilograms of HEU and the Nagasaki bomb used 6 kilograms of plutonium. Today, a first generation bomb isassumed to require a bit less HEU (20 kilograms) and plutonium (4 kilograms). An advanced weapons designwould reduce the amounts of fissile required to produce a given yield by between a factor of two and a factor ofthree. On these points, see Thomas B. Cochran, “The Problem of Nuclear Energy Proliferation,” in Patrick L.Clawson, editor, Energy and National Security in the 21 st Century, (Washington DC: National DefenseUniversity Press, 1995), pp. 96-99.3 The approximate fissile material requirements for crude and advanced design highly enriched uranium nominal20 kiloton nuclear weapons -- 16 and 5 kilograms -- is taken from Cochran, “The Problem of Nuclear EnergyProliferation,” p. 98 cited above in note 2.4 See Global Fissile Material Report 2010, pp. 20-21.5 Global Fissile Material Report 2011, p. 18. As detailed in note 122, this estimate is for a plutonium bombrequiring between 4-5 kilograms of separated plutonium, i.e., a crude weapons worth. An advanced weapon

103As for electrical power plutonium activities, China currently has a pilot reprocessing plant thatcan separate plutonium from spent fuel and is planning on having AREVA build it a much larger plantcapable of separating nearly 1,000 crude bombs’ worth of plutonium annually. China wants to site thisreprocessing plant adjacent to a major nuclear military production facility at Jiayuguan.Some of What We Don’tJust from this brief discussion, it is easy to see how difficult pinpointing precisely how manynuclear warheads China has, how many it might build with the non-militarized nuclear materials it hason hand, and how many it might be able to build in the future. To cope with these difficulties, the mostpopular estimates, which cluster close to 200 deployed nuclear weapons, depend heavily on how manynuclear missiles China has deployed. A single, large, thermonuclear warhead is assumed for eachobserved long-range nuclear missile. A few gravity bombs for bomber delivery are added along with ahandful of spares.Much is presumed here. Among the assumptions are that there are no missile reloads for any ofgrowing number of Chinese mobile missile launchers, that most of the growing number of long-rangeChinese cruise missiles are solely conventional, that there are no Chinese tactical nuclear weapons, andthat the Chinese have fielded mostly or entirely large, thermonuclear warheads that use large amounts offissile material rather than smaller, less fissile consumptive designs.All of these assumptions may or may not be warranted. At a minimum, we risk confusingourselves by emphasizing only the most optimistic assumptions. Recently, one of the nation’s leadingexperts on Chinese nuclear forces knocked down concerns that China might have 3,000 deployedwarheads. He explained, in some detail, why theoretically the Chinese could have no more than 1,660nuclear weapons, i.e., roughly the number of warheads the U.S. currently has deployed. His analysis, ofcourse, was intended to reassure. Yet, it is difficult to see how such a wide range of uncertainly coulddo anything but rattle. 6What to WorryAs the U.S. and Russia try to reduce or contain their nuclear weapons deployments, most othernuclear weapons states (France, UK, Israel, Pakistan, India, North Korea) would require at least one tothree decades of continuous, flat-out military nuclear production to catch up even to U.S. and Russianreduced nuclear weapons numbers. It is quite clear, moreover, that none of the listed states have yet setout to meet or beat the U.S. or Russia as a national goal.China, however, is a different matter. It clearly sees the U.S. as a key military competitor in theWestern Pacific and in North East Asia. It also has had border disputes with India and historically hasbeen at odds militarily with both it and Russia. China has actively been modernizing its nuclear-capablemissiles to target key U.S. and Indian military air and sea-bases with advanced conventional munitionsdesign plutonium weapon might use half as much or less. See note 2 below.6 See Hans Kristensen, “No, China Does Not Have 3,000 Nuclear Weapons,” FAS Strategic Security Blog,December 3, 2011, available at http://www.fas.org/blog/ssp/2011/12/chinanukes.php.

104and is developing similar missiles to threaten U.S. carrier task forces on the open seas. In support ofsuch operations, China is also modernizing its military space assets, which include militarycommunications, command, surveillance, and imagery satellites and an emerging anti-satellitecapability. 7Would China want to ramp up its nuclear weapons capabilities? We don’t know.In its official military white papers since 2006 and in other forums, Chinese officials insist thatBeijing would never be the first state to use nuclear weapons and would never threaten to use themagainst any nonnuclear weapons state. China also supports a doctrine that calls for a nuclear retaliatoryresponse that is no more than what is “minimally” required and to use nuclear weapons only for itsdefense. 8 Most Western Chinese security experts have interpreted these statements to mean Beijing is onlyinterested in holding a handful of opponents’ cities at risk, which, in turn, has encouraged interpretinguncertainties regarding Chinese nuclear warhead deployments toward the low end.What China’s actual nuclear use policies might be, though, is open to debate. As one analystrecently quipped, with America’s first use of nuclear weapons against Japan in 1945, it is literallyimpossible for any country other than the U.S. to be first in using these weapons. More important,Chinese officials have emphasized that Taiwan is not an independent state and that under certaincircumstances it may be necessary to use nuclear weapons against this island “province.” Finally, thereare the not so veiled nuclear threats that senior Chinese generals have made against the United States ifit should use conventional weapons against China in response to a Chinese attack against Taiwan(including the observation that the U.S. would not being willing to risk Los Angeles to save Taipei). 9It is fair to note that how willing China is to use the nuclear weapons it has may be moreimportant than how many nuclear weapons it may have. Yet, a country’s willingness to risk or engagein nuclear conflict may well turn on calculations of how many targets it might be able to destroy in anuclear first strike and how many of its nuclear systems might survive after an adversary has attemptedto strike back. In these matters, quantity, to paraphrase Stalin, may have a quality all of its own.Does China only have 200 or so nuclear weapons? Perhaps. But if nuclear-capable missiledeployments is the current driver of how many nuclear weapons China has deployed, perhaps not. The7 See Ian Easton, “The Asia-Pacific’s Emerging Missile Defense and Military Space Competition,” January 3,2001, available from www.npolicy.org/article_file/The_Asia-Pacifics_Emerging_Missile_Defense_and_Military_Space_Competition_280111_1143.pdf.8 On China’s no first-use policies see China’s 2008 White Paper, “China’s National Defense in 2008” availablefrom www.fas.org/programs/ssp/nukes/2008DefenseWhitePaper_Jan2009.pdf; also see analysis of this paper byHans M. Kristensen, “China Defense White Paper Describes Nuclear Escalation,” FAS Strategic Security Blog,January 23, 2009, available from www.fas.org/blog/ssp/2009/01/chinapaper.php; and M. Taylor Fravel and EvanS. Medeiros, “China’s Sear for Assured Retaliation: The Evolution of Chinese Nuclear Strategy and ForceStructure,” International Security, Fall 2010, available fromwww.belfercenter.ksg.harvard.edu/files/Chinas_Search_for_Assured_Retaliation.pdf.9 See Jonathan Watts, “Chinese General Warns of Nuclear Risk to US,” The Guardian, July 15, 2005, availablefrom www.guardian.co.uk/world/2005/jul/16/china.jonathanwatts; and Mark Schneider, “The Nuclear Doctrineand Forces of the People’s Republic of China,” Comparative Strategy, Spring 2009, available fromwww.tandfonline.com/doi/abs/10.1080/01495930903025276#preview. Also see an earlier version dated 2007,available fromwww.nipp.org/Publication/Downloads/Publication%20Archive%20PDF/China%20nuclear%20final%20pub.pdf.

105Chinese, after all, claim that they have built 3,000 miles of tunnels to hide China’s missile forces andrelated warheads and that it continues to build such tunnels. 10 If we can’t see all of the nuclear-capablemissiles China might have, there’s a chance it may have more than we currently assume. If, in turn, thenumber of such missiles is a major driver of Chinese nuclear warhead deployments, the later numbercould be much higher than most assume.How much larger? We don’t know. It is in our interest, however, to find out.Indeed, the first issue such uncertainty raises is how sound current U.S. and Russian nuclearmodernization and missile defense plans are. It hardly would be in Washington’s or Moscow’s interestto let Beijing believe it could risk using Chinese conventional forces (including China’s growing fleet ofconventional missiles) to threaten Taiwanese, Japanese, American, Indian, or Russian targets becauseChina’s nuclear forces could out deter Russian or American nuclear forces.Another question a large Chinese nuclear strategic force would raise is how it might impactWashington’s and Moscow’s current strategic arms negotiations. How eager would the U.S. and Russiabe to make much deeper nuclear weapons cuts if they thought China might, as a result, end uppossessing more deployed weapons than either Washington or Moscow? Appendix I (below) suggestswhy this might be a worry. If so, wouldn’t we have to factor China into our arms control calculations?Finally, there is the question of how China’s nuclear arsenal and potential ramp up capabilitiesmight impact the nuclear activities of states besides the U.S. and Russia.Interested PartiesJapan would certainly be one neighbor to watch. It already has nearly 2,500 weapons worth ofseparated plutonium on its soil that it was supposed to use to fuel its light water reactors and fastreactors. Now, however, Japan has decided not to build more nuclear power reactors domestically. Italso is reviewing the merits of continuing its fast reactor efforts, a program that is technically premisedon Japan expanding its current domestic fleet of light water reactors.A related and immediate operational question is whether or not Japan will bring a $20 billioncivilian nuclear spent fuel reprocessing plant capable of producing 1,000 bombs worth of plutonium ayear at Rokkasho on-line as planned in late 2012. This plant and Japan’s plutonium recycling programcan be tied to internal Japanese considerations in the late 1970s and early 1980s for developing aplutonium nuclear weapons option. Although this plant is not necessary for the management of Japan’sspent fuel, the forward costs of operating it could run as high as $100 billion over its lifetime. 11In light of the questionable technical and economic benefits of operating Rokkasho, it would bedifficult for Tokyo to justify proceeding with this plant’s operation unless it wanted to develop an optionto build a nuclear weapons arsenal. What, then, would one have to make of a Japanese decision to open10 See “Yamantau,” GlobalSecuirty.org, available from www.globalsecurity.org/wmd/world/russia/yamantau.htm;and “What’s Going On in the Yamantau Mountain Complex?” Viewzone, available fromwww.viewzone.com/yamantau.html.11 On these points, see Von Hippel, “Plutonium, Proliferation and Radioactive-Waste Politics”; Henry Sokolski,“The Post-Fukushima Arms Race?” Foreign Policy Online, July 29, 2011 available fromwww.foreignpolicy.com/articles/2011/07/29/the_post_fukushima_arms_race ; and Takuya Suzuki, “NuclearLeverage: Long an Advocate of Nuclear Energy, Nakasone Now Says Japan Should Go Solar,” The AsahiShimbun, July 22, 2011, available from www.asahi.com/english/TKY201107210339.htm.

Rokkasho if this decision came on the heels of news that China actually had many more nuclearweapons than was previously believed?South Korea, which has attempted to get its own nuclear weapons at least once, and is asking theU.S. to back Seoul’s efforts to separate “peaceful” plutonium from U.S.-origin spent fuel in Korea, issure to be watching what Japan decides. After North Korea’s sinking of the Cheonan and thebombardment of Yeonpyeong Island, South Korean parliamentarians called for a possible redeploymentof U.S. tactical nuclear weapons. Washington, however, rejected this request. 12 This raises the worrythat Seoul might again consider developing a nuclear weapons option of its own. South Korea alreadyhas its own nuclear-capable rockets and cruise missiles. How North Korea might react to South Koreadeveloping a nuclear weapons option is anyone’s guess.In addition to Japan and South Korea possibly reacting negatively to news of a Chinese nuclearramp up, there is India. It already has hedged its nuclear bets with plans to build five unsafeguardedplutonium-producing breeder reactors by 2020 and by laying the foundations of an enrichment plant thatmay double its production of weapons-grade uranium. 13 It too has roughly 1,000 bombs worth ofseparated plutonium it claims it can convert into nuclear weapons. It also has pushed development of anuclear submarine, submarine launched ballistic missiles, missile defenses, and long-range cruisemissiles. Late in 2011, it announced it was working with Russia to develop a terminally guidedintercontinental ballistic missile in order to off-balance Chinese medium range ballistic missiledeployments near India’s borders. 14 India has never tried to compete with China weapon-for-weaponbut if Chinese nuclear warhead numbers were to rise substantially, India might have no other choice butto try.Pakistan, of course, will do its best to keep up with India. Since Islamabad is already producingas much plutonium and highly enriched uranium as it can, it would likely seek further technicalassistance from China and financial help from its close ally, Saudi Arabia. Islamabad may do this tohedge against India whether China or India build their nuclear arms up or not. There is also good reasonto believe that Saudi Arabia might want to cooperate on nuclear weapons related activities with Pakistanto help Saudi Arabia hedge against Iran’s growing nuclear weapons capabilities.10612 See Julian Borger, “South Korea Considers Return of US Tactical Nuclear Weapons,” The Guardian,November 22, 2010 available from www.guardian.co.uk/world/2010/nov/22/south-korea-us-tactical-weaponsnuclear;and David Dombey and Christian Oliver, “US Rules Out Nuclear Redeployment in South Korea,Financial Times, March 1, 2011 available from www.ft.com/cms/s/0/e8a2d456-43b0-11e0-b117-00144feabdc0.html#axzz1oCEG4jBm.13 See “India to Commission Breeder Reactor in 2013,” Express Buzz,February 20, 2012, available from www.expressbuzz.com/nation/india-to-commission-breeder-reactor-in-2013/365268.html; and Paul Brannan, “Further Construction Progress of Possible New Military UraniumEnrichment Facility India,” ISIS REPORTS, October 5, 2011, available from www.isis-online.org/isisreports/detail/further-construction-progress-of-possible-new-military-uranium-enrichment-f/7.14 See “Russia to Provide ‘Seeker’ Tech for Agni-V ICBM,” Pakistan Defense, October 26, 2011, available fromwww.defence.pk/forums/indian-defence/136928-russia-provide-seeker-tech-agni-v-icbm.html; Air Marshal (retd)B.K. Pandey, “Agni-V to Be Launched By March End,” SP’s Aviation.net, available fromwww.spsaviation.net/story_issue.asp?Article=900; “Why Is This DRDO Official in Moscow?” TRISHUL,October 5, 2011, available fromwww.trishul-trident.blogspot.com/2011/10/why-is-this-drdo-official-in-moscow.html.

107What to DoWhat this discussion clearly suggests is that it would make sense for our government to takemore concerted action alone, with its allies and friends, and with Russia to clarify and constrain China’soffensive strategic military capabilities.Clarify What China Has or Will HaveIn the first instance, this means clarifying precisely what strategic forces China has deployed andis building. Beijing’s recent revelations that it has built 3,000 miles of deep tunnels to protect and hideits dual-capable missiles and related nuclear warhead systems more than suggests the desirability ofreviewing our current estimates of Chinese nuclear-capable missile and nuclear weapons holdings.It also would be useful to know what China is planning to do to expand its existing forces. Howmuch military fissile material does China currently have on hand? How likely is it that it has or willmilitarize or expand these holdings? How many missile reloads does China currently have and isplanning to acquire? Have or will the Chinese develop multiple warheads for its missiles? If so, forwhich missile types and in what numbers? How many nuclear and advanced conventional warheads isChina deploying on its missiles, bombers, submarines and artillery? What are its plans for using theseforces? How might these plans relate to China’s emerging space, missile defense, and anti-satellitecapabilities? All of these questions and more deserve review unilaterally, in classified and unclassifiedannual assessments, with our allies and, to the extent possible, in cooperation with the Chinese.Game the FutureIt also would be helpful to game alternative war and military crises scenarios relating to China’spossible use of these forces at a senior political level in the U.S. and allied governments. Such gamingwould likely impact allied arms control and U.S. and allied military planning. With regard to the later, akey focus would have to be on how one might defend, deter, and limit the damage Chinese nuclear andnonnuclear missile systems would otherwise inflict against the U.S., its bases in the Western Pacific,America’s friends and Russia. This could entail not only the further development and deployment ofactive missile defenses, but of better passive defenses (e.g., base hardening and improving the capacityto restore operations at bases after attacks) and possibly new offensive forces (e.g., more capable, longrangeconventional strike systems) to help neutralize possible offensive Chinese operations.Such gaming also should prompt a review of our current arms control agenda. In specific, itshould encourage discussion of the merits of initiating talks with China and Russia and other statesabout limiting ground-based, dual-capable ballistic and cruise missiles. Unlike air and sea-basedmissiles, these ground-launched systems can be fired instantaneously and are easiest to command andcontrol in protracted nuclear exchanges – ideal properties for employment in a first strike. These dualcapablemissiles also can inflict strategic harm against major bases and naval operations conventionally.Explore ‘Nuclear Missile’ ControlsRonald Reagan referred to these weapons as “nuclear missiles” and looked forward to theireventual elimination. Toward this end, he concluded the Intermediate Nuclear Forces (INF) Treatyagreement, which eliminated an entire class of ground-based nuclear-capable missiles, and negotiated

108the Missile Technology Control Regime (MTCR), which was designed to block the further proliferationof nuclear-capable systems (i.e., missiles capable of lifting 500 kilograms or more at least 300kilometers). With the promotion of space-based missile defenses, he hoped to eliminate all suchground-based missiles.What states have an incentive to eliminate these missiles? The U.S. has no intermediate groundlaunchedmissiles. It eliminated them under the INF Treaty. Most of our shorter range missiles areeither air-launched or below MTCR range-payload limits. As for our ground-based ICBMs, they are allbased in fixed silos and as such are vulnerable to being knocked out in a first strike. Russia, on the otherhand, has a large, road-mobile ICBM force. Yet, Moscow too is worried about growing Chineseprecision missile strike capabilities that it cannot defend against. 15India and Pakistan have ground-launched ballistic missiles but some of their most seasonedmilitary experts have recently called for the elimination of short-range missiles since these can onlyserve to escalate border disputes. As for China, it has much to gain by deploying more ground-launchedmissiles unless, of course, it causes India, Russia, and the U.S. to react. The U.S. has been developinghypersonic boost glide systems that could provide it with prompt global strike options. It also hashundreds of silo-based ICBMs that it could affordably convert to deliver conventional warheadsprecisely. None of this would be in China’s interest. Talks about reducing such nuclear-capable groundlaunched missiles, should be explored. 16Encourage China and Its Neighbors to Forswear Making HEU or PlutoniumFinally, although it may not be possible to conclude a fissile material cutoff treaty, all ofthe other nuclear weapons state members of the United Nations Security Council should press China tofollow their lead in unilaterally forswearing making fissile material usable for weapons (i.e., recyclingplutonium and making highly enriched uranium or HEU). In this regard, it would be helpful to call for alimited moratorium on commercial reprocessing with China and as many other states as possible. TheU.S. Blue Ribbon Panel on nuclear energy recently determined that it would not be in America’s interestto pursue commercial reprocessing in the near or mid-term. Japan, meanwhile, is reviewing its owncommercial reprocessing and fast reactor program given its decision to move away from nuclear power.South Korea wants to recycle plutonium but is having difficulty persuading the U.S. to grant itpermission to do so with the many tons of U.S.-origin spent fuel South Korea has. 1715 See Jacob Kipp, “Asian Drivers of Russian Nuclear Force Posture” in this volume; and Dr. Mark B. Schneider,“The Nuclear Forces and Doctrine of the Russian Federation and the People’s Republic of China,” testimonygiven October 12, 2011 before the House Armed Services Subcommittee on Strategic Forces, available fromwww.worldaffairscouncils.org/2011/images/insert/Majority%20Statement%20and%20Testimony.pdf.16 For a fuller discussion, see the “Missiles for Peace” chapter by Henry Sokolski in this volume. Also listen toaudio of a panel discussion “Missiles for Peace” held at the Carnegie Endowment for International Peace held inWashington, DC, September 13, 2010, available from www.d2tjk9wifu2pr3.cloudfront.net/2010-09-13-Sokolski.mp3.17 See “U.S Unlikely to Allow S. Korea to Reprocess Nuclear Fuel: Diplomat,” Yonhap News Agency, March 3,2012, available fromwww.english.yonhapnews.co.kr/northkorea/2012/03/08/23/0401000000AEN20120308007100315F.HTML ; andFrank Von Hippel, “Plutonium, Proliferation and Radioactive-Waste Politics in East Asia,” analysis published onThe Nonproliferation Policy Education Center website January 3, 2011, available fromwww.npolicy.org/article.php?aid=44&rid=2; and Takuya Suzuki, “Nuclear Leverage: Long an Advocate of

109China is committed to having AREVA build it a commercial reprocessing plant that is nearlyidentical to the one Japan is now reconsidering opening late next year at Rokkasho. As already noted,these “peaceful,” commercial reprocessing plants can produce at least 1,000 bombs worth of nuclearweapons-usable plutonium annually. Still, they are not technically necessary for the operation ofnuclear power and are uneconomical compared to using fresh fuel and not recycling it. Promoting alimited plutonium recycling moratorium, in short, would be useful and could garner some support formore general fissile material production restraints.Nuclear Energy, Nakasone Now Says Japan Should Go Solar,” Asahi.com, July 7, 2011, available fromwww.asahi.com/english/TKY201107210339.html.

110APPENDIX IFigure 1: The Next Decade, Nuclear Uncertainties and CompetitionsThe numbers used to generate this chart came from U.S. Department of State, “New START Treaty AggregateNumbers” Fact Sheet; Robert S. Norris and Hans M. Kristensen, “US Tactical Nuclear Weapons in Europe,2011,” The Bulletin of Atomic Scientists Vol. 67, No. 1, January/February 2011, pp. 64-73, available fromwww.bos.sagepub.com/content/67/1/64.full; Zia Mian, A.H. Mayyar, R. Rajaraman, and M.V. Ramana, “FissileMaterials in South Asia and the Implications of the U.S>-India Nuclear Deal,” in Henry Sokolski, ed., Pakistan’sNuclear Future: Worries Beyond War, Carlisle, PA: Strategic Studies Institute, 2008, pp. 167-218; Shannon N.Kile, Vitaly Fedchenko, Bharath Gopalaswamy, and Hans M. Kristensen, “World Nuclear Forces,” SIPRIYearbook 2011, available from www.sipri.org/yearbook/2011/07; “Nuclear Weapons: Who has What at a glance,”Arms Control Association, available from www.armscontrol.org/factsheets/Nuclearweaponswhohaswhat; “statusof World Nuclear Forces,” Federation of American Scientists, available fromwww.fas.org/programs/ssp/nukes/nuclearweapons/nukestatus.html; Alexander Glaser and Zia Mian, “FissileMaterial Stockpiles and Production, 2008,” Science and Global Security, Vol. 16, Issue 3, 2008, pp.55-73,available from www.tandfonline.com/doi/abs/10.1080/08929880802565131; Warner D. Farr, “The ThirdTemple’s Holy of Holies: Israel’s Nuclear Weapons,” USAF Counterproliferation Center, CounterproliferationPaper No. 2, September 1999, available from www.au.af.mil/au/awc/awcgate/cpc-pubs/farr.htm; and Kenneth S.Brower, “A Propensity for Conflict: Potential Scenarios and Outcomes of War in the Middle East,” Jane’sIntelligence Review, Special Report No. 14, February 1997, pp. 14-15; Robert S. Norris and Hans M. Kristensen,“US Nuclear Forces, 2011,” Bulletin of the Atomic Scientists Vol. 67, No. 2, March/April 2011, pp. 66-76,available from www.bos.sagepub.com/content/67/2/66.full; Robert S. Norris and Hans M. Kristensen, “RussianNuclear Forces, 2011,” Bulletin of the Atomic Scientists Vol. 67, No. 3, May/June 2011, pp. 67-74, available fromwww.bos.sagepub.com/content/67/2/66.full; Robert S. Norris and Hans M. Kristensen, “Global Nuclear WeaponsInventories, 1945-2010,” Bulletin of the Atomic Scientists, Vol. 66, No. 4, July 2010, pp. 77-83; William Wan,“Georgetown Students Shed Light on China’s Underground Missile System for Nuclear Weapons,” TheWashington Post, November 29, 2011; Hans Kristensen, “No, China Does Not Have 3,000 Nuclear Weapons”;and Robert Burns, “US Weighing Steep Nuclear Arms Cuts,” Associated Press, February 14, 2012, availablefromwww.boston.com/news/nation/washington/articles/2012/02/14/ap_newsbreak_us_weighing_steep_nuclear_arms_cuts/.

111PANEL II: QUESTIONS AND ANSWERSHEARING CO -CHAIR FIED LER: It will b e entered. As long as you give itto us, so done.MR. SOKOLSKI: It's all done. You r staff got it this morn ing.HEARING CO -CHAIR FIED LER: Let me ask Dr. Karber a quick question .You took somewhat of a beatin g in the press wh en you r report came out, and if Iunderstood you correctly, and correc t me if I'm wrong, you're not saying theyhave 3,000, you 're sayin g that they have the cap acity in underground tunnels t ohandle 3,000 weapons? Isn 't that correct? All right.DR. KARBER: Could I explain that for --HEARING CO -CHAIR FIED LER: Please do. Let's be clear.DR. KARBER: I h appened to be on the advan ce team f or SecretaryCarlucci in Moscow when the first d iscu ssions ab out Nunn -Lugar were going on ,and we were out at Russian Strategic Rocket Force Command facilit y, about 30klicks out of Mosc ow, and we were h aving a d iscussion with a couple of lieutenantgenerals f rom the Soviet army about how many --initially, Nunn -Lugar, we weregoing t o offer them railroad, special railroad train car s for movin g nuclearweap ons, and the p ermissive act ion lin k containers for warheads.So we we're talking to the general, and the general was verydismissive and said we can build our own railroad cars, we don't need that, butthe warhead containers would be interesting. You seem t o be ahead of that andso forth . So we said, oh, well, how many of those would you need? And he said,well, we wou ld need about 40,000.And I was a little slow on the d raw, and I go , why do you need two ofthose for each of your warhead s because for 15 years, ou r national intelligenc eestimates h ad said t hat the Ru ssians h ad stocked and were only at 22,000warheads.My colleague who was with me was a lit tle smarter, and she said youmean you have more warhead s than 22,000? And, in f act , the Russians had 42,000warheads.Now if you go throu gh that personal experien ce, that mean s wemissed 20,000 Russian nuclear weapons at the height of the Cold War, and wedidn't ju st do it in one estimate. We d id it repeated ly over a 15 -year period .So if one is in that, has personally experienced that, it perhaps makesone overly jaundiced about estimates b ased on a wh ole host of assumptions aboutwhat other people have when they're intentionally tryin g t o hide stuff.So that's sort of the background. Now my specific referen ce to thecomment was twofold. One is we have seen Chinese references to the saf edistan ce they would like bet ween systems that are underground, and that

describes a thou san d meters f rom a low air burst. So if you take the radiu s ofthat, it would be roughly a mile ap art . S o if you had 3,000 miles of tunnels an dyou wanted to put warheads in them, using that calculus, you would have room toput a thousand, 3,000 warhead s in there.There's a second issue, and that's their force stru cture, and this Iwant to be very clear abo ut becau se I t hink peop le have made statements that aredemonstrably wron g and can be clearly shown. If you, say, take the D F -11s an d 15tactical missiles, both we and the Ru ssians and , I believe, the Chinese havedevelop ed warheads that essentially can g o on the missile.You can h ave a conventional warhead on the missile. You can have anuclear warhead on the missile --on the same missile and t he same forcestructure. The force stru ctures are designed to have mu ltiple fires. So, f orexample, in NATO wi th our tactical syst em, the Lance, we h ad for one Lancelauncher, we h ad ten nuclear warheads.So if you look at Ch ina's force stru cture right now, you cou ld easilyabsorb 3,000 nuclear weapons, not only in the tact ical syst ems, wh ich we rate asnot havin g an y nuclear capabilit y desp ite their test ing or claiming they've test edan ER warhead , reloads for the D F -21s, and systems that don't get mentioned veryoften, naval nuclear weap ons. We've seen stuff in their lit erature ab out havin gnuclear weapon s on a ttack boats, wh ich could be a torpedo, a cruise missile, or amine.And we've seen the recent tests and their discu ssions about ballisticmissile defense. It's not at all clear that that ballist ic missile system that they'retesting is not d esigned to ha ve a small nuclear weapon on it and actually be u sedin con junction with the forces that are in the tunnel for protection .So the short answer to your question is, no, I did not pred ict or saythey have 3,000 warheads. Wh at I am saying is it's going t o be extremely hard forus to kn ow wh en an d how many they do have if we con clude that they have ahigher stockp ile of fissile material.HEARING CO -CHAIR FIED LER: And it 's wiser that we assume more thanfewer.DR. KARBER: My f irst point would be, of cours e, wou ld be t o notassu me an ythin g an d confront them an d ask them, and point out to them, that wehave the option of assu ming the worst , but they have the option of help ing usunderstand so we d on't assume the worst.HEARING CO -CHAIR FIED LER: There is a point, ju st one quick questionto both of you, there is a p oint where t he number doesn't matter as mu ch over acertain number, but low numbers, 400, is a meanin gful thin g. Maybe, I meanhypothetically, there may be no meanin gful difference b et ween 2,500 a nd 3,000strategically; right?DR. KARBER: Right.112

HEARING CO -CHAIR FIED LER: But 400 --but the difference b etweenfour and 2,500 is huge.DR. KARBER: Can I just give you t wo real quick examples? In thetheater, we h ave or our allies have forces there, we have withdrawn all of ourtactical and operational nuclear weapons from the Asian t heater. TLM s are gone.Nuclear art illery is gone. Tactical air is gone. The only thing we have left are theB61 bomb s that have to be brought into the theater, and t hose go on veryvulnerable air bases.Now, right now, we hold that Ch ina has no tactical nuclear systems,and yet the missiles that could carry nuclear weapon s, righ t now , tod ay , by D oDrecognition of their numbers, not creat ing an y more, wou ld be in exce ss of 1,200.So that's 1,200 to z ero.We--the Ru ssian s got rid of our INF systems. They have 120 DF -21s,assu ming n o reload s and assuming that only 70 of those are nuclear. But all 120could be nuclear. That's in the theater. Right now we assu me that they h ave only20 ICBM s that can h it the United States with sin gle warheads. But if you go tothe--just MIRV, the D-5, right now, with five M IRVs, that goes to a hundred . Ifyou go to ten MIRVs per launcher, which it cert ainly has the throw - weight to d o ,and you suddenly h ave 200 American cities that are held h ostage.The differen ce bet ween 20 and 200, I would argue, is hugepsychologically in a crisis. I'm not talking about --HEARING CO -CHAIR FIED LER: No, I understand.Larry.HEARING CO -CHAIR WORT ZEL: Th ank you very mu ch, both of you. Thisis your William Wan , "Digging Up Ch ina's Secret s" slide, Washington Post,November 30, 2011.One of the thin gs, t hese little tidbits of informat ion on there, isChinese ref eren ces cite up to ten reloads per tr an sporter/erector/launcher.If you just look at t he figures the federal govern ment has given out,400 launchers, maybe 1,500 missiles, that's fou r reloads. You just said thatperhaps 70 D F -21s--DR. KARBER: 70.HEARING CO -CHAIR WORTZEL: 7 -0. May be nuclear capable.DR. KARBER: That 's what the U.S. government says.HEARING CO -CHAIR WORTZEL: Right. That mean s 280 to 700 nuclearwarheads. I mean t hat's a big d ifferen ce.Now, and I recogniz e the gap you pointed out. M y dilemma is, and it 'ssomethin g Henry pointed to, there's an arms control ad vantage in minimizin g t henumber of warhead s you h ave b ecause the other side may disarm more or dep loyless missile def ense. But wh at's the strategic ad vantage of hiding this totalnumber of warhead s if your stated goal is minimal deterrence?113

I mean you 're already up to mutually assured d estru ction with thatmany warhead s. So, strat egically, wh y would the Central Military Commission ofChina want to hide all these numbers? Why not ju st go for compl ete deterrence asthe Soviet Un ion?DR. KARBER: I know--this may be a limitation on our research --but Iknow of no Chinese milit ary docu ment t hat says they have a minimum deterrentstrategy. They have a strategy, they say they have a strat egy of no firs t use withcertain caveats.The imposition of a minimu m deterrent is a Western construct, andthat has been superimposed on, in my opinion, their st rategy to t ry and exp lain it.I myself believed that until I started doing research into their history. I thou ghtat least in the early years, they had a minimu m deterrent strategy, and then onlyrecently d id they go to warfighting.We went back and looked at their exercises and the details of whatthey were doing even with their tactical and operation al sys tems, the early D F -2sand DF-3s. They were doing warfightin g with those in terms of the target s an dthe allocat ion of warheads. So I thin k, first of all, that needs to be seconded andput to rest .Secondly, I thin k their concept, and I h ad some actual q uotes fromsome of their major documents, Science of Second Art illery Campaign s, Science ofMilitary Strategy, and Science of Military Camp aigns, and t hese are theirdocuments that they use to train their senior officers on, and what 's interestin g isthey do not describ e that. They have a term which they call "det erren cecamp aign s," and wh at a deterrence campaign is, either in a crisis period prior t o awar or in the middle of a war, one suddenly reveals a larger and mu ch morerobust force stru cture than t he opponent thinks you h ave.And the con cept is t o get the opponent then to back down in a crisisor a conflict and not escalate, and this is actually called a "deterrent campaign ."It's a formal military operation, wh ich combin es decoys an d movin g manyadditional asset s an d so forth. So I think built into their constru ct is this con cept--and I'm not saying that they don't h ave the term "deterrence." It's interestin g.If you look at the Chinese characters f or deterren ce, their terms are not passivelike "inhibit " or "dissuade." It's extremely forceful, in you r face, pressure, cower,so forth.What's interestin g about it, and then you sort of say why, wh y do theyhave such a more--what Tom Schellin g would h ave called a compellant orientationrather than a deterrent orientat ion? Part of it is they were well trained . We andthe Russians, every time they acted up, in the '50s, '60s an d '70s, we'd march upand down the coast with a fleet, we'd p ut nuclear weapon s on Taiwan , and wedidn't mind rattlin g the m. We taught t hem if we were t ou gh, you shou ld see whatthe Russians did wit h them, in terms of saying, yeah, nuclear weapons count an d114

got in their face an d we'd maneu ver them and deploy these things.So the Ch inese learned, hey, when you don't have mu ch, and you get anuclear weapon , an d you're in a b argaining position with somebody who h asthem, sudden ly revealin g nuclear force can be extremely p owerful and get you toback down . So I think it 's built into their strategic con cept.HEARING CO -CHAIR WO RTZEL: You 're also su ggestin g, thou gh, thatthree or four U.S. scholars actually con structed wh at we in fer to be Ch ina'sstrategy, and you've never seen it in Chinese doctrine.DR. KARBER: You see them referrin g to the American scholars.HEARING CO -CHA IR WORTZEL: Right.DR. KARBER: Part icularly their diplomatic and arms control people,but in terms of the milit ary, no.HEARING CO -CHAIR WORTZEL: Th ank you.HEARING CO -CHAIR FIED LER: Michael.COMMISSIONER WESSEL: Than k you, gentlemen . Henry, welc omeback.Dr. Karber, I'm not a military expert . What are the refueling, notrefuelin g, fueling implication s? Can t hat be done underground? Man y of theirdelivery veh icles use liquid fuel; correct? Can that be don e underground? Do wehave an y ad van ce d notice therefore on ce they take the it ems out of the GreatWall, out of the tunnels?DR. KARBER: That was a real serious p roblem we h ad with the DF -2sand 3s, and the 4s and 5s. But the 2s and 3s, which were t heir tactical andoperation al theater syst ems, they basically would take them out and assemble thewarhead extern ally and then fuel them becau se what happens, if you fuel theminside the tunnel, t he fumes from that can be extremely lethal, volat ile andlethal.With the DF-11 and 15 that replaced the 2s and the 3s, and the DF -21s, those are all solid fuel missiles n ow. So you do not h ave the fueling issu ewith the tactical an d theater issues. They're gon e. Th ere may be one training DF -3 regiment left, but all the rest are gon e. So they've essen tially comp letelyconverted their entire tact ical theater f orce stru cture to solid fuel missiles, an dthat also, of course, goes f or the D H -10 cruise missile.The DF-4, which was a continental missile, was basically a missiledesigned to sort of cover mid dle Russia, and are apparently all gon e now. So theonly liquid fuel syst em left is the DF -5. They were put in silos.It's interestin g. You see numbers somewhere bet ween four and 20silos. The Chinese t hemselves say they've created a number of silos t h at werebasically fake decoys so it's not clear exactly how many D F - 5s they h ave. So Ithink the normal number people assume is ab out 20 that are still liquid fuel.Several t imes they have chan ged the f uel mix in the D F -5 to give it115

more throw-weight an d perhaps less volatility. The silos appear to have the air -conditioning aspect s of it so you can actually fuel it . It's n ot clear whether theyhave to pop the top of the silo or not t o fuel it safely.What's interestin g is that syst em now appears to be receiving theMIRV missiles. So if you'd h ave asked me, I would have expected them to sort ofretire it, but because it has the throw - weight like of our old Titan, and you canput, in theory, ten very decent - sized M IRV missiles on it, an d they appear to bekeep ing it . It's interestin g that they're retainin g them.Now that ties in then with the recent test of a ballistic missile defen sebecau se we've seen discussion s of them actually u sing low - yield nuclear weaponsto intercept over the ICBM silos and de tonate, essentially creat e fratricide amongour incomin g RVs. They would ride it out and then do the defense, very mu chsimilar to the origin al U.S. safegu ard system, wh ich h ad the long -range intercept,ex-atmospheric interception and the sh ort range low - yield Sprint.And it's interestin g that they seem to b e lookin g at that, b ut theanswer to your question is, yes, they appear to have the missiles fueled in thesystem and also maintain their warhead s. In the various photographs that wen tinto the artist sket ch that Dr. Wortzel --we see lots of that going on.So the tunnel complexes, they'll have t hese mini -laterals where theystore missiles. The TEL, the Tran sporter/Erector/Launcher, will come into one ofthese big bays. It 's our term callin g it a gall ery. You'll see rail lines consistentlyin those, and then t hey brin g in on little tracks the rep lacement missile. There'susually a Gantry crane over top , and it picks them up, and then with the missilemount, the warhead would alread y be mounted and it 's already fueled, and you'regood to go.You wou ld also perhaps load up several reload veh icles that wou ld goout with them so you could have several reloads out in the field, and that may bewh y we're only assu ming four reloads p er launcher, one on the launch er and t woor three on the reload vehicle, but, in t heory, the tunnel complex, it n ot onlycould , but is design ed to , have substan tially more, and we see them in theirexercises when they describe it. And not talking about ju st conventional --nuclear.They talk about being out, havin g fired the missiles, takin g incoming nuclear h itsto the unit; the unit goes into a new tunnel complex and d oes what they callrecon stitute, reorganize, recon stitute, reload the systems and go out on anotherfiring camp aign .COMMISSIONER WESSEL: Okay. Henry, any thou ghts on recentproliferation issues sin ce that's one of t he statutory mandated issues for thisCommission ? What should we be lookin g at or cognizant of these days?MR. SOKOLSKI: Pakistan.COMMISSIONER WESSEL: Okay.MR. SOKOLSKI: Quite a state.116

COMMISSIONER WESSEL: Okay.MR. SOKOLSKI: Wat ch it . It will set the last of the p recedents youneed to have wild, wild West policy. We have alread y on e policy f or North Korea.I guess we h ave a different one for India. We had a kind of implicit p olicy towardSyria. And we're ab out to get another new one for Pakistan where we will blin k.They will supply reactors. Th ey will claim they were grandfathered when theyweren't, and we will let it happen.In addition, most of the production cap abilit y that you see,particularly with plutonium, gets lots of Chinese help , to say nothin g of themissile technology.So that one is pretty in your face. It's not --you don't even have tospeak--COMMISSIONER WESSEL : You don 't have to look for net works or do allthe--MR. SOKOLSKI: --or do anythin g to get at that information . Just theWash ington Post will do. You sh ould b e able to crack the code on that on e.COMMISSIONER WESSEL: Than k you.HEARING CO -CHAIR FIED LER: Dennis? Or Dan . Excuse me.COMMISSIONER BLUMENTHAL: Than k you.Very good testimon y and I've heard it all before, but it's good everytime.[Laughter.]COMMISSIONER BLUMENTHAL: It's like seein g the Godfather. So Imean I'm con vin ced from bo th of you t here's enough f issile material there to dowhatever you want without much control. Th ere's every reason there's enoughwarheads and there are enou gh missiles and so on, and then you look at what theU.S. can do con ventionally. You know, if I'm in China, I'm t hinking this might b e agood idea to go up in nuclear weapon s.But I'm not in Ch ina. So what are they thinkin g? And if it is morecompellant, at what point were they going to roll out this compellant nuclearforce or did they put out enou gh so that you could find it?In other word s, if you're goin g to comp el somebod y, you h ave toactually demon strat e that you have a force to comp el them. I find the storycompellin g I mean b ecau se if you all of a sudden sh ock people and say that youmight have 1,500 or even more warh eads or you're ru shing to parit y, then, yeah,you're going to get the whole region 's attention. No question. Particularly whenwe're goin g down.So wh y haven 't they been more forthcoming ab out compelling? That'ssort of Larry's question. Wh y hid e it ? Or maybe they d idn't. Maybe they let yousee, maybe they let you see stuff, and Phil Karber was the one who p icked it up.MR. SOKOLSKI: M aybe they don't h ave it.117

DR. KARBER: I think, first of all, they've had throughout th e period,you have to remember that Ch ina came to the modern era from essentially beinggrossly inferior.COMMISSIONER BLUMENTHAL: Right.DR. KARBER: We an d the Russians came to it from havin g superiorityat various times. We cert ainly, and even the R ussians vis-a-vis Ch ina. And sowe're aware of all t he limitation s of su periority , the stuff is only usablesometimes, and it's frequently n ot that useful of a d evice f or compellance.If you 've been a victim of compellan ce, however, you have a differentperception of it . So there's a dan ger, I think, of us symmet rically lookin g at an dimposing ou r view on it. I thin k given t hat in their view, D eng Xiaopin g had astatement that wen t somethin g like "hide your light in the darkn ess, but buildyour capab ili t y." I'm not doing justice to it. Larry, I'm sure , will remember.Hu Jintao has repeated that as recently as t wo years ago. I think theirgeneral philosophy was , build up your capability until you're read y, and thendon't, and don 't get in the ir face. Now, it's interestin g, 2009 was the 60thanniversary of the PRC, and in Ch inese cosmology, the 60 years, 12 years is acycle, and you have five cycles, which completed what symbolically wou ld be t heequivalent of a century for u s. It 's really an i mportant meaningful term, a 60 -yearperiod .So it was interestin g, in the sprin g, in 2009, in the sprin g, they hadthe huge naval review like they'd never had. You ’d thin k it was the Queen ofEngland. In the su mmer they had the largest exercise they'd ever h ad in thehistory of the PLA includin g anti -terrorism exercise with 3,000 tanks, wh ich wassort of cool.[Laughter.]DR. KARBER: You h ad the huge parade, which they made much of, andyou had the first air show in Octob er. Well, Second Artillery h adn't had it s thing.It didn't h ave its day in the sun throughout that whole year, and so my imp ressionis that the announcement on December 11, 2009, was their coming out as well,which was, okay, we' re doing these, we now h ave 3,000 miles of these tunne ls.It's interestin g that we paid almost no attention to it. I mean virtuallythe story was ignored both officially an d in the press, and yet in their press, t heywould go, oh, the American s--I can show you titles, "American s Are Shakin g Overthe Revelat ion that We Have 3,000 M iles of Tunnels." So, in their mind, they h adthis imp act on us even though we know it wasn 't real.Now, wh at's interesting also is that Hu Jintao in h is speech on theanniversary said the last p revious 60 years was coming ou t fro m our weakn ess.Now, we have in the next 60 years a new era in which Chin a is stron g.So I don 't thin k it 's accidental that they came out with thisannouncement. In f act, I thin k the announcement is very f ragrant in terms of its118

implicat ions.I thin k operationally we're likely to see stuff at their con veniencewhen they decide t hey want to do it. My guess is it's bet ween now and 2020. Inother words, I'm not predict ing next week there's going to be a sudden event.Two thin gs I wou ld wat ch for: one is a crisis, in wh ich in t he crisisthey unveil a lot of stuff that we had n ot seen . You saw p erhaps a precursor ofthat during the n ast y stuff going on in t he summer of 2010 in the South China Seawhen they were makin g their u sual chest -thumping, and then they went and fired71 live missile f ires in the South China Sea. It was an extremely intense missilecamp aign that, again, we h ardly noticed but made huge waves --excuse the pun --inSoutheast Asia.The other is with the strategic forces. When they're read y, when yousee the 41 out there and the 5s are M IRVed, and we're st arting to talk in ourannual posture st at ements ab out a China with two or 300 warheads aimed at theUnited St ates, I think you're going to see then them acting as if that 's t rue, an dthat's goin g to be a very different approach than the current one.COMMISSIONER BLUMENTHAL: Than k you.HEARING CO -CHAIR FIED LER: Commissioner Shea.CHAIRMAN SHEA: Thank you, both, for being here.Earlier this morning, we heard from General Cart wrig ht, the formerVice Chairman of the Joint Chief s, and he said that one of the things that con cernshim is this apparent split bet ween the civilian leadersh ip and the milit ary whichmanifests it self p eriodically, for examp le, at the ASAT test.Do we know enou gh about who controls China's nuclear force andfissile material? I would assume that the individual who gives the authorizat ionfor the use of the n uclear weapon wou ld be the Chairman of the Central Milit aryCommission who would be the General Secre tary of the Communist Part y. But dowe know enou gh ab out how they make decision s and what 's going on there?DR. KARBER: On e of the reasons I subtitled my t estimony, "AmericanStrategic Entrop y," using the word "entropy," is becau se to me the entrop y ishavin g an id ea what it is you don 't kn ow.And so my view is, no, we do not know, we do not know what weought to kn ow or n eed to know about it. So now I thin k there are p eople who willgive you very stron g, good eviden ce an d track and are much more exper t than Iam on that sp ecifically.Three quick comments. One is it appears accurate , and I know nothin gthat wou ld be in con sist ent with the con cept , that the Central Committee, CentralMilitary Committee and its chair are at the top of the chain . On th e other han d --and in terms of the structure systems, I think Mark Stokes is America's livingexpert on the allocation of the special warhead detachmen ts and I think there is amisleadin g deal that when peop le say t hey have them centralized , it 's not like i t's119

in one facility, but t hey do appear to be centralized out in t he various b aselocations, and then the base location s h ave warhead distribution units.So it's in con ceivab le that a number of systems that might beconsidered nuclear or certain ly nuclear capab le may not h ave their warhead s withthem in peacetime. That might be allocated to them. Wh y that's important --thisis the third issue --is--and this is what is so unclear, in my opinion --is where doesrelease authorit y and firing authorit y overlap ?So we know, for example, the Ru ssians, when the Russians put themissiles into Cuba, the Central Commit tee gave, and the General Staff gave ,release authorit y to the Russian general in ch arge in Cuba, and with thatauthorit y, he had the right to f ire tho se FROGs that we did n't know were there.So one wonders wh ere that overlap occurs and when it occurs. Inother words, how far down that chain it goes. Generally, what we've done hasbeen very, very tigh t, and so --with our own forces-- we assume, well, you've gotto have a presidential release all the way down to the fire u nit. It's not clearwhere that is with China or where it would reside in a crisis or, even worse, in aconflict where these missiles are being fired.They have made an interest ing sta tement that needs to be taken intoaccount because I t hink it's seriou s, an d that this commit ment to have a no f irstuse does not apply if their territory is b eing attacked . That was mad e by theCommander of the Strategic Rocket Force.Now what 's interesting is if they're claiming that the South China Seais sovereign territory, that itself raises an interesting issue becau se he didn't sayattacked nuclearlyor attacked con ventionally. In fact, h e specif ically ref eren cedthat they would not tolerate a con ventional air attack like we did againstYugoslavia or Belgrade on Ch ina without respondin g with nuclear weapon s.So wh ere in a conflict is that release given and then left to theatercommanders, and I use the word "theat er" becau se one thing that is real lyinterest ing that again you ou ght to track very carefully over the next few years isthe Chinese have been buildin g theater commands.In the old days with the Russians, we would have called those TBDs,theaters of operat ion. And sin ce 2000, they've b ee n imp lementing these, an d it'sinterest ing, they say the whole theater system will be complete in the year 2020so that will be a year tolook for this.CHAIRMAN SHEA: Thank you .Mr. Sokolski.MR. SOKOLSKI: In t he remaining 25 seconds.HEARING CO -CHAIR FIED LER: No, you got time.MR. SOKOLSKI: M r. Stokes did a paper f or us recently on the CulturalRevolution and what happened to the n uclear arms and how they were fou ghtover. That experien ce made him con clu de that there is a reason in h istory and120

culture to keep the numbers of these weapons down . It d oesn't go with the flowof what we're telling you . It's useful to read. It may b e right.I want to emphasiz e we don 't know. Th at mean s we shou ld n't assumewhat 's goin g to be. We need to find ou t.HEARING CO -CHAIR FIED LER: I'm with you.Commission er Cleveland.COMMISSIONER CLEVELAND: Should ou r lack of knowled ge have aneffect on our d iscu ssion s with the Russians about weapons reductions?MR. SOKOLSKI: I think so on a couple of scores. Fi rst of all, I sat andlisten ed to a very senior ad ministrat ion official talk about our future, the futureof arms control and strategic forces.The presentation went on for 90 minutes. It was a terrificpresentat ion for 1990. It did not make a whole lot of sen se now or ten yearsforward . Wh y? I d on't thin k the Ru ssians are the main event. They got a lot ofthings, but are they really goin g to figh t a big war with us or our allies? I d on 'tsee it .When I look at Chin a, they seem to have a bone to pic k wit h a lot oftheir neighbors. Th ey have a bon e to p ick with u s. So sh e did not mention --thisperson--China once in 90 minutes. I pointed this out. I said you shou ld get on e ofthose cu e cards, put the word "China" in there and st art talking ab out it .I thin k it 's becau se we have an easier t ime talkin g with the Russian s,if not gettin g to an agreement, than we do the Chinese. Th e Chinese are mu chtougher to deal wit h. They don't like t o talk about an ything. You give themsomethin g for f ree. The y won 't take it . They're suspicious.So wh at you do is you retreat from that which you can't immediat elyget sort of measurable progress on . I t hink it's a big mistake. I'll tell you wh y.It isn 't ju st the Un it ed States that ough t to be curious about this. TheRussian s are. The more you read Ru ssian military literature, and we've got someessays from people who do, the more you discover they're worried ab out Ch in a.There are very few things about which we can cooperate with Russia and be onthe same frequen cy. This might very well be it . Th at we're not focu sing on this isa mystery to me, ab solute mystery.By the way, you know from my days workin g on that commission withyou, I'm no big fan of the Russians. Bu t here maybe it wou ld be useful t o fo cu s.We don't . I d on't t hink we've brought the topic up.COMMISSIONER CLEVELAND: Th at's interestin g. Dr. Karber, do youhave an ythin g to ad d?DR. KARBER: I certainly agree with everything Hen ry said . I wouldjust add that I thin k that we h ave not g iven the intellectual capit al to the issue oftripolarit y. We really have not thou ght it through, and I don't think a lot of thelessons we learned from bipolarit y necessarily apply. If you look back h istorically,121

multipolarit y is reasonably stab le and b ipolarity is reasonably stable.Multipolarit y is wh ere you h ave lots of plays and they balance again steach other. Tripolarity is extremely unstable becau se a combination of any t woplayers b asically offers the ab ilit y to take the other player out, and I think that'sextremely dan gerou s. I ju st don't thin k we've thou ght through a lot of theimplicat ions, and so if we h aven't thought them through in terms of strat egiccontext, then one ought to do that, and then from that flow arms control.I spent some years negotiat ing with the Chinese as an aviationexecutive. My experience is that they will tell you they d on't like to negotiate,but if you sit down and say we have a p roblem, and here is what the likely --you 'renot threatenin g, but here's the likely c onsequen ces of where we go if we don't getan agreement and you can illu strate that to them, frequen tly they come around.So, for example, if we and the Ru ssians said we can 't st ay in the INFTreat y, either you're goin g to get in or we're goin g to get out --COMMISSIONER CLEVELAND: Right.DR. KARBER: --and we don 't thin k that it's goin g to be all t hatattract ive to you if we get out, I thin k t hat has, that kind of conversation, quiet,not threatenin g, thoughtful, treatin g t hem as a peer, has potential. I wouldn'tbandy it as a n ation al objective. I wouldn't even want to do it --you want to do itvery, very, very quietly.MR. SOKOLSKI: I think it 's very hard to do anythin g very quietlyanymore. So heads up. Part icu larly wh en you talk about arms contr ol, I wouldgenerally make the same point. I don 't know that I would go down that part icularpath to threaten to break out of the INF. I don 't thin k we are that built up to p laythat game, number one.But we do have something both the Russian s and the C hinese careabout, and that is t urning long range missiles that have nuclear warh eads intoconventional missiles.They care a lot about that. To be honest, I thin k they overestimatewhat we can do, kin d of like the Russians and SD I. Good . One of the po ints t hat Imake--I think I actually have a footnot e --is, you know, give them the chan ce toreduce the ground - based missiles, wh ich they h ave a lot , or then if we can't , thenwe have to u se our ground -based missiles, which we have p lenty of them in theMidwest, in a different way, wh ich they will not like.So there are lot s of different ways you can paint a future t hat theymight not like that they can avoid . We should at least try. We're not evenplaying this game, as best I can tell. By the way, wh at I suggest is not veryexpen sive either.HEARING CO -CHAIR FIED LER: Commissioner Slane.COMMISSIONER SLANE: Than k you for t aking the time to testify.Can you talk a little bit about the status of the anti - ship ballistic122

missile?MR. SOKOLSKI: It's sor t of Mark Stokes' little bab y, but I'll defer toyou on that one.DR. KARBER: It 's the DF -21, the latest model, wh ich t ypically is calledthe "D." It 's an interestin g scientific challen ge becau se with a ballistic missile,the nice things about it is you get speed, they go a long distance in a shortamount of time.The problem is you 're going again st a movin g target so there's a limit ,a finite limit, to the accuracy that you can have b ecause the issue is gettingupdates to where t hat ship will be as you're coming in the last t wo or threeminutes.When you 're a ballistic missile and you r velocity is coming inextremely fast, you actually create on t he nose cone of the missile a heat plasma,and that heat plasma basically prevents most of your seekers from bein g able t osee throu gh that plasma.So if you have a slow-movin g missile coming in, like a cruise missile ora limited tactical missile, h e can do last minute upgrades b y trackin g the target orgetting feedback f rom it and controllin g the missile.So wh at's interestin g about that missile is to offset that, they've gonethrough an extremely comp lex approach, and that is to basically take the missileand fire it in a ballistic trajectory, and then as it comes through the atmosphericand becomes atmo spheric, then have t he vein s on it actually make it aerod yn amic,and so it slows down and goes at a much lower sp eed and actually at a slantangle, and then that slant an gle, that p lasma has now slowed down so you canactually see through the plasma, and t hat allows you then to home in on thetarget and actually home in on the moving target .That is an enormou sly complex scientif ic challenge to get t hat and pullthat whole thing off becau se you not on ly need a missile that has those kinds ofaccuracies, yo u 'd like to be able to h ave it updated before he actually goes intothis dive becau se once he's in that dive, he's locked in on a very narrow trajectoryso you need sp ace asset s, you need communication assets, you need somethingtrackin g that carrier initi ally to get him in the general b asket, and then ju st thesheer process of getting him into that maneuver is very complex.They have been workin g at it h ard and seem to be making p rogress onit. Bet ween now and 2020, I thin k it is a reasonable assumption that they willhave some degree of effectiveness against particularly large ship s.What's interestin g is, well, that h as sort of sucked all the oxygen ofour interest out of t he atmosphere righ t now. We're all focusing on the D F -21.They have developed also a number of other anti - ship missiles: the DH - 10, whichhas a range of abou t 1,000 kilometers cruise missile, very f ast, very effective; theH-6 bomber carryin g a cruise missile; t he submarines launching cruise missiles.123

And there’s also the potential of h igh-speed cavit ating torpedoes. Sothe issue to me, the threat, is not ju st that the DF-21 is on e type of missile, whichhas got a lot of attention because it's, in fact, fran kly, uniq ue, and we have, ofcourse, nothing to counter it, nothing t hat eq uivalent, and we couldn't withoutbreaking the INF Treaty.But what's interest ing is in the combin ed arms context , when you seeall of these systems coming in , that's going to be a very f rightening experien ce forany sign ificant capit al sh ift within a tho usand kilometers of the Chinese mainland.And that is goin g to push us offshore. It's also goin g to hold our airb ases host age,and our allies are going to see that , an d then they're goin g to start reactin g veryuncomfort ably.MR. SOKOLSKI: Yeah. I thi nk this point about the bas es also needs tobe amplif ied . If it's fixed , it's targeted now if there's range, and they've gone andlearned the best they can from us ab ou t submunition s. So the numbers of missilenecessary to take out soft targets and even somewhat h ard target s is not thatmany.So some of it is not elegant, and that in comb ination with whatever itis they may develop could add up to denial of sea.I can tell you on e thing. The Navy is ap oplect ic about this. You go upto Newport, Rhode I sland, they t alk about this a lot and have been for the lastthree or four years. They're worried .COMMISSIONER SLANE: Do you see this evolvin g into an arms race?MR. SOKOLSKI: Well, an arms race, as I learned it in graduate school,is somethin g mecha nical. D o I see it as a rivalry? Yeah. It alread y is. It 's justone rival is working a little harder than the other in their local area, that 's all.But it's already something our Navy is very con cerned abou t.We're alread y hard ening various assets o n forward bases in thePacif ic. We're tryin g to figu re out how to operate out there. So I mean in a sensethat rivalry has already been en gaged . I don't see how it couldn't.But a race makes it sound like t it for tat, up the ante, out of control,da-da-da. I'm not so sure ab out that. I mean if you took a look at our Navybudget, I don't know how many ship s t hey're build ing, maybe not as man y fieldedas they used to. So it's not quite that kind of race; it 's something else.HEARING CO -CHAIR FIED LER: Commissioner Wortzel.HEARING CO -CHAIR WORTZEL: I wanted --well, t wo things. First of all,wouldn't it be a bet ter United States' approach to assume China h as fou r to tentimes as many warh eads, p lan accord ingly for our own f orces, and then challen geChina to d isabuse u s of that concept so that we're not read y to face 3,000warheads or 2,000.And, then, second, if the CSS -2 or DF -3 is out of the operationalChinese in ventory, what 's in Saudi Arabia? And will they be replaced or are t hose124

dual-capable nuclear and con ventional missiles?MR. SOKOLSKI: Any missile is dual cap able dependin g on h owindiscrimin ate you 'd like to be. I mean what was --the CSS-2s after all are h ard lygreat con ventional precision missiles.HEARING CO -CHAIR WORTZEL: No.MR. SOKOLSKI: That's what they have t here. So that's point one.With regard to the Larry Wortzel op - ed that we'll see in Th eWash ington Times, I would recommend Samuel Johnson's admonition , "strike itout." Here's why. I think the United States, for bette r or worse, gained areputation for cryin g wolf . We don 't n eed any more of that. I don 't thin k youhave to do that to raise wh at are absolutely legitimat e questions that needanswers.China h as made a career out of u sin g ambiguit y and silence as somekind of def ense and saying, well, this allows us to do things less provocative ly.Well, it does, but we're allowing them to do this b y not saying, this uncertaintynow is a p roblem. I think we need to b e at least willin g to say that. I don 't thinkyou'll be called to t he carp et for pointing out something that's tru e until someoneelse tells us it's not true.We need to put the burden of proof on the Chinese. I think that'senough.HEARING CO -CHAIR FIED LER: Second part of your question.HEARING CO -CHAIR WORTZEL: Well, I d on't kn ow if Phil has an ything.DR. KARBER: I guess I wou ld, I thin k Henry's political advice is right.That is on e doesn 't want to know how d ifficu lt it is. Having been subject to fairlywithering f ire --[Laughter.]DR. KARBER: --for opining that they might have something, Iunderstand how not only the amount of the incoming coming in, but the tendencyof it then to sort of creat e equivalence, or people sort of t hen dismissin g you rargument. So I thin k his point is well -taken .But I don 't like to leave it there. I think it wou ld be worthwhileaskin g. And part of the problem f ran kly is that the U.S. intelligen ce communit y isas committed to certain set s of numbers today as they were back in the SovietUnion . The reaso n I like to throw that out is becau se they weren't perfect, butthat doesn't mean t hey're wron g now. Okay.So rather than get into a huge internecine debate over A t eams and Bteams, in which I think if they h ad the eviden ce, people would call it like th ey seeit. I don't thin k they're hidin g or it's a consp iracy; I thin k t hey're calling wh atthey can see. And t hen the issue is all the ambiguity.So I thin k an intern al approach , an approach that would be prudent,would b e to say set some markers and sa y, okay, what are t hings that we would125

expect to see if that force posture is increasin g? And it 's not just the, oh , wepicked up an NSA in tercept that su ch a unit has the warhead becau se those canchange in a relat ively short matter of time.It's the lo n ger-lead er items of what can deliver nuclear weapons,what 's coming, wh at kind of trainin g is going on, and watch ing that . And I thin kby identif yin g a number of key indicat ors that wou ld allow one to t rack and say,okay, you get to this one, when t wo of these three h ave t ripped, we better startseriously thin king about what ou r options are. That wou ld be the approach .And the last thing I--MR. SOKOLSKI: By t he way, I wou ld not disagree that you n eed to dothe, not just gaming, but the intelligence n it--if you will--picking b y getting theseintelligen ce requirements dialed in through the game example might be the b estway to do it, but, yeah, I mean , sure, t hat too.DR. KARBER: The one area just where I'm disagreeing sligh tly withHenry, I like the arms race metaphor in the sense that we used it in the p eriod ofthe Cold War, and t here was the old conundrum how d o you win an arms racewithout goin g to war, and the an swer was get the other sid e to quit, and that 'swhat happened su ccessfully in the las t Cold War.What I am afraid of is going on is there is, in fact, an arms race goin gon in the Pacific an d Asia right now, an d the Chinese already know the answer toit, and that is to get us to quit, and so at some point we're going t o be confron tedwith too much expense and too large of an issue, and all of a sudden it 's goin g tobe con venient to sort of fall b ack or ab andon those allies, and that I thin k is t hegame p lan .HEARING CO -CHAIR FIED LER: Commissioner Cleveland. Second round.COMMISSIONER CLEVELAND: If we haven't yet en gaged wit h adialogue with the Russians about a st rategy, are you aware of any effort toengage with them on sharin g informat ion about wh at the Chinese might or mightnot have?MR. SOKOLSKI: Well, I think we have engaged th em a little bit on theINF question . I just think we're seized with that t reat y rat her than the biggerquestion of missiles writ large.As for what kind of intelligen ce we share with the Ru ssians and whatthey sh are with u s with regard to Chin a, I h aven ' t a clue, but my gu ess is you gotto give them a cause to do that, and I'm not sure we give them that. So it may bethat the two thin gs are related . Don't know.COMMISSIONER CLEVELAND: When you say we've given them thatcau se, I'm sorry, I'm not follow ing you .MR. SOKOLSKI: I said we have not yet given them a reason to shareintelligen ce ab out the Chinese.COMMISSIONER CLEVELAND: Becau se we haven 't sou ght it as opposed126

to the Chinese givin g them the reason t o initiat e?MR. SOKOLSKI: The Russian mi litary, as best I can tell, is seized withthe advan ced con ventional munition s and missile capabilities of China. It is on eof the reasons they argue they need nuclear weapon s in su ch large numbers in thetheater. So they get that one, but I don't know t h at they see advantage in an ykind of condominiu m with the Un ited States in pressurin g or seeking more clarityor less activit y on t he part of the Chinese. I'm not su re ab out that. I'm p rettysure judgin g from what I've heard it 's n ot been engaged .COMM ISSIONER CLEVELAND: You're taking it a step further than I was.I was simply thin kin g in terms of an exchange of informat ion, not involving theChinese, just the --MR. SOKOLSKI: Well, even in volvin g the Russians, you 'd h ave to havea reason to do an exch ange. You don 't just rock up and say how about theChinese; we've got some cards; wou ld you like to --I thin k you want to have somepublic d iplomacy d imension wh ere that exchange makes sense.COMMISSIONER CLEVELAND: Henry, you mentioned that the Chines eare arguin g that the provision of a plan t is grandfathered in the Pakistanrelationship . Can you elaborate on that, and do you view t he transfers that theChinese are engaged in with Pakistan as con sistent with ou r NSG and NPTcommitments?MR. SOKOLSKI: Well, workin g backward s, no and no.COMMISSIONER CLEVELAND: Okay.MR. SOKOLSKI: We have listen ed to various arguments about thisgrandfathering all b efore. The first t wo plants were grandfathered, you see.Now, the next t wo are. I don't know. I kind of feel like we're being nuclearchumps h ere. I thin k it 's becau se that body has become so unmanageable. We'velet too man y memb ers in that we don't think we can win this fight, that we'vedecided not to f ight it. Not hard enough.But I think that then means that we need to figure out how to tightenup the nuclear rules some other way. And we haven 't done that either. So this isnot looking good .HEARING CO -CHAIR FIED LER: Let me let Commission er Shea have thelast word this afternoon.CHAIRMAN SHEA: This is for Mr. Sokolski. This is a little off topic, butI see that you wrote a book called Getting Ready for a Nu clear - Read y Iran .MR. SOKOLSKI: I did.CHAIRMAN SHEA: Could you share with us, give us a little bit of aprimer on Ch inese assistan ce or lack of assist ance with respect to the Iran iannuclear program an d their missile tech nology capabilit ies?MR. SOKOLSKI: Well, the missiles have to do primarily with anti -shipmissiles. I'd have t o go back and get t he designation s, an d it's been awhile ago.127

The nuclear assist ance had to do something that we put in to plainsight and then win ked. Hexafluoride plant. First , we said stop it . They would n't.Then we said, well, we want to sell you nuclear reactors. We can't unless you dosomethin g. So they said , all right, we'll leave, but we have to leave them with theplans, and, of course, some people hung around.Well, we're stunned to discover that they fin ished that p lant. Thatplant is critical to t he nuclear enrich ment effort in Ir an . So that's a problem.Then we h ave one other thing that 's ou t in the open, and b y the way,I'm only telling you things newspaper readers would know. Luckily, I can'tremember an ything that's classified on this so it's okay.The second thin g is ther e's been a lot of transshipment activit y, youknow, emanat ing ou t of North Korea to places like Syria, an d we're not entirelyconvinced that the Iranian s didn't have somethin g to do wit h the Syrian effort aswell. It 's still prob ably locked up tight. May be there was no connection .Some peop le argue there was, but those transshipments occurred withthe assist ance of the Chinese, and I would think if that was the case, othertransshipments that might go from Nort h Korea to Iran might well have gotten awin k and a nod . Geography. You ju st see wh at a st raight line looks like. It 's b estto just fly over or land, and so I thin k t here's that. And certainly I mention edPakistan . Th at one is hard t o hide.CHAIRMAN SHEA: Thank you .HEARING CO -CHAIR FIED LE R: Yes, Dr. Karber.DR. KARBER: If we have ju st one minute, I'd like t o respon d to --HEARING CO -CHAIR FIED LER: Okay.DR. KARBER: --Commissioner Cleveland's question to Henry. Onething I think we need to look at is the other side of that tripolar e quation, theRussian-Chin ese thing. It's obvious that they have been sellin g the Ch inese a lotof equipment, and it's in every sin gle category of weaponry, and I won 't gothrough, but it 's huge, and the Ru ssian s have made some money on it, u sually notas mu ch as they h ad hoped becau se the Chinese end up st ealin g the design , andthe Russians say never again, and they go sell something. It goes on .[Laughter.]DR. KARBER: They deserve each other.HEARING CO -CHAIR FIED LER: Sounds like the Americans.DR. KARBER: There are a couple of thin gs that we h aven 't highlighted,both good or weird, and I thin k ou ght to get higher in the consciousness as wetalk about China in the context of tripolarit y. One is when the Chinese actuallywent on a n ational alert i n the summer of 1999, and virtually the Americans h aveignored this, and this is demon strab le in their lit erature, and of course I believethey also went on a nuclear alert .What was interestin g is they then went to the Russians, an d in either128

December of '99 or January of 2000, Pu tin came out and actually made a publicannouncement committing Ru ssian SLBMs in the Pacif ic t o China's d efense. As anobscu re comment, we kind of go wow, right. But it's interesting. It's not, itgenerally goes unrecogn ized.Now let's look at the other side. Alexei Arbatov was a lon g -timeRussian arms negotiator, a member of t heir parliament. His father ran the USAInstitute. He did a recent article wh ich he was raising Ru ssian concerns aboutChinese warh eads. He himself used the 3,000 number. I think he was probablybouncin g off me.[Laughter.]DR. KARBER: What 's interestin g, what 's interestin g is we h ave a wholeseries of Russian General Staff art icles t hat talked about Ch ina having 2,000nuclear weapon s in 1995. S o the Ru ssian con cern with a large Ch inese stockpileand their belief in it I thin k is somethin g that would give us an area t o talk ab out.Last ly, part icu larly f or those who say, oh, Chin a doesn't believe inarms control, the largest arms control agreemen t sin ce the Cold War and probablysin ce the end of World War II is bet ween Russia and Ch ina, and it's virtuallyunknown. They did a mutual forces sep aration agreement between the t wo ofthem and Kaz akh stan that involved more forces, b y my cou nt, than all of CFE.COMMISSIONER CLEVELAND: Wow.DR. KARBER: Hu ge. And both sides, an d they have annual inspection s,they have annual meetings. It's a very formal t reat y, and it was secret, as youbasically--my students had to search for months to try and finall y get a cop y of it.But it's worth looking at.And so it h as verification in it , and it h as --so it's not a one - sided, onetimedeal. So I thin k looking at this, we need to start looking at the tripolarrelationship , and there's a number of sides to that , that ot her side that I thinkwould b ehoove looking at .COMMISSIONER CLEVELAND: Who signed the agreement betweenRussia and Ch ina?DR. KARBER: I'm sorry. Who signed ? Who signed ?COMMISSIONER CLEVELAND: Th e agreement, yeah .DR. KARBER: It was Kaz akhst an, Russia and Chin a. I don 't know whosign ed for the authorities.COMMISSIONER CLEVELAND: Civilian or milit ary? I was ju st curiou s.DR. KARBER: I'll get you a cop y. Neither of the two big powersproduced it. The way we got a cop y was Kazakh stan .COMMISSIONER CLEVELAND: Kazakh stan. Interest ing. Thank you.HEARING CO -CHAIR FIED LER: Gentlemen, thank you very much.COMMISSIONER CLEVELAND: Th an k you r students, Dr. Karb er.HEARING CO -CHAIR FIED LER: We're going to take a short b re ak before129

the next panel. Five minutes.[Whereupon, a sh ort recess was taken .]130

131PANEL III: NUCLEAR FORCES AND STRATEGYHEARING CO -CHAIR WORTZEL: We're going to st art our f inal panel.The last panel tod ay will examine Chin a's nuclear forces and strate gies. We justlooked at fissile material and warheads.Dr. Mark Schneider, the first pan elist, is a Sen ior Analyst at theNational In stitute of Public Policy. Throughout a long career in the executivebranch , he specialized in missile defen se policy, nuclear weapons, det erren ce,strategic forces, arms control, and arms control verification and comp lian ceissu es.The second panelist is Dr. Phillip Saunders. He's the Direct or of theCenter for Study of Chinese Military Affairs at the National Defense U niversity,recently puttin g out a brand new publication on the Chinese Navy, and it wasexcellent, and previously he directed the East Asian Nonproliferat ion Program atthe Monterey Inst it ute of Internat ional Studies. Earlier he served as an officer inthe Air Force.Dr. Schneid er, there's a little clock there, but we try and limit it toseven minutes of testimon y so that we can get a lot of questions out.Thank you very mu ch.

132OPENING STATEMENT OF DR. MARK SCHNEIDERSENIOR ANALYST, NATIONAL INSTITUTE OF PUBLIC POLICYDR. SCHNEIDER: Mr. Ch airman, d istin gu ished members of t heCommission , I than k you for inviting me to speak before you today. This is a veryimportant top ic.I started out my st atement by quot ing t he section from one of theeditions of the Pentagon Report on Chinese Military Power, about how mu chcon cealment and deception these guys pract ice, and it 's a lot. And an y time youtalk about China, you have to keep that in mind. It 's a closed societ y, verysecretive, and it's very d ifficu lt to get information about t hem.Having said that, I t hink we h ave a reasonably accurate assessment ofwhat Chinese nuclear strategy is about, and at least some indication of whatthey're doin g in the nuclear area.Now, the first thing I was aske d to t alk about was the size of thestockp ile. I agree with Phil Karber on t his one: n obody knows. We can onlyestimate it . The est imates differ quite considerab ly. The official U.S. governmentestimate, as stated by then Prin cip al D eputy Undersecretar y of Defen se JamesMiller, was that they had a few hundred nuclear weapon s.The Taiwan ese Defense Ministry report has a substantially largernumber. They estimate the Second Artillery has somethin g on the order of 400 to,450 to 500 weapon s, and, of course, the Second Artillery is not the only nucleararmed service in Ch ina. So there's rou ghly a factor of t wo differen ce herebetween just those estimates, and, of course, you can f ind higher and lowerestimates of wh at the Chinese have.If I h ad to guess, it would b e on the upside. I think the old World WarII adage about, you kn ow, any t ime you see an intelligen ce estimate, double it andadd 30 percent is probably n ot a bad ru le of thumb.[Laughter.]DR. SCHNEIDER: So we have, I thin k a significant Chinese force, onethat is ab solutely certain to grow over the next ten or 20 y ears. How big it'sgoing t o grow, we d on't kn ow. Th at will largely be det ermined by the extent t heyMIRV the new missiles that are under d evelop ment, the sort of generat ion beyondthe DF-31, DF-31A, JL-2 missiles.A Pentagon report says the Ch inese may be in the p rocess ofdevelop ing a new M IRVed mobile ICBM . That is one of the big potential threatelements. And I think this is the same missile that's bein g referred to in the Asianpress as the D F -41.There are also lots of reports in the Asian pre ss about M IRVing thenew Chinese SLBMs, including report s of advan ced version s of the JL -2, even a JL -3, and even a t ype 96 submarine. So t here's a lot of potential for upsize increase

in Chin ese cap abilit y in that area.As for the Chin ese n uclear doctri ne, I think we know a lot less ab outthat than say we kn ow ab out the Ru ssians. I believe that most elements of wh atthey call their nuclear doct rine in their white p apers is essentially politicalpropaganda. It's not real.Their no first u se formulat ion doesn 't commit them t o an ything. Imean they literally cannot violate it , and actually Dr. Wortzel, I thin k, did the firstgood analysis on this, and when I saw h is stuff and actually looked at it in detail,he was completely on the mark. There is no wa y you can violate that statementeven if you u se nuclear weapon s first .So, the other thing I felt that was sort of humorous, when theypublished or at least they published their so -called "nuclear doct rine," I thin k itwas a 2006 edition of their Wh ite P aper, if you go back to the 2004 edition , it 'stheir arms control section . So it's not real as a nuclear doctrine.The idea of what --t heir "self -defense counter attack" is amultipurpose prop aganda formulat ion t hat they have applied frequently whenthey have in itiated milit ary action, in cluding the fairly large -scale invasion ofNorth Vietnam in the late 1970s.I don't have very much time so let me go through this as q uickly as Ican . They are certainly working on missile d efense p enetration aid s and devices.There's not mu ch on this in the op en sources. Perhap s the best thin g is theDefense Review rep ort of a few years ago, which actually t alks ab out some of thetechniques that they are usin g to penet rate missile d efense.If you 're really intereste d in this, I wou ld ask the Missile D efenseAgen cy to give you a classified brief ing becau se I simply can't elaborate on thathere.In terms of sort of t heir hidden doctrin e, the Kyodo News Agen cy lastyear said it obtained classified Chinese documents whi ch t hey said they wouldadjust the nuclear u se threshold in t ime of war to permit first use. I thin k that'squite credible. As a matter of fact, I believe it's --I don't kn ow for sure, but I t hinkit's on e of the books that Phil Karb er mentioned earlier, the Science of the SecondArtillery Campaign , which is extremely revealin g. It has three, actually four,instan ces wh ere they would u se nuclear weap ons first, and three of the four areconsistent with no f irst u se.It also says that they're directed to m aintain the capabilit y oflaunch ing a nuclear first strike any t ime during a conflict.On tactical nuclear weap ons, I thin k they've got a lot more thanthey're gen erally given credit for. Th e Pentagon report this year, or last year,said that the D F -21D, now that's the anti -carrier missile, has a nuclear option onit, and I have Ch inese sou rces that say the same thing. So that's, if there's su ch athing as a tactical n uclear weapon , something design ed to attack a n aval ship, it's133

certainly it . And I t hink they've got a lot more than that .They're continuin g, at least the reports, that they're contin uingnuclear test ing. I think that 's con sistent with the modernization program that isgoing on today.And they announced several years ago, they are in the process ofbuilding a missile d efense system, and it's t reated to some degree in the lat estedition of the Pentagon report . Richard Fisher, some of h is work, is pretty goodon this in terms of what they're actually doin g.Again , to su m this u p, when you look at Chinese nuclear forces anddoctrin e, you have t o put this in the context of their overall defen se strategy andmilit ary build -up. It's not isolated. An d I thin k it 's very much a part of the sametroublesome pattern of double digit defense in c reases for 20 years, and I thin kwe're goin g to see more of that in the future.Thank you .134

135PREPARED STATEMENT OF DR. MARK SCHNEIDERSENIOR ANALYST, NATIONAL INSTITUTE OF PUBLIC POLICYMarch 26, 2012Dr. Mark B. SchneiderSenior Analyst, National Institute for Public PolicyTestimony before the U.S.-China Economic and Security Review CommissionHearing on “Developments in China’s Cyber and Nuclear Capabilities”Mr. Chairman and Members of the Commission, thank you for inviting me to speak to you today onwhat I believe is a very important subject – the nuclear forces and policies of the People’s Republic ofChina.The annual Pentagon report on Chinese military power has observed that, “From Beijing’s perspective,strategic ambiguity--including strategic denial and deception--is a mechanism to influence the policiesof foreign governments and the opinions of the general public and elites in other countries.” 1 Yet wetend to ignore this when looking at China. China is still a dictatorship and, as such, it is hard to obtaininformation on official Chinese policy and doctrine. Having said this, I believe we understand the coreelements of the PRC’s policy related to nuclear forces although we are far from understanding all thedetails.We must remember that Chinese nuclear weapons policy is a subset of a broader national securitypolicy. The Chinese seek to shift dramatically the balance of power in its favor, while reducing theprospect of an enhanced security response by those nations that are threatened by the Chinese militarybuildup which has seen double digit increases in its expenditures for all but one of the last twenty years.Until recent (late 2010) announcements starting in December 2010 made by the Russian Federationconcerning expanding its nuclear forces, China was the only member of the P-5 which was openlyincreasing its nuclear forces. Moreover, the Chinese nuclear buildup and modernization must be seen inthe context of the more than 80% reduction in U.S. nuclear forces since the end of the Cold War and theend of significant U.S. nuclear force modernization programs in the 1990s. Had China done absolutelynothing during the past twenty years, its relative position vis-a-vis the U.S. would still have improved.Instead, it has been expanding and modernizing its nuclear forces.I was asked to comment on the size of the Chinese nuclear arsenal. No one knows for sure other thanthe Chinese. We can only estimate its size. In testimony before the House Armed Services Committeein November 2011, then-Principal Deputy Under Secretary of Defense James Miller stated that theChinese nuclear arsenal is estimated to be a few hundred weapons. 2 The Government of Taiwan’s1 “FY04 REPORT TO CONGRESS ON PRC MILITARY POWER Pursuant to the FY2000 National Defense AuthorizationAct,” Washington D.C. U.S. Department of Defense, 2004, available at: .2 “STATEMENT OF DR. JAMES N. MILLER PRINCIPAL DEPUTY UNDER SECRETARY OF DEFENSE FORPOLICY BEFORE THE HOUSE COMMITTEE ON ARMED SERVICES NOVEMBER 2, 2011,” p. 1, available at:http://armedservices. house.gov/index.cfm/files/serve?File_id=faad05df-9016-42c5-86bc-b83144c635c9

136estimate of the Chinese nuclear arsenal is higher. In 2011, the Taiwan's Defense Ministry estimated thatChina’s Second Artillery had between 450 and 500 nuclear weapons. 3 The total number of nuclearweapons would, of course, be higher because the Second Artillery does not control the nuclear weaponsof the Naval or the Air Forces. (The 2008 Chinese defense White Paper says that the “Second ArtilleryForce will use nuclear missiles to launch a resolute counterattack against the enemy either independentlyor together with the nuclear forces of other services.” 4 ) A 1999 study by the Carnegie Endowmentestimated that China had 450 nuclear weapons. 5 In November 2007, Duncan Lennox, editor of Jane’sStrategic Weapons Systems stated, “It would not surprise me to learn that the actual figure [for Chinesenuclear weapons] today is around 400 to 500 and that this will increase to around 700-800 over the nextdecade.” 6 Russian estimates of China’s nuclear arsenal are generally much higher than those of theUnited States. I suspect that the Taiwan estimate is more accurate than our own and we are currentlyunderestimating the likely scope of the Chinese nuclear program over the next two decades.I was also asked to comment on the reasons why China would conceal the true size of its nucleararsenal. Specifically the question read: “If a nation’s objective is deterrence, why would that nationconceal the existence of a larger nuclear arsenal?” I believe it is necessary to keep in mind that Chineseobjectives are more than simple deterrence. Warfighting plays a significant role in Chinese strategy anddenial, deception, and surprise are a major part of warfighting. There are actually many reasons forconcealing the size of China’s nuclear arsenal: 1) China is not threatened by any attack, nuclear orotherwise, at this time and, hence, has no reason to declare fully its nuclear forces for deterrencepurposes; 2) Covert nuclear forces are likely to be more survivable and have greater tactical surprisevalue if used; 3) Revealing the plans for the buildup of Chinese nuclear forces over the next decadewould have no near-term benefit for China; 4) Hiding a large buildup of Chinese nuclear forces willlikely reduce the prospects of either countervailing action on the part of the United States, and possiblyeven Japan, or at least reduce the probability that the U.S. will not make further unilateral reductions;and 5) Since China prefers to talk openly about arms control and reductions by others rather than engagein such negotiations involving its own forces. Chinese secrecy on the scope of its nuclear buildupreduces the prospect that China might be forced to participate in a multilateral version of the NewSTART Treaty, as Russia has suggested.If U.S.-China relations degenerate to the point of a major crisis where China would want to enhance itsnuclear deterrent capability, China could reveal the extent of it nuclear capability at a time of itschoosing. There is simply no need to do this today.With regard to tactical nuclear weapons, concealing the existence of various weapons can have greattactical value. If the existence of a specific type of tactical nuclear capability is known, the scope of the3 “Section 2 PRC Military Capabilities and Threats,” Taipei: Republic of China, Ministry of National Defense, 2011,available at: .4 “China's National Defense in 2008.” Beijing: Information Office of the State Council of the People's Republic of China,January 2009, available at: .5 China’s Changing Nuclear Policy, A Reaction to the South Asian Nuclear Tests, Washington: D.C.: Carnegie Endowmentfor International Peace, 1999, available at: .6 Duncan Lennox, “Unravelling a Chinese puzzle,” Jane’s Defence Weekly, November 07, 2007.

threat can be mitigated by tactics, modes of deployment of military capabilities and nuclear hardening ofmilitary equipment. If the existence of these capabilities is successfully hidden, none of this is likely tohappen.I do not think the availability of fissile material will be a significant constraint on China. It isnoteworthy that a declassified 1984 DIA report estimated that China had 150-160 nuclear weapons asfar back as 1984 and concluded “the number of warheads is not restricted by Chinese materialsproduction, but on what the Chinese perceive their needs to be.” 7 With the massive Chinese nuclearenergy program now underway, China should be able to produce as many nuclear weapons as needed.Republican Senators on the Foreign Relations Committee in their report on the New START Treatyestimated that the Chinese nuclear force would grow to 600-1,000 weapons over the next decade. Ibelieve we ought to take this assessment seriously. Even a thousand weapons may underestimate thescope of the Chinese nuclear force 10 or 20 years from now.There is nothing unusual about hiding the full extent of one’s nuclear capability. The Soviet Union didthis. After the end of the Cold War, we found out that the Soviet nuclear arsenal was much larger thanwhat we believed it to be during that period.The PRC is currently increasing its strategic nuclear forces, both qualitatively and quantitatively. TheDirector of National Intelligence, retired General James Clapper, has said that China’s nuclear forces area “mortal threat” to the United States. Indeed, China is preparing for a war against Taiwan, which itbelieves may require it to fight the United States and possibly Japan. While China would certainlyprefer “winning without fighting,” Chinese generals have repeatedly threatened nuclear war overTaiwan. Moreover, Chinese strategic objectives go well beyond Taiwan.137According to the Pentagon, China is deploying two new intercontinental ballistic missiles (ICBMs) theDF-31 and DF-31A, developing a new submarine-launched ballistic missile (SLBM) (the JL-2), buildinga new type of ballistic missile submarine, at least six of which will reportedly be deployed. Taiwanconfirmed the reported successful launch of JL-2 SLBMs in December 2011; this development willprobably result in the relatively early deployment of these missiles.In 2011, the Pentagon report on Chinese military power said China has between 55-65 ICBMs.Taiwan’s Defense Ministry estimated that in 2011 China had over 180 “strategic missiles.” 8 It did notdefine “strategic missile,” but there still appears to be a significant difference in the numbers estimatedby the Pentagon and by Taiwan.The Chinese deploy mobile ballistic missiles which are protected by hard and deeply buried tunnelfacilities. There is no doubt about this. Such facilities are very difficult to destroy. A recent study byGeorgetown Professor Philip Karber has concluded that there is an absolutely massive network of7 “Nuclear Weapons Systems in China,” DIA, Defense Estimate Brief, April 24, 1984, available at:

138tunnels that could conceal a much larger strategic force than the Pentagon estimates to be the case. 9The extent of the deployment of multiple independently targetable warheads (MIRVs) on its newmissiles will have an enormous impact on the size of the Chinese strategic force over the next 10-20years. The Pentagon report has discussed Chinese development of MIRVs and China is reportedlydeploying them on modernized versions of its CS-5 ICBMs. 18 According to the most recent Pentagonreport on Chinese military power, the PRC may be developing a new road-mobile ICBM, “possibly”capable of carrying a multiple independently targetable warhead (MIRV). This is apparently the missilethat is referred to as the DF-41 in the Asian press. Jane’s reports that it may carry up to 9-10 warheads.There are reports in the Asian press that China plans to MIRV its SLBMs heavily -- as many as 576warheads on six submarines -- although no time frame is reported. 19 There are reports of a number ofadvanced versions of the JL-2 and the JL-3 SLBMs which may be references to the same missile ormodifications of the same missile. 20The Pentagon report on Chinese military power has long said there were a wide variety of advancedstrategic missile related research and development programs. The 2011 report reads:China is also currently working on a range of technologies to attempt to counter U.S. and othercountries’ ballistic missile defense systems, including maneuvering re-entry vehicles, MIRVs,decoys, chaff, jamming, thermal shielding, and anti-satellite (ASAT) weapons. PRC officialmedia also cites numerous Second Artillery Corps training exercises featuring maneuver,camouflage, and launch operations under simulated combat conditions, which are intended toincrease survivability. Together with the increased mobility and survivability of the newgeneration of missiles, these technologies and training enhancements strengthen China’s nuclearforce and enhance its strategic strike capabilities. 21In addition to strategic systems, China has a variety of medium- and intermediate-range ballisticmissiles. Aviation Week reports that China has announced that its new 4,000-km range ballistic missilewill be nuclear capable. 22 In general, China tends to deploy nuclear variants of many of its ballistic9 William Wan, “Georgetown students shed light on China’s tunnel system for nuclear weapons,” The Washington Post,November 29, 2011, available at: .18 Gennadiy Nechayev, “In Order To See Better,” Moscow Vzglyad Online, April 9, 2010. Translated by Open SourceCenter Doc. ID: CEP20100412358009.19 Mark Schneider, “The Nuclear Doctrine and Forces of the People's Republic of China,” Comparative Strategy, July 1,2009, p. 259, available at: .:20 Ibid.: Toronto Kanwa Asian Defense Review Online, September 1, 2011. Translated by Open Source Center Doc. ID:CPP20111103715031.21 ANNUAL REPORT TO CONGRESS Military and Security Developments Involving the People’s Republic of China 2011,Washington D.C.: U.S. Department of Defense 2011, p. 34, available at: .22 Bill Sweetman and Richard D. Fisher, Jr., “Air Sea Battle Concept Is Focused On China,” Aviation Week, April 7, 2011,available at: .

missiles that are generally thought of as conventional. An official at Taiwan’s Defense Ministry hassaid that the Chinese M-11 missile “can fire a variety of warheads ranging from nuclear and chemicalwarheads to electromagnetic pulse warheads.” 10 According to the Japanese Defense Ministry, the DF-21 medium-range ballistic missile can carry a nuclear warhead. 11 The 2011 Pentagon report on theChinese military revealed that the DF-21D, China’s anti-ship ballistic missile, was part of China’snuclear deterrent force. 12 The Chinese DH-10 ground-launched cruise missile is assessed by the AirForce National Air and Intelligence Center as capable of delivering either a conventional or a nuclearwarhead. 2313Qing Tong, writing in 2002 in a Hong Kong journal which reportedly has close ties to the PRC military,stated, “China has achieved progress by leaps and bounds in its tactical nuclear weapons, makingnuclear weapons practical and facilitating their use in future high-tech, local wars.” 14 In 2002, Russianofficers Lieutenant Colonel O. Moiseyenkov and Captain 1st Rank A. Smolovskiy wrote that China had“tactical missile warheads and artillery rounds.” 2415According to Richard D. Fisher, Jr. and Bill Sweetman of Aviation Week, “Chinese sources havereferred to future DF-25/26/27 missiles: One may be the new 4,000-km missile. Future PLA [People’sLiberation Army] medium- and short-range ballistic missiles and cruise missiles will be faster and moremaneuverable to counter defenses.” 16 The Hong Kong publication Chien Shao, in an article about anewly promoted Political Commissar of the Second Artillery Corps, reported that he was involved withthe “speeding up [of] the research and development of the new Dongfeng 51 (DF-51) missile.” 17 Otherthan the designators, there is no publically available information on these missiles.13910 “Taiwan Report on PRC Missile Buildup to Deter U.S. Forces,” Taipei Taipei Times, May 7, 2001. Transcribed in OpenSource Center Doc. ID: CPP20010507000114.11 ANNUAL REPORT TO CONGRESS Military and Security Developments Involving the People’s Republic of China 2011,op. cit. p. 34.: “Defense of Japan 2011,” part, 1, page 78, available at: .: “Short-range Campaign Tactical Missiles Deployed in Guangdong,”Toronto Kanwa Asian Defense Review Online, September 1, 2011 Transcribed by Open Source Center Doc. ID:CPP20111103715037.12 Ibid.13 “BALLISTIC AND CRUISE MISSILE THREAT,” NASIC-1031-0985-09, p. 29, available at:

Retired Russian Colonel and Member of the Russian Academy of Military Sciences Yuriy Sumbatyanwrote that “as many as 500 or 600” of Chinese combat aircraft “are capable of carrying nuclearweapons.” 18 Until recently, most of these were relatively short-range aircraft. However, starting in the1990s, the Chinese began the introduction of Su-27 and Su-30 Russian heavy fighters. Reportedly,China has a regiment of H-6 bombers devoted to the nuclear mission. 19 The large J-20 stealth fighter isan obvious candidate for a nuclear strike system. There are reports from China that it is developing astealth bomber which is referred to either as the H-8 or the H-10. 20140Over the past two decades China has continued to develop nuclear weapons. China prepared for thecessation of high-yield nuclear testing by staging a series of underground nuclear tests in the 1990s. YuMin, described in Xinhua as the “architect of the country’s first H-bomb,” claims that China’s keynuclear capabilities are “on a par with the United States and the former Soviet Union.” 21 This is clearlyan exaggeration, but China appears to be working diligently to close the gap. Xue Bencheng, one of themost important scientists involved in the development of China’s neutron bomb, stated that the July1996 Chinese nuclear test was “a great spanning leap” because it solved the problem of nuclear weaponsminiaturization. 2522 Critically China’s nuclear weapons technology has been augmented by large scaleespionage against the United States. The Chinese nuclear arsenal reportedly includes fairly advancedthermonuclear warheads, enhanced radiation weapons, and other tactical nuclear weapons, includingnuclear artillery and antiship weapons. 23The House Intelligence Committee concluded that after the declared end of Chinese nuclear testing,“nuclear tests related to development of the PRC’s next generation of thermonuclear warheads may becontinuing at the PRC test site at Lop Non Nor.” 24 In May 2006, Chinese Defense Today also reportedpossible “low yield nuclear tests” after the declared end of testing.Chinese nuclear doctrine is hidden beneath significant quantities of what I believe is politicalpropaganda, most notably a pledge of “no first use” of nuclear weapons. The two major elements ofwhat they call their nuclear doctrine are: 1) supposed no first use of nuclear weapons and 2) the “selfdefense counter attack”.18 “Sumbatyan discusses a ‘modernizing’ People’s Liberation Army,” Moscow Voyenno-Promyshiennyy Kuryer, June 30,2004. Translated in Open Source Center Doc. ID: CEP20040701000368.19 Andreas Rupprecht, “The Dragons’ Wings,” Air Combat, February 2012, p. p. 63.20 “Xian H-8 Chinese Stealth bomber,” available at:.:“China's H-10 stealth bomber secret flight - can carry nuclear bomb,” China Arsenal, December 7, 2009,available at: .21 “PRC Nuclear Weapons Researcher Comments on Development of H-Bombs,” Beijing Xinhua, December 21, 2005.Transcribed in Open Source Center Doc. ID: CPP20001221000097.22 PRC Chief Engineer of Neutron Bomb Interviewed on Nuclear Weapons Development,” Chengdu Sichuan Ribao, June 11,2001. Translated in Open Source Center Doc. ID: CPP20010613000011.23 “Report of the Select Committee on U.S. National Security and Military/Commercial Concerns with the People’s Republicof China,” available at:.24 Report of the Select Committee on U.S. National Security and Military/Commercial Concerns with the People’s Republicof China, Volume I (unclassified), May 1999, pp. 69-76 and 241.

141With regard to “no first use,” a careful look at the Chinese wording of China’s “no first use” policyreveals that it commits them to nothing. 25 The Pentagon report on the Chinese military states, “there issome ambiguity” over the conditions under which China’s “no first use” policy would apply, “includingwhether strikes on what China considers its own territory, demonstration strikes, or high altitude burstswould constitute a first use.” 26 The Kyodo News Agency revealed that it obtained classified Chinesedocuments which say that China “will adjust the nuclear threat policy if a nuclear missile-possessingcountry carries out a series of air strikes against key strategic targets in our country with absolutelysuperior conventional weapons…” 27 Chinese generals also threaten nuclear attacks against the U.S. if itcomes to the aid of Taiwan.Significantly, China’s Arms Control Ambassador once said that “no first use” does not apply to aconflict over Taiwan. Indeed, Chinese nuclear doctrine has evolved toward “active defense,” whichimplies a nuclear warfighting component.An interview with Chinese Major General Cai Yuqiu, Vice Principal of Nanjing Army CommandCollege, published in Ta Kung Pao, an internet version of a PRC-owned daily newspaper, reported “CaiYuqiu said that he really appreciated the four sentence fight principle by Mao Zedong, i.e., we will notattack unless we are attacked; if we are attacked, we will certainly counter-attack. As to whether we willuse nuclear weapons first, the above principle can also be followed. If we have been repeatedly‘attacked,’ then there should not be a limit for our counter-attack.” 28 Writing in January 2005, ColonelWen Shang-hsien of the Taiwan military noted that after the year 2000 the PRC adopted a nucleardoctrine which allowed for ‘a preemptive strike strategy’ under which the PRC would use “its tacticalnuclear weapons in regional wars if necessary.” 29 As one Hong Kong newspaper put it, this means thatthe People’s Liberation Army will “launch the first strike when the enemy starts a military buildup orprepares for a strike in order to destroy all possible military targets and war forces.” 30“Self defense counter attack” is a multipurpose formulation the Chinese use to describe most instanceswhere China has initiated the use of force, which is almost always the case. It is worth noting that Chinadescribed its 1962 invasion of India as “self defense counter attack”. 31 China described its border war25 “Opinion: The Trouble With China’s Nuclear Doctrine,” Jane’s Defense Weekly, February 22, 2006, available at:.26 ANNUAL REPORT TO CONGRESS Military and Security Developments Involving the People’s Republic of China 2011,op. cit. p. 3427 “Chinese Military Yes Preemptive Nuclear Attack in Event of Crisis,” Kyodo News Agency, January 5, 2011, available at:.28 Wu Pin, “Military Scholar on Tactics Views Defense Issue,” Hong Kong Ta Kung Pao Internet Version, August 1, 2007.Translated in Open Source Center Doc. ID: CPP20070806710004.29 Colonel Wen Shang-hsien, “An Investigation into the Impact of the PRC’s Use of Nuclear Weapons on both Taiwan andthe PRC,” Taipei Ho-sheng-hua Fang-hu Pan-nien-k’an, January 1, 2005. Translated in Open Source Center Doc. ID:CPP20071030312005.30 “‘Great Wall Project’ Said To Deter Taiwan Independence,” Hong Kong Sing Tao Jih Pao, November 26, 1999.Translated in Foreign Broadcast Information Service Doc. ID: FTS19991227000170.31 Cheng Feng and Larry M. Wortzel, “PLA Operational Principles and Limited War,” in Mark A. Ryah, David M.Finkelstein and Michael A. McDevott. Chinese Warfighting, The PLA Experience Since 1949, Armonk NY: M.E. Sharpe,2003, p. 181.:“Sino-India Border Self-Defense Counter-Attack Battle 1962, “ Orbat, April 7, 2002, available at:

with the Soviet Union in 1969 as a “self defense counter attack.” 32 It also described its 1979 invasion ofVietnam as a “self defense counter attack.” 33The Congressional Commission on the Threat to the United States from Electromagnetic Pulse(EMP) reported, “China and Russia have considered limited nuclear attack options that, unlike Cold Warplans, employ EMP as the primary or sole means of attack.” 34 The 2005 Pentagon report on Chinesemilitary power observed, “Some PLA theorists are aware of the electromagnetic effect of using a highaltitudeelectromagnetic pulse (HEMP), and might consider using HEMP in an unconventional attack,believing that the United States and other nations would not consider it as a use of force and a crossingof the nuclear threshold.” 35 A Congressional Research Service report by Ronald O’Rourke concludedthat a U.S. naval force coming to the aid of Taiwan against a Chinese attack would have to be preparedfor use of nuclear weapons and EMP because “China could also use a nuclear-armed ballistic missile todetonate a nuclear warhead in the atmosphere to create a high-altitude electromagnetic pulse (EMP)intended to temporarily or permanently disable the electronic circuits of U.S. or other civilian andmilitary electronic systems.” 36142Based on my research, I believe China will use nuclear weapons first if they think it in their nationalinterest to do so.According to the 2004 White Paper of the Chinese Defense Ministry, the “Chinese people and armedforces will resolutely and thoroughly crush it [Taiwan’s independence] at any cost.” 37 (Emphasisadded). In the words of Yan Xuetong, Director of the Qinghua University Institute of InternationalAffairs, “so long as China is ready to achieve reunification at all costs, the United States will considerwhether it is necessary to support Taiwan at the price of a nuclear war.” 38We should not mirror image Western views about nuclear weapons onto the Chinese. Indeed, in March2012 China’s official news agency reported, “After being briefed by Liang Xiaojing, an officer from thePLA Second Artillery Corps, [President] Hu said the PLA Second Artillery Corps shoulders missionsthat are important for the country, and he expected officers like Liang to play an active role inhttp://orbat.com/site/history/historical/china/sinoindia1962.html>.32 Vivian Yang, “Days Without Whites,” Co/ASIS, available at: .33 Michael D. Swain and Ashley T. Fellis, Reinterpreting China’s Grand Strategy, Past Present and Future, Santa Monica:Rand Corporation, 2000, p. 77.34 Report of the Commission To Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack, Volume 1:Executive Summary, 2004, available at: .35 The Military Power of the People’s Republic of China 2005, Washington D.C.: U.S. Department of Defense, 2005, p. 40available at: .36 Ronald O’Rourke, China’s Naval Modernization: Implications for U.S. Navy Capabilities – Background and Issues forCongress, Washington D.C.: Congressional Research Service, November 18, 2005, p. CRS-15.37 Xinhua: ‘Full Text’ of White Paper titled “China’s National Defense, 2004,” Beijing Xinhua, December 27, 2004.Transcribed in Foreign Broadcast Information Service Doc. ID: CPP200412270000034.38 Beijing Scholar: China Should Contain Taiwan Independence by Force,” Singapore Lianhe Zaobao, November 28, 2003.Translated in Open Source Center Doc. ID: CPP20031130000033.

143ideological mobilization to prepare for military actions.” 39nuclear weapons policy.Ideology is still a major element of ChineseMao’s extreme views about the acceptability of hundreds of millions of dead Chinese is still influencingviews in China. For example, in 1996, Lieutenant General Xion Guangkai, then a Deputy Chief of thePRC General Staff, made an implied threat to destroy Los Angeles in the event of a conflict overTaiwan. 40 He was also quoted as saying that to prevent Taiwanese independence, “China was preparedto sacrifice millions of people, even entire cities in a nuclear exchange.…” 41 In 2005, Chinese MajorGeneral Zhu Chenghu threatened nuclear first use against the United States in which, “We Chinese willprepare ourselves for the destruction of all of the cities east of Xian….Of course, the Americans willhave to be prepared that hundreds of cities will be destroyed by the Chinese.” 42 No Western militaryleaders make threats like this. Will the Chinese act on such a basis in a crisis? I can’t get into theirheads and neither can anyone else.China is most likely to initiate the use of nuclear weapons if it is being defeated in warfare – such asduring a Taiwan scenario or because of the scale of damage from conventional precision guidedmunitions.China announced years ago that it was going forward with ballistic missile defense. China’scommitment to missile defense was reiterated in the 2010 defense white paper which linked missiledefense to its broader strategy of “Active Defense”: “The PLAAF [Peoples Liberation Army Air Force]is working to ensure the development of a combat force structure that focuses on air strikes, air andmissile defense, and strategic projection, to improve its leadership and command system and build up aninformationized, networked base support system.” 43 The 2011 edition of the Pentagon report on Chinesemilitary power detailed Chinese missile defense efforts.China is proceeding with the research and development of a missile defense umbrella consisting ofkinetic energy intercept at exo-atmospheric altitudes (>80 km), as well as intercepts of ballistic missilesand other aerospace vehicles within the upper atmosphere. In January 2010, China successfully39 “Hu Jintao meets PLA officers, professionals,” Xinhua, March 12, 2012, available at: .40 Patrick Moore, “Asia: China Becoming a Regional Military Threat?” July 22, 2005, available at: 41 Quoted in Keith Payne, The Fallacies of Cold War Deterrence and a New Direction, Lexington: University of KentuckyPress, 2001, p. 128, available at: .42 Jonathan Watts ,”Chinese general warns of nuclear risk to US,” The Guardian, July 15, 2005, available at: .43 “Full Text: China's National Defense in 2010 (1),” Xinhua: ‘Full Text’ of China's National Defense in 2010, BeijingXinhua, March 31, 2011. Transcribed by Open Source Center Doc. ID: CPP20110331968049.

intercepted a ballistic missile during its mid-course phase of flight, using a ground-based missile. 44According to Richard Fischer and Bill Sweetman, China is developing, “A new air- and missile-defenseinterceptor family, sometimes called the HQ-19 (HHQ-26 for the naval version), [which] reportedly hasperformance goals similar to the 400-km Russian S-400.” 45 Longer range radars could upgrade thissystem into one capable of intercepting ICBMs. In February 2012, the Hong Kong Wen Wei Po Online,which is owned by the PRC, reported Chinese interest in buying the Russian S-400 and quoted “HongYuan, a famous military science scholar in Beijing” to the effect that “possessing S-400 will play animportant role in enhancing China’s missile defense and air defense, but as the missile system has notbeen tested in actual operations, its technical parameters have yet to be verified in contemporarywars.” 46 It also reported, “The purchase of S-400 will play an important role in enhancing China’smissile defense and air defense power, especially being of high reference significance for intermediaterangeto long-range missile defense.” 47 There is nothing unusual about the Chinese buying a Russiansystem and attempting to develop a Chinese counterpart with similar or improved capabilities.The PRC’s nuclear threat is serious not at least because it is in the context of a general military buildupthat is aimed at combating the United States and enabling the expansion of Chinese power in the Pacific.With the demise of the Soviet Union, the PRC ceased to face any serious national security threat. Chinais beginning to throw its weight around and its actions have generated serious security concerns in theFar East. At this moment, Taiwan is not on the front burner but that could change quickly. No othercountry has increased its military spending by double digits for twenty years with the intent of a“peaceful rise”?14444 ANNUAL REPORT TO CONGRESS Military and Security Developments Involving the People’s Republic of China2011, op. cit. p. 32.45 Fisher, Jr. and Sweetman, “Sizing Up China’s Military Capability,” op. cit.46 Wang Hsiao-hsueh, “Expert Interpretation: Purchase of Russian S-400 Missiles Will Enhance China's Missile Defense,”Hong Kong Wen Wei Po Online, February 27, 2012. Translated by Open Source Center Doc. ID: CPP20120227787011.47 Ibid.

145CHAIRMAN SHEA: T hank you very mu ch .Phil.OPENING STATEMENT OF DR. PHILLIP C. SAUNDERSDIRECTOR, CENTER FOR STUDY OF CHINESE MILITARY AFFAIRSNATIONAL DEFENSE UNIVERSITYDR. SAUNDERS: Th ank you for the opportunity to testif y today.I do direct the Center for the Study of Chinese Military Affairs at NDU,but what I'm goin g to say today are my own personal views, not those of ND U, theDepartment of Defense or the admin ist ration .I thin k it 's worth st arting wh y does China have nuclear weapons?They felt they had a lot of polit ical valu e. They felt they had been vulnerable t oU.S. nuclear blackmail in multip le in stances, and as Mao Zedong put it, "whatothers have, we mu st have."So they do f eel there's value to them, but primarily in counteringnuclear attack, in countering, in deterring nuclear attack and counterin g coercion.And havin g nuclear weap ons does raise a state's status, but there isn 't mu ch inChinese writings that says anything ab out numbers mattering a lot or a largerforce really con veying prest ige or other benefits.And they seem to b elieve that one or a very few nuclear weaponsstrikin g somebod y's homeland is enou gh to achieve strat egic deterren ce.People often talk about China's nuclear strategy as a minimaldeterrent focused on a small numb er o f weap ons to deliver punitive counter valuerespon ses to an ad versary's f irst strike. As you parse that out, that mean s thelowest number of d amage necessary to prevent attack --a f ew missiles.This started out as somethin g that's technologically driven i n terms ofChina only having a limit ed first air -delivered cap ability and then very crude ICBMcapab ilit y so there were technological const raints.But there was also political guid ance given, especially by Mao Zedong,which has continued to shape both the formal p olicy but more to the point theoperation al doctrin e and the campaign planning that the Second Artillery, inparticular, uses in st ead.You've had some of the comments on the White Pap er. I gu ess I wouldnot agree with dismissing it. I thin k it does present some of the basic principles,and just to paraphrase: the goal of det erren ce and preven ting nuclear coercion; ano-first u se policy; the goal of eventual elimination of weapons; and adeterminat ion not t o engage in nuclear arms races.And if you p arse those thin gs out, they don't necessarily dictate a

precise force stru ct ure. I would argue that they are relative, and it's relative towhat an adversary h as, and that's how you have to think ab out it. So what does a"lean and effective nuclea r force" talked about in the Whit e Paper mean, how youtranslate that into f orce posture, it 's n ot clear.But I think about it and Chinese writin gs thin k about it in t erms of asurvivable force, on e that can survive a nuclear first st rike through somecombin ation of mob ilit y, dispersal, camouflage, operational resilience, tunneling,as you heard in the last section, and then be able to launch a big enou ghretaliatory st rike to penetrate defen ses and inflict unaccep table damage.So if you thin k abou t what it mean s, it depends signif icantly on what apotential ad versary's intelligence, conventional p recision strike, nuclear st rike,and anti-submarine capab ilit ies and missile d efense cap abilities are. So it's arelative thin g, and you have to thin k about it that way.Ambigu ity does p lay a role, esp ecially in the early days of China'sdeterren ce. They felt their deterren ce rested on an adversary not bein g ab le tobe sure you could get all of Chin a's weapons. So ambiguit y does play a significantrole. I wou ld say that's somewh at true with ICBM s. It 's a lot more true withshorter range systems, and, in p articular, in the '70s and '80s, we really d idn'thave mu ch of a clue whether they had t actical nuclear weapons. Th ey clearly didbecau se they dropped some f rom an airplane, but whether they were in the force,if you look at the d eclassified estimates, it 's just not clear.Where they are now is mod ernizin g from a first gen eration force ofcave and silo-based ICBM s to a second generat ion force that is solid -fueled , t hatis mob ile, that's mu ch more survivab le, and as was mentioned, lookin g evenforward to a third generation force that may be mobile an d MIRVed, whichrequires a mu ch smaller nuclear warhead to get there.I thin k our best hard informat ion on this, wh ich is informed byclassified U.S. government analysis, is the Pentagon Chin a Report which talks interms of ICBMs, in 2010, of about 21 first gen eration, about 30 secondgenerat ion, and in 2011, of 55 to 65 ICBMS.There is also modernization of the n u clear submarine force. The firstsubmarine is ready. The missiles have had some p roblems in the testin g anddelivery of it, and so you're looking at that as somethin g t hat's not quite read y tocome on line, but p robably a force of at least t wo to f ive s ubmarines. Those willcarry t wo SLBMs each, and if you add t hat up, it's a significant expan sion of t henumber of ICBMs that can h it the U.S.There are also regional forces, but I won't dwell on them. And I thin kyou're seeing qualit ative improvements a s well, in cluding a lot of effort s topenetrate U.S. missile defenses. We can talk about that lat er if you would like.A key question is, okay, I talked about t he policy, I t alked about theforce stru cture, is t his consistent with their doctrinal mat er ials; is it con sisten t146

with their trainin g? That's wh at we have to look at to judge this, and I think t hebest analysis of this, includin g lookin g at Scien ce of Secon d Artillery Comman dCamp aigns, wh ich is classified as a top secret Chinese docu ment, find s that thereis a lot of compat ibility there with what the stated principles are and with whatthe trainin g is.They're trainin g in an environment that they assume there has been anuclear st rike. They're training to survive in that kind of environ ment, and itdoes seem fairly consistent, and one key findin g from the academic literature isthat a lot of the guidance, the polit ical guidan ce, still seems to apply and beconsistent with this doctrin e.I thin k there are concern s about the no -first u se piece of t his, not somuch that the training is inconsistent, b ut that they worry, for example, about aconventional strike on their nuclear arsenal, and I thin k you've seen Chinesemilit ary officers try to create amb igu ity there.There have been broader debate s within China about whet her theyought to revise or abandon that officially, a debate in the mid -'90s about whetherto move toward a n uclear warf ightin g d octrin e. At the end of the day, that wasrebuffed, and they did not chan ge their policy.Another debate in 2005 and 2006 about this issue of con ventionalstrikes and missile defenses, did they need to move off that no -first use doctrine,and, again, the answer after a b ig internal debate was no.So I thin k that is an issu e where there is some amb igu ity. A couplemore points to make is there's a ten sion between this no -first u se doctrine an d aretaliatory doctrine, and what we see in Chinese doctrine about the import an ce ofmaintaining the init iative.And that's d efinitely a ten sion that 's the re both in conventionalcamp aign s and to some degree in the n uclear side as well. We talked about theforce, but if they M IRVed the DF -5, if t hey come up with a follow -on missile thatis MIRVed, given the small numbers, does that create crisis instabilit y ? And asyou move to a mobile force, especially a submarine -based force, what are theissu es with safet y and survivability or safety and p reventin g unauthoriz edlaunches? I thin k that becomes a question.Right now, they sep arate the warhead s from the mi ssiles. It's prettyhard to launch and make it go boom if you don't h ave the nuclear warhead onboard. That's not p robably going to be possible with the n uclear weapon sdeployed on a submarine.And then a final point about knowledge and what we kn ow and howwe know it . A lot of what we know is f rom publicly - articulated policies, study ofdoctrin al materials, and in the open source world, declassified intelligenceanalysis and U.S. government open rep orts that are informed by that an alysis.But there is one key thing that we don 't know a lot about, which is147

how do Chin a's civilian leaders really think about it ? We can read the militarywritings, and we do. We can look at the doctrine, which is approved , at least atsome level, b y civilian leaders, but we don't really know h ow China's civilianleaders who don't h ave a lot of milit ary experien ce, who aren't taught ab outnuclear doctrine in the Central Party school, we don 't know how they really t hinkabout nuclear weap ons today or whether the elab orate do ctrine and thin kin gabout it, whether t hat wou ld really go over and be persuasive in the event of acrisis.Let me stop there. Thank you .148

149PREPARED STATEMENT OF DR. PHILLIP C. SAUNDERSDIRECTOR, CENTER FOR STUDY OF CHINESE MILITARY AFFAIRSNATIONAL DEFENSE UNIVERSITYMarch 26, 2012Dr. Phillip C. SaundersDirector, Center for the Study of Chinese Military AffairsInstitute for National Strategic StudiesNational Defense UniversityTestimony before the U.S.-China Economic and Security Review CommissionHearing on “Developments in China’s Cyber and Nuclear Capabilities”Dr. Saunders is speaking in his own personal capacity as a member of the academic community. This statementrepresents his views based on his research. It should not be implied to represent the views of the Department ofDefense or the Administration.Chinese Nuclear Forces and StrategyChina’s initial quest for a nuclear weapons capability was motivated by recognition of the political valueof nuclear weapons and by Mao Zedong’s determination to remove China’s vulnerability to nuclearblackmail, which had been a factor in several crises involving the United States. 1 China’s senior politicaland military leaders have consistently emphasized that the principal utility of nuclear weapons lies indeterring a nuclear attack and countering nuclear coercion. 2 Although Chinese leaders believe thatpossession of nuclear weapons bestows international status, they do not believe that more warheadsincrease a state’s power or status. Unlike U.S. and Soviet strategists who focused heavily on thepotential impact of relative capabilities in nuclear war-fighting scenarios, Chinese leaders appear to haveconcluded that one or a few nuclear weapons striking an adversary’s homeland would constituteunacceptable damage, making a large arsenal unnecessary to achieve the desired strategic effects.Following its first nuclear test in 1964, Beijing announced that it would adhere to a policy of no-first-use(NFU) of nuclear weapons and called for worldwide nuclear disarmament. It has maintained thisofficial positions ever since.1 John Wilson Lewis and Xue Litai, China Builds the Bomb (Stanford: Stanford University Press, 1988); Zhang Shu Guang,Deterrence and Strategic Culture: Chinese-American Confrontation, 1949-1958 (Ithaca: Cornell University Press, 1992). OnU.S. nuclear threats to China, see Gordon H. Chang, “To the Nuclear Brink: Eisenhower, Dulles, and the Quemoy-MatsuCrisis,” in Sean M. Lynne-Jones, Steven E. Miller, and Stephen Van Evera, eds., Nuclear Diplomacy and Crisis Management(Cambridge, Mass.: MIT Press, 1990), pp. 200-227.2 M. Taylor Fravel and Evan S. Medeiros, “China’s Search for Assured Retaliation: The Evolution of Chinese NuclearStrategy and Force Structure,” International Security, Vol. 35, No. 2 (Fall 2010), pp. 48–87.

Western analysts have described China’s nuclear strategy as a “minimal deterrent” that relies on a smallnumber of nuclear weapons to deliver punitive, counter-value responses to an adversary’s first strike. 3Minimum deterrence refers to “threatening the lowest level of damage necessary to prevent attack, withthe fewest number of nuclear weapons possible.” 4 China’s choice of minimal deterrence was influencedby technological constraints on its nuclear arsenal and delivery systems, but was also heavily shaped bythe views of senior political leaders (especially Mao), which have had an enduring influence on PRCnuclear doctrine. Chinese leaders did not dictate a specific number of nuclear weapons; China’s nuclearforces appear to have been sized based on the need for a few weapons to survive a first strike and launcha retaliatory attack.China’s 2006 Defense White Paper provides a concise overview of the key elements of China’s “selfdefensive”nuclear strategy:Its fundamental goal is to deter other countries from using or threatening to usenuclear weapons against China. China remains firmly committed to the policy of no firstuse of nuclear weapons at any time and under any circumstances. It unconditionallyundertakes not to use or threaten to use nuclear weapons against non-nuclear-weaponstates or nuclear-weapon-free zones, and stands for the comprehensive prohibition andcomplete elimination of nuclear weapons. China upholds the principles of counterattackin self-defense and limited development of nuclear weapons, and aims at building a leanand effective nuclear force capable of meeting national security needs. It endeavors toensure the security and reliability of its nuclear weapons and maintains a credible nucleardeterrent force. China's nuclear force is under the direct command of the Central MilitaryCommission (CMC). China exercises great restraint in developing its nuclear force. It hasnever entered into and will never enter into a nuclear arms race with any other country.”This description highlights a number of key elements of China’s nuclear strategy and policy, includingthe goals of deterrence and preventing nuclear coercion; “no-first use” policy; the goal of eventualelimination of nuclear weapons; and China’s explicit determination (which dates from the beginning ofits nuclear weapons program) not to engage in nuclear arms races.In terms of doctrine, a no-first use policy implies an operational focus on retaliatory counter-attack, or“striking after the enemy has struck.” In terms of force structure, “limited development of nuclearweapons” and a “lean and effective nuclear force” do not translate directly into requirements for specificnumbers of nuclear weapons and delivery systems. Rather, they suggest that the quantitative1503 Avery Goldstein, Deterrence and Security in the 21st Century: China, Britain, France, and the Enduring Legacy of theNuclear Revolution (Stanford, Calif.: Stanford University Press, 2000); Jeffrey Lewis, The Minimum Means of Reprisal:China’s Search forSecurity in the Nuclear Age (Cambridge, Mass.: MIT Press, 2007); and Litai Xue, “Evolution of China’sNuclear Strategy,” in John C. Hopkins and Weixing Hu, eds., Strategic Views from the Second Tier: The Nuclear WeaponsPolicies of France, Britain, and China (San Diego: University of California Press, 1994), pp. 167–190. Phillip C. Saundersand Jing-Dong Yuan, “China’s Strategic Force Modernization,” in Albert Willner and Paul Bolt, eds., China’s NuclearFuture (Boulder, Col.: Lynn Rienner, 2006), pp 79-118.4 Committee on the U.S.-Chinese Glossary of Nuclear Security Terms, English-Chinese, Chinese-English Nuclear SecurityGlossary (Washington, D.C.: National Academies Press, 2008), p. 36.

equirements for a “lean and effective” nuclear force will depend on the ability of Chinese nuclear forcesto survive a potential adversary’s nuclear first strike via some combination of mobility, dispersal,camouflage, and operational resilience and then to launch a retaliatory strike that can penetrate anadversary’s missile defenses and inflict unacceptable damage. Chinese nuclear force requirements thusdepend significantly on the intelligence, conventional precision-strike, nuclear strike, anti-submarinewarfare, and missile defense capabilities of potential adversaries. China’s nuclear forces are not solelyfocused on the United States, but U.S. capabilities (and potential future advances) in these areas make ita key driver of Chinese force structure.The development of China’s nuclear forces is broadly compatible with the thinking of Chinese toppolitical leaders (especially Mao and Deng) described above. Technological limitations meant that theChinese deterrent initially relied primarily on air-delivered weapons and then on vulnerable silo andcave-based missiles. Chinese experts privately admitted that the credibility of China’s deterrent restedon a potential adversary’s uncertainty about whether a first strike could destroy all of China’s long-rangenuclear missiles. Ambiguity about the total size of China’s nuclear arsenal was therefore viewed as animportant element of China’s deterrent capability. Rather than build large numbers of highly vulnerablefirst-generation missiles, China decided in the late 1970s and early 1980s to develop a second generationof mobile land and sea-based missiles that would be more survivable and better able to provide acredible second-strike capability. As these new systems began nearing deployment in the late 2000s,U.S. withdrawal from the ABM treaty and deployment of ballistic missile defenses challenged thepremises behind mutually assured destruction, prompting Chinese complaints that the United Statessought “absolute security” for itself while keeping others vulnerable.China’s current nuclear forces consist of a mix of first and second generation nuclear missiles, with newDF-31 and DF-31A solid-fueled mobile Intercontinental Ballistic Missiles (ICBMs) gradually beingdeployed to augment existing DF-5A ICBMs. China has also upgraded its regional nuclear deterrentwith the deployment of the DF-21 Medium-Range Ballistic Missile (MRBM) to supplement firstgeneration DF-3 and DF-4 Intermediate-Range Ballistic Missiles. In terms of a sea-based deterrent,China’s initial XIA class nuclear missile submarine (SSBN) suffered from a troubled developmentprocess and may never have constituted a truly operational system. 5 China has already built two Type-94 JIN class SSBNs and may ultimately deploy five of the submarines, which will be equipped with JL-2 SLBM missiles. 6The interaction between evolving U.S. military capabilities and China’s nuclear modernization is likelyto produce a significant expansion of the number of deployed warheads that can reach the United States.However, it is difficult to speak about the numbers with confidence because China provides no officialdata on the current or projected size of its nuclear force, the number and capabilities of its deliverysystems, or its overall modernization plans. A 2010 Pentagon report estimates that China’s currentICBM arsenal consists of approximately 20 first-generation ICBMs and approximately 30 solid-fueled,1515 John Wilson Lewis and Xue Litai, China’s Strategic Seapower: The Politics of Force Modernization in the Nuclear Age(Stanford, Calif.: Stanford University Press, 1994).6 Office of the Secretary of Defense, Annual Report to Congress, Military and Security Developments Involving the People’sRepublic of China, 2010.

oad-mobile second-generation ICBMs. China’s future nuclear forces are likely to include additionalsecond-generation ICBMs and possibly upgrades to allow its first generation ICBMs to carry multiplewarheads. 7 The 2011 report gave an updated estimate of 55-65 ICBMs and also noted that “China mayalso be developing a new road-mobile ICBM, possibly capable of carrying a multiple independentlytargetable re-entry vehicle (MIRV).” 8 The Pentagon report also notes that “the first of the new JIN-class(Type 094) SSBN appears ready, but the associated JL-2 SLBM appears to have encountered difficulty,failing several of what should have been the final round of flight tests. The date when the JIN-classSSBN/JL-2 SLBM combination will be operational is uncertain.” 9Most observers expect these modernization efforts to produce both a quantitative expansion in thenumber of Chinese ICBMs and SLBMs that can reach the United States and qualitative improvements inthe capabilities of Chinese missiles. The Pentagon report also notes that China is developing “a range oftechnologies to attempt to counter U.S. and other militaries’ ballistic missile defense systems, includingmaneuvering re-entry vehicles, MIRVs, decoys, chaff, jamming, thermal shielding, and anti-satellite(ASAT) weapons. PRC official media also cites numerous Second Artillery Corps training exercisesfeaturing maneuver, camouflage, and launch operations under simulated combat conditions, which areintended to increase survivability. Together with the increased mobility and survivability of the newgeneration of missiles, these technologies and training enhancements strengthen China’s nucleardeterrent and enhance its strategic strike capabilities.” 10China’s nuclear arsenal has remained relatively small, consistent with China’s nuclear strategy, even assome of the technical constraints on building a larger, more sophisticated nuclear arsenal have eased.But are China’s nuclear doctrine and the Second Artillery (the branch of the PLA that controls China’sground-based nuclear forces) training consistent with the publicly articulated strategy? Although theofficial campaign outlines and combat regulations for China’s nuclear forces are classified documentsinaccessible to Western scholars, enough internal doctrinal materials have become available to permit anassessment. Broadly speaking, these doctrinal materials and published reports about Second ArtilleryCorps training are consistent with Chinese public statements about nuclear strategy such as the whitepaper quoted above.The 1987 volume The Science of Military Strategy identifies key doctrinal principles addressing thedeterrent and retaliatory uses of nuclear weapons. 11 The book also emphasizes the concept of“effectiveness” and highlights survivability as a key component of an effective nuclear deterrent.Subsequent editions and other doctrinal materials retain this emphasis, demonstrating that the principles1527 Ibid, p. 34.8 Office of the Secretary of Defense, Annual Report to Congress, Military and Security Developments Involving the People’sRepublic of China, 2011, p. 34 and 3.9 Office of the Secretary of Defense, Military and Security Developments Involving the People’s Republic of China, 2010, p.34.10 Ibid, p. 34.11 The four principles are centralized control (jizhong zhihui), strike only after the enemy has struck (houfa zhiren), closedefense (yanmi fanghu), and key point counter-strikes (zhongdian fanji). The Science of Military Strategy [Zhanlue Xue](Beijing, Academy of Military Sciences, 1987), cited in Fravel and Medeiros, 69.

originally articulated by Mao and Deng have continued to guide initial Chinese nuclear strategy andcampaign planning even as technical and resource constraints on development of advanced nuclearforces have eased. For example, doctrinal materials published in the early 2000s describe the SecondArtillery’s “nuclear counterstrike campaign” and refer to “striking after the enemy has struck” as a basicguiding principle. 12 This is consistent with China’s “no first use” policy as well as with open sourcematerials on Second Artillery training, which stress the need to be prepared to operate in an environmentwhere nuclear strikes have occurred.Another distinctive aspect of Chinese nuclear thinking worth highlighting is the concept of counternuclear deterrence. This is described as “an operation used to demonstrate China’s resolve and will touse nuclear weapons in response to efforts by adversaries to coerce China with nuclear threats.” 13Counter-deterrence operations involve efforts to communicate China’s will and resolve to respond to anuclear attack in order to signal that China cannot be coerced by nuclear threats and to reinforcedeterrence. They can be considered a form of nuclear signaling.Internal debates within the Chinese nuclear community have periodically challenged these principles.One debate in the early 1990s concerned the possibility of a shift to a limited nuclear deterrent thatenvisioned a broader mix of nuclear capabilities that would support nuclear war-fighting. However thisdebate concluded by reaffirming the deterrence and counter-coercion principles that had historicallyguided Chinese nuclear strategy. 14 A later debate in 2005-2006 questioned whether a no-first-use policywas viable given U.S. advances in conventional precision-strike capabilities (which might threatenChinese nuclear missiles with conventional strikes) and missile defenses (which might be capable ofintercepting retaliatory strikes by a limited number of Chinese ICBMs that survived a conventional firststrike). Although China did not modify its official description of its “no first use” policy, subsequentstatements by officials and military officers created a degree of ambiguity about whether a conventionalstrike against Chinese nuclear assets or command and control systems constituted a “first use” thatjustified nuclear retaliation. 15Chinese debates about no-first-use highlight Beijing’s pursuit of a no-first-use pledge from the UnitedStates, a consistent theme in its diplomacy. Chinese officials argue that a no-first-use commitmentwould help prevent nuclear war, strengthen the non-proliferation regime, and promote nucleardisarmament. They also argue that U.S. conventional superiority means that the United States does notneed a first-use option. A U.S. bilateral no-first-use pledge would imply acceptance of Chineseprinciples about the limited role of nuclear weapons and symbolize an equal, non-hostile politicalrelationship between the two sides. China might hope that a U.S. no-first-use pledge would call U.S.security commitments to its regional allies (the nuclear umbrella) into question, thus potentially15312 Fravel and Medeiros, 76.13 Michael S. Chase and Evan Medeiros, “China’s Evolving Nuclear Calculus: Modernization and Doctrinal Debate,” inJames Mulvenon and David Finkelstein, eds., China’s Revolution in Doctrinal Affairs: Emerging Trends in the OperationalArt of the Chinese People's Liberation Army (Arlington, VA; CNA, 2002), p. 133.14 Alastair Iain Johnston, “China’s New ‘Old Thinking’: The Concept of Limited Deterrence,” International Security, Vol.20, No. 3 (Winter 1995/96), pp. 5–42.15 Fravel and Medeiros, 79-80.

weakening U.S. alliances. The value of such a U.S. pledge would increase significantly if theconventional military balance in the Western Pacific tipped in China’s favor. Finally, given that theChinese conception of deterrence implies coercion as well as restraint, a no-first-use pledge would makeit harder for U.S. policymakers to threaten nuclear escalation in a crisis and provide China with themoral and political high ground to resist any such threats.Although Chinese nuclear doctrine, force structure, and training appear broadly consistent with publiclyarticulated Chinese nuclear policy, some aspects have raised concerns for Western analysts. One is theemphasis in Chinese military doctrine of the importance of maintaining the initiative, a concept intension with the retaliatory principle of “strike only after the enemy has struck.” Some Chinese militarywriters argue that this can justify pre-emptive attacks under some circumstances, such as in cases whereChina has credible early warning of a pending nuclear attack. Chinese doctrinal materials emphasize thepotential for nuclear counterstrikes to shock an adversary into submission in the hopes of de-escalating aconflict, and discuss retaliatory attacks against a range of counterforce, countermilitary, andcountervalue targets. 16 Another issue involves the challenges that mobile ICBMs and especially SLBMsmay pose for command and control of China’s nuclear arsenal, especially since their technicaladvantages may erode traditional controls against unauthorized launches (such as the separation ofmissiles and warheads in China’s older ICBMs). Some analysts worry that China’s potentialdeployment of missiles with multiple warheads may create incentives for first strikes that could bedestabilizing in a crisis. 17 Finally, some see the potential for greater PLA influence over nuclear doctrineto move China in the direction of nuclear war-fighting strategies and a larger nuclear arsenal. 18A final consideration is that much of what we know about Chinese nuclear policy and strategy comesfrom publicly articulated policies (such as the section of the 2006 white paper quoted above) or study ofdoctrinal materials (which reflect PLA writings). We know little about what China’s top civilian leadersin the Politburo Standing Committee—the actors who would decide whether China should employnuclear weapons—think about the employment of nuclear weapons or the role of nuclear weapons incrisis situations. The fact that these leaders have little military experience and have likely not beenexposed to academic thinking about nuclear weapons (and nuclear dangers) may be grounds foradditional concern. 19 At the end of the day Chinese leaders, like other leaders in other countries, areacutely aware of China’s vulnerability to nuclear attack and are likely to be cautious in situations withthe potential to escalate to an exchange of nuclear weapons.15416 See sources cited in Fravel and Medeiros, 76-77.17 Saunders and Yuan; Michael S. Chase, Andrew S. Erickson, and Christopher Yeaw, “Chinese Theater and StrategicMissile Force Modernization and Its Implications for the United States,” Journal of Strategic Studies, Vol. 32, No. 1(February 2009), pp. 67–114.18 Mark Schneider, “The Nuclear Doctrine and Forces of the People’s Republic of China,” Comparative Strategy, Vol. 28,No. 3 (July/August 2009), pp. 244–270; and Larry M. Wortzel, China’s Nuclear Forces: Operations, Training, Doctrine,Command, Control, and Campaign Planning (Carlisle, Pa.: Strategic Studies Institute, U.S. Army War College, May 2007).19 The author’s interviews with relevant faculty members at the Central Party School suggest that nuclear deterrence is nottaught in the international relations and security lectures that senior party members receive.

155PANEL III: QUESTIONS AND ANSWERSHEARING CO -CHAIR WORTZEL: Commissioner Fiedler.HEARING CO -CHAIR FIED LER: This morn ing General Cart wright sort ofquietly raised the q uestion again of wh o was in control of the milit ary, therehavin g been some q uestion in the ASAT test and in a couple of other in cidents,stealth, the revelation of their stealth airplane.It seems to me that it's a greater con cern in terms of control ofnuclear weapon s. What do we know about the control of their nuclear weapons?What do we know about the Central Military Commission 's role and the civilianrole, p art y role, in t hat?DR. SCHNEIDER: Well, the--HEARING CO -CHAIR FIED LER: Let me ju st add, it seems to me that thepolitical commissar in their structure in the Second Artillery and other nucleararmed forces becomes more crit ical in that discussion .DR. SCHNEIDER: Yes, I mean the organi zation ch art is the CentralMilitary Commission, and they're more into collective decision -making at thatlevel than we are, and I believe the military is more powerf ul and moreautonomous than they would be in the United St ates for the simp le reason thatthey keep the regime in power.Absent the milit ary, they have no legit imacy. In Chin a, that's one ofthe reasons they're pushing n ationalism rather than commu nism in Ch ina today.In terms of the actual control of nuclear weapons, certain ly the unit comm anderand the political commissar, who is ext remely powerful in the Chinese milit ary,play the key role.They don 't have, becau se of the nature of their nuclear weapons, asDanny St illman, former Chief of Intelligence at Los Alamos, put it, he said theirweap ons are not 1. safe, and that's probably the reason that they don 't matethem to missiles constantly because that mean s if something goes wron g, and youdrop the weapon or a bullet hit s it or t here's a fire, you could get a low orderaccidental nuclear detonation .So there is no, very little risk of , you kn ow, somebody just t urningsome keys and doin g an unauthorized launch there f or a lot of reasons.I wish we kn ew more about the high level Ch inese decision - making,but, you know, there are limit s t o our u nderstandin g of virt ually everythingassociated with their military.The Scien ce of the Second Artillery Campaign, and I'm sorry to say it'snot a top secret Chinese document; it's an officer trainin g manual.DR. SAUNDERS: It's not the internal , full intern al guidan ce, but it ismarked "t op secret ."DR. SCHNEIDER: No. That 's not what t hat is. I mean it's an officer

trainin g manual. It has confidential in it. There are unclassified West erntranslation s of it becau se basically they're easy t o get b ecause there are so manyof them printed . And they, I mean they indoctrin ate their officers. I mean you donot take the initiative. You only operat e on the authorit y of the Central MilitaryCommission f or a launch order, and I think that 's centra l to the way they controlnuclear weapon s. So it's a combin ation of the several fact ors that have thateffect .HEARING CO -CHAIR FIED LER: Dr. Saunders.DR. SAUNDERS: I mean I thin k it's broadly correct that it's the unitcommander and the political com missar. There's a lot of emphasis on political --HEARING CO -CHAIR FIED LER: That 's after they receive ord ers.DR. SAUNDERS: Th at's after they receive orders, but, or it's also tomake sure they d on 't do an ything without orders. At the t op level, we th ink itwould b e, have to b e a decision by, not by the Central Military Commission butby--HEARING CO -CHAIR FIED LER: Politburo.DR. SAUNDERS: --Politburo Standin g Committee, the top n ine sen iorcivilian leaders of t he Party. Th at would be regarded as a very, very seriou s t hing,and it wouldn't be a milit ary decision . Indeed, there are no milit ary officers onthe Politburo Standing Committee. Cert ainly, they would get milit ary inputs an dthey would get a military perspective on that decision , but at t he end of the d ay,it wou ld be the civilians at the top of that stru cture who would make a d ecisionwhether or not to u se nuclear force.And I tou ched on the issue of --the de-mating is certainly something,but you can't really do that on a sea -launch ballistic missile. And I thin k one ofthe question s there that we just don 't know about is what other, do they havetechnical provisions to make those missiles safe t o have a t wo -man rule or otherprovision s? They've been exp osed to some of that technology, but I don 't thin kwe know for sure the extent to which t hey may have adopted it.HEARING CO -CHAIR WORTZEL: Ju st to end the discussion that lookslike it was brewing between you guys, I've seen the inventory of the Scien ce ofSecond Artillery Campaign s at a couple of PLA bookstores. It's published inseveral versions. In ternal distribution only, secret and top secret, so you couldhave an y one of those versions circu lat ed.Commission er Wessel.COMMISSIONER WESSEL: Than k you, gentlemen .Help me if you can . I want to try and connect in some ways wh at weheard this morn ing. We've been increasingly d iscussin g over past yearsasymmet ric warfare and the increasin g utilizat ion of cyber activit ies b y theChinese to enhan ce their capabilities.The flip side of that is certainly the U.S. is looking at how it may156

utilize cyb er activities where there is a potential conflict . With the no -first usedoctrin e not necessarily being defin ed as we would always define it here, do youthink there is a tipping point for the potential u se of cyber activit ies b y the U.S.or some other nat ion to result in a dramatic engagement b y the Chinese?DR. SCHNEIDER: You mean a tipping point in terms of nuclearescalat ion ?COMMISSIONER WESSEL: Correct .DR. SCHNEIDER: I d on't really thin k so. The material I've seen in thedoctrin al writings where they t alk abou t adjustin g the threshold and goin g firstrelate to con ventional attacks on Ch ina, devast ating, very destru ctive or veryeffective conventional attacks.They have, I mean I'm no exp ert on their cyber capab ility, but Ibelieve it 's ab solutely clear they've got extremely sophist icated cyb ercapab ilit ies, and they would p robably use them very extensively in an y waragainst the United States.I don't believe that they're --I can 't say for sure, but I don 't believethat there's a big n uclear linkage t o cyber warfare, but they would p robably winthat conflict the way they're d evelopin g their cap ability.COMMISSIONER WESSEL: No, but do you believe that if we were toengage in dramatic utilizat ion of cyber activit ies against them that they wou ldescalat e? I thought I heard earlier was, no, you don 't see it getting to that point.DR. SCHNEIDER: You mean with the political context there's a wargoing on?COMMISSIONER WESSEL: I'm sorry?DR. SCHNEIDER: Is a war going on?COMMISSIONER WESSEL: Well, d efinition of what is a war going on atthat point, a conflict, first start ing with cyb er.HEARING CO -CHAIR FIED LER: In other word s, if we shut d own theirelect ric grid.COMMISSIONER WESSEL: Correct, correct.HEARING CO -CHAIR FIED LER: How would they react ?DR. SCHNEIDER: Th ey en gage and, you know, there's a d isp ute on oruncertainty on who authorizes, but they engage in cyber ef forts again st, youknow, u s very frequently. A nd they've had some great levels of success. I don'tsee, I see a fundamental break h ere between the u se of cyber operat ions in p eacetime and cyb er operations in war time.In war time, it would be a central p art of their overall militarystrategy, and, you know, the outcome of the cyb er battle could, I guess, imp actsign ificantly the outcome of the war it self.They are probab ly most likely to use n uclear weapon s if t hey're losin g,if they suffer very d amaging attacks, an d if the issue is something ab s olutely157

central to them like Taiwan .DR. SAUNDERS: I ju st, I would add that , I mean, I thin k the doctrin ethat they have on cyber operation s or integrated net worked elect ronic warf aredoes see this as a crucial milit ary capabilit y. It's one that leverag es U.S.dependence on computer networks and communication s.Of cou rse, that's also the direction the PLA is going. They'reinformat ionizin g, they're using computer networks, and systems of systems. Soright now we are more dependent and vulnerable. That 's going to chan ge overtime. But I thin k they do see this as a warfighting capab ility and indeed to useone early.I thin k the quest ion is what happen s if you st art doin g larger attacksagainst infrast ructure? Both ou r countries are dependent on cyber to run variousparts of ou r infrastructure and economy. How do you control escalat ion in thatcontext?I thin k one area wh ere there may be linkages with the nuclear side isif you 're u sing cyber attacks again st st rategic command an d control, in cludingnuclear command and control. Th at st arts to get into a very iffy business. Is thata cyber attempt to remove Ch ina's nuclear deterrent capab ilit y.COMMISSIONER WESSEL: Neutralize --DR. SAUNDERS: Is t hat a first use? I wouldn't say that it is, but itcould be seen as an attack on the nuclear capabilit y and that, in my mind, wou ldbe extremely dan gerous if they tried to do it to us or if we tried to do it to them.So that's a real area to be cautious about.COMMISSIONER WESSEL: Than k you.HEARING CO-CHAIR WORTZEL: Dr. Saunders, on page f ive of yourtestimon y, you h ave a discussion in the middle paragraph about Chinese doctrinelooking at attempts essentially t o escalate in order to de -escalate. Nu clearcounter strikes to f orce an opponent t o de -escalate.Now nobod y has fought a nuclear war yet, but in nuclear war gaming,when parties escalate to de -escalate, it rarely lead s to de - escalat ion andinvariab ly resu lts in a larger exchan ge. So I guess the question is how, (a) howrealistic do you thin k that is; and is escalatin g to de -escalate volatile? And I'd askboth of you that .DR. SAUNDERS: Wh at the writin gs talk about is delivering a severepsychological blow, a fundamental shock that cau ses the ad versary to reassesswhat kind of war they're f ighting and, hopefully, from the Chinese point of view,shock them into realizing this h as gotten out of hand.It's one thin g to write that in a doctrin al manual. It's another for it tohave that effect in real life. I mean I personally thin k the Chines e leadership h asshown it to be very cautiou s and risk averse across a range of things, andcertainly wouldn't lightly undertake a n uclear st rike in the first place.158

And then if a nice, you know, a PLA officer, wh ether they're nice ornot, comes in and sa ys, well, now we n eed to do this much bigger st rike, and t hatwill bring the war t o the end, I wou ld t hink at that point, h opefully, before thatpoint, they would get some sharp questions from their civilian leadership , andthat's wh y I h igh lighted this po int, that we don 't kn ow a lot about wh at theircivilian s thin k.We kn ow a fair amount about what their military writes, but if themilit ary presents these option s in the middle of a crisis, are the civilians goin g tosay that's all we can do? Are they going to say, wh at, are you craz y?That's just an area where we don't have a lot of insight. I mean Iwould hop e, to be h onest, that the Chin ese are doin g their own nuclear wargamin g and gettin g civilian s to play in some of tha t becau se I thin k if youparticipate in some of those games, as I know you have, you find them verysoberin g, and some of the things that seem very clever wh en you wrote themtheoretically h ave a very different complexion when you see wh at happens if youtry to put it into practice.DR. SCHNEIDER: A war, an y t ype of war between two nuclear, majornuclear powers, is a very bad id ea, and about 30 something years ago, I was askedto write a pap er on nuclear war termin ation, and I reviewed the entire literatu reon it, and nobod y really had a clue how you would do this.Now, b asically, wh at concerns me most right now, this involves bothRussia and Ch ina, is the talk in Russia, both milit ary and civilian leadership, aboutusing nuclear weap ons, and Chin a, it 's mainly the--well, it's entirely, I wouldguess, the military leadersh ip althou gh this morning b y some strange coin cid enceI found the art icle which quoted the D eputy Ch airman of t he Central MilitaryCommission con cerning about u sing nuclear weapon s in res ponse to con ventionalattacks.Now, but h aving said that, I fully agree that they're going t o be verycautiou s about u sin g nuclear weapons. What scares me more than an ything elseis the Taiwan issu e becau se there's n othing like it an ywhere in the world . I meanwhen you combine that with the talk ab out payin g an y price, that's kind of scary,and that issue could get out of control. If one elect ion in Taiwan goes the wrongway, you could be b ack in a crisis situation.So I mean, and that's one of the rea son s I'm also con cern ed aboutwhether or not if they have tactical nuclear weapons, for examp le, anti -sh ipnuclear weapon s, which is mentioned in some of their literature, we know theyhave the DF -21D, which the Pentagon report says it's nuclear armed, and Chin esesources say the same thing, but I'm talking about thin gs like anti -sh ip cruisemissiles, you know, nuclear art illery, potentially other types, nuclear land min es,potentially other types of tactical nuclear weapon s, if they use something likethat, we have no comparab le response.159

I mean our forces are not exact ly well - designed to deal with limitednuclear st rikes or chemical or biological strikes b ecause we've b asically reduced itto strategic planned attack systems, and that's not the way --I mean I'm not sureyou can control a n uclear war, but I certainly don't thin k you ought to go about itthat way.HEARING CO -CHAIR WORTZEL: Th ank you.Commission er Blumenthal.COMMISSIONER BLUMENTHAL: Than k you. Than k you, bot h, for yourtestimon y.I want to turn --somebody quoted St alin before, and I want to quoteLenin in terms of what is to be d one. There's obviously an abstract qualit y to allof this, wh ich is good. We h aven 't actually been toe to t oe with the Chinese.With the Soviet s, the threshold s and modicums of strategic st abilitywere always--there's a lot of revisionism now, but they're always very near -ru nthings, you know, and strategic stab ility came after possib le nuclear crises andeven talk of preemp tion by the United States, people don ' t care to remember, andnuclear threat s, an d so on and so forth, and stab ility, in the end, what people callstability came with the fact that neither of us had a first -st rike option . So p eoplecalled it strategic stabilit y in that settin g, but again that was after years oftesting, and very near -run thin gs, and t he Cuban missile crisis and elsewhere.Well, what is deterrence here in terms of our posture and what isstrategic st ability? I mean so for the Chinese I can understand wh y they're d oingwhat the y're doin g. I mean we're talkin g about thin gs like prompt global strikefor wh ich I thin k we're outfitting all of two missiles, but still, you know, we'retalking about prompt global strike.We're openly talkin g about attackin g in -depth now, n ot that we havethe forces to do it, but we're open ly sayin g that that's part of our air -sea battlecon cept. We're going to take it to the mainland con ventionally. If I was Chin ese,I would certainly be interest ed in nuclear weapon s.So we're so f ar from stabilit y , I thin k, so I'd first like to ask thequestion about d eterren ce, and, secon d, in terms of what we should be doing, andsecond, how do you get to st ability?Silen ce.HEARING CO -CHAIR FIED LER: Don't all jump.[Laughter.]DR. SCHNEIDER: M y view of the situat ion in regard to China isessentially this. With the demise of the Soviet Un ion, China was in a verydesirable position. I mean it really faced no, no threat s of attacks, yet, inrespon se to that, it began a large expan sion of its milit ary capabil ity. I thin k if, asits power grows relative to ours, and I think that 's what the situat ion is going tobe, we'll be in an in creasin gly dan gerou s situation that they may try to throw160

their weight around in some way. And if they do that, thin gs could get o ut ofhand. You know, the near -term flashpoint is Taiwan .COMMISSIONER BLUMENTHAL: Yeah. So what do we do? I mean Iknow all that alread y. I mean --DR. SCHNEIDER: Well, I thin k we need to be spendin g more money onsome elements of our defense postu re than we are now. We've got t o, well, ifyou take a look at what was planned in the Clinton administration for tod ay an dwhat we actually have, there is almost no correlat ion .COMMISSIONER BLUMENTHAL: Well, how would you do nucleardeterren ce?DR. SCHNEIDER: Oh , nuclear deterren ce. I don't thin k it's wise to dounilateral cuts. I think you want to maintain as much as a margin of superiorit yover Chin a as is p ossible f or the simple reason that no American president isgoing t o init iate the use of nu clear weapons under an y circumstan ces other than aWMD attack of substantial proportion s, whether it's nuclear or whether it'schemical or b iological. I'm talking ab ou t somethin g that's going to kill hundred sof thousands or millions of peop le.I'm less certain about what the Chinese would d o in a Taiwan scenarioif they actually lost, and keep in mind, invadin g Taiwan is something like theinvasion of Norman dy, and it cou ld fail. I mean even with all the money they'reputting into their military build -up, it's a very, very d ifficult situation , and underthose circumstan ces, they ju st might d o it because I thin k they see regime survivalover that issue.COMMISSIONER BLUMENTHAL: So it's n uclear supremacy for theUnited St ates.What about you, Ph il?DR. SAUNDERS: Well, I thin k they've committed to havin g a survivablesecond-strike capab ilit y, and I don 't think we can stop them from doing that . Sothat's a starting point, but they have money, they have the technology, they h aveenough fissile material. It is rocket science, but it's rocket science where to d o itto a certain degree is good enough t o p roduce det erren ce.So I thin k on the nuclear side, we certainly h ave a lot more warheadsand delivery systems than they do, but it doesn 't matter. It ta kes, all it takes isone nuclear bomb to ruin your day.COMMISSIONER BLUMENTHAL: Yeah.DR. SAUNDERS: So I think that 's sort of the situation we're in. I don'tsee how we get out of that. So at that level, sort of a formal level, there is acertain st ability. There is a certain degree of mutual deterrence. Th e quest ion is,is that good enou gh ? We h ave p olit ical problems in the relationsh ip. We havesecu rit y disputes within Asia. We have the issue of Taiwan. We have concernsabout cyber and cou nterspace capab ilities. So there's a lot more going on in t he161

elationship there t hat sort of colors it. But at the fundamental level of thenuclear capabilit y, I think that is a pret ty stab le deterrent relationship .If we come down in the context of neg otiation s with the Ru ssians, atsome point there has to be an effort to get Ch ina and other nuclear - armed st atesinvolved , and part of that is they have t o be more transp arent about cap abilitiesso we know--COMMISSIONER BLUMENTHAL: Do you t hink it's st ab le in the scenariowhere, you know--which is canonical now almost, they attack Taiwan, we nowattack in -depth, an d we're stable in terms of who u ses nuclear weapon s?DR. SAUNDERS: Two points on that . First, it 's n ot just the milit arybalan ce or the nu clear balance or the convention al balan ce. There are very higheconomic costs f or China if they choose to try to resolve t his situation via force,and that is a deterrent on them. It's p art of a deterrent, and that's partly whythey sh ifted their p olicy in favor of det errin g independen ce and workin gpolitically for peaceful integration .So that's ju st a broader point. If they d o launch a conventional attackon Taiwan , I thin k t he ways in which we wou ld have to respond to that are goingto be very escala t ory. They're buildin g a range of conventional capabilities, whichwe call anti -access area den ial, they call counter -intervention, which raises thecost s and risks of u s operat ing close to the Chinese coast. There's a variet y ofways we can counter that , but one of the ways is going after sen sors. Th at meansstrikes on the mainland, and that mean s early on in a conflict .So that's I think a concern for both sid es, is you go from z ero to 60very, very quickly in a con vention al con flict that involves t he U.S. and Ch ina overTaiwan, and I think there are real con cerns about escalation there. It's a goodreason f or them never to choose to roll the dice.COMMISSIONER BLUMENTHAL: Than ks.HEARING CO -CHAIR WORTZEL: Commissioner Cleveland.COMMISSIONER CLE VELAND: D r. Schneider, I h eard you say that weshouldn't reduce unilaterally, but I'm wondering d o you think the discussion s wehad with the Ru ssians over our nuclear inventory should be seen throu gh the lensof the Chinese build -up?DR. SCHNEIDER: Well , yes and no. The yes p art is certainlycon ceptually that makes enormous amount of sense. No question ab out it. Butthe no part of it is I don't see any real prospect for arms control solution withChina for a very simple reason: you have only t wo real alternatives in terms ofnumbers.You either grant them equality with the United States and Russia, inwhich case they get to build up for a long period of time, and I thin k you havezero ch ance of getting a treaty like that ratified b ecause there is no nation alsecu rit y benefit out of it.162

Or you get the Ch inese to accept sort of somethin g like theWash ington - London agreement where you had a rat io of 5:5:3:1.67, somethin glike that . I cannot see the Ch inese under any circumst ances agreein g to that .They have sought to generally avoid arms control n egot iat ions. I mean they'vemade an y number of statements over t he years about wh at circumstan ces theywould enter arms control.The circu mstan ces actually h appened, and they didn't . I don't see anyburning Chinese desire to enter any t yp e of agreement like a new START or theINF Treat y, and I mean the INF Treat y itself is God's gift to China. I mean sin cewe've eliminated all our missiles, you know, they've added 1,500 or what ever t heofficial numb er is ri ght now. I mean that's a pretty big advantage. I mean it'sliterally the core of their cu rrent approach to warfighting again st the Un itedStates, and I don't see them giving that up.COMMISSIONER CLEVELAND: What about Dr. Karber's comment earlierthat the United Stat es and Russia reach a point where they argue, and it is somedistan ce away, needless to say, but that they argue that we may h ave to give upthe INF Treat y if we don't see p rogress on the Chinese fron t?DR. SCHNEIDER: Th e Russians have sai d that quite frequently. Theyhave made numerou s high - level statements start ing in the middle of the lastdecade about how t he INF Treat y was a Cold War anachron ism, and they wantedto get out of it . Wh at I thin k they've d one, and I have about ten Russia n sources,including fou r reports in one of their of ficial news agencies, that they'redevelop ing an intermediate - range grou nd -launch cru ise missile, the R -500.And if those report s are true, that's a blatant violat ion of t he INFTreat y. And I've seen st atements in the Russian press ab out we've got topragmatically interpret the, you know, there's generals sayin g we've got topragmatically interpret the INF Treat y. You know, I'm a country lawyer, and Idon't see p ragmatism having mu ch to d o with t reat y i nterp retation s.I mean wh at it means is the plain mean ing of the treaty, h ow itapplies in a f act sit uation. I mean to me that's in the context of those reports,and there are a lot of them, in cluding, as a matter of f act , when St ratfor washacked, it tur ns out that they picked up the same report s.I would like the U.S. govern ment to take a seriou s look at what 'shappening there before we do an ything else on arms control because that's areally b ig issue if those reports are true.COMMISSIONER CLEVELAND: Th an k you .HEARING CO -CHAIR WORTZEL: Commissioner Slane.COMMISSIONER SLANE: What con cern s me is that as the Ch inese buildup their nuclear f orces, we're forced to cut our defen se budget because of ourdeclining econ omy, and I'm wondering your reacti on to wh ether we will have t heresources to counter this build -up, and how you thin k this will play out?163

DR. SCHNEIDER: Well, as I said earlier, I thin k the milit ary balan ce isgoing t o shift in their favor over the next decade.COMMISSIONER SLANE: I'm sorry. Shif ted --DR. SCHNEIDER: Shifted in the Ch inese favor.COMMISSIONER SLANE: Favor.DR. SCHNEIDER: I mean the cuts of --I mean it 's not one --it's not thisyear's cuts. It's really 20 years of milit ary cuts. You t ake a look at the b ig pictureand how man y advanced U.S. weapon systems of all t ypes have been termin at edor delayed or replaced by some inferior, you know, substit ute, it really is I think adangerou s situation , and one of the more disturbing things in the --I mean therewas very littl e issue in terms of dollar - wise, but in the cu rrent budget that wassubmitted, the advanced air -to-air missile was zero, and that I thin k has moreimpact than a lot of other things with much bigger price t ags on it in terms of howthe air-to- air balan ce is going to b e shifting.I mean when the F - 22 product ion was t erminat ed at 187 airplanes,Secretary of Defen se said b y the time China get s it s first --h e didn't say J-20, butthat's what he's t alkin g about, we'll have 1,700 fighters. Well, we're not going t ohave 1,700 fighters, stealth f ighters, f if th generat ion fighters. We may h ave 400or 450 or maybe even less than 400, an d a couple hundred of them are goin g t o beoperation al.So wh en you put all these thin gs together and you take a look atwhat 's happened to the Navy programs with the CG(X) and DG -1000, you know,being terminated or cut back, or in the case of the destroyer to three ships, we'regoing t o have a lot less n aval air defen se cap ability than we assumed we weregoing t o have five years a go.And all of these things have milit ary significan ce, and I'm con cernedabout the overall trends that are in play, and I'm not su re we've seen the lastdefense cuts.DR. SAUNDERS: If I can ju st speak to that briefly, I mean I think thereare limit s on how high Ch ina is going to go. As I su ggested, I thin k this is aninteractive st rategic game. So they are buildin g up their f orce. Our issu e is h owwe modernize our current nuclear f orces and whether we're going to stick wit hthe triad and modernize al l three of the legs, or we're going to build new ICBMs,new SLBMs, and think about whether or not we n eed a nuclear capab le bomb er.One way--I thin k we will fund those programs, but one of t he ways youcan thin k ab out it is do you need to rep lace them, th e cap abilit y, one for one ifwe're in a mode of tryin g to negotiate reductions with the Russian s?So that's I think p art of it, but I thin k t hat's a capabilit y an yadministrat ion is going to keep enou gh of a secure, survivable and reliab lenuclear force. I just think that 's a commitment that they're goin g to make. Ithink where it gets harder is on the con ventional side because there the164

capab ilit ies to go operate in or near an anti -access area denial en velop e wherethey're playin g at h ome and we're pla ying away, that gets a lot harder and a lotmore complicated .You can go at it wit h high -tech solution s, which stealth was ouranswer in the 1980s and '90s, to have a high -tech expensive system that cou ldoperate in Ru ssian air defen ses, that's where you ' re really talking R&D cost s and alot of exp ense to build conventional assets that can go operate in that kind of anenvironment.That's where it 's going to be a lot more expen sive, and I think that 'swhere the budget cuts will h ave more impact .DR. SCHNEIDER: Could I add on e thing to what I ju st said, please?Certainly, the issue is mod ernizat ion an d sustainment. Right now we're doing alot more sust ainment than moderniz ation. We're not goin g to see anyimprovement at all in our st rategic force cap ab ilities until about 2030, wherewhatever the Ch inese do --and again, I have no cryst al ball --but you're certain lygoing t o see improvement, sign ificant improvements, in Ch inese strategic forces alot sooner than 2030.So the way I see it , you've got to loo k at the nuclear part of this in thecontext of their overall military program, and you know it 's probab ly reached thestage wh ere they're at 25, 30 percent of our defense spending, and they h avevast ly cheaper man power, and that 's a very disturbin g tren d.HEARING CO -CHAIR WORTZEL: Th ank you.Commission er Shea, or Ch airman Shea. I'm sorry.CHAIRMAN SHEA: That's okay. You 've talked about Taiwan as aflashpoint. What about China - India? What is Ch ina's nuclear posture toward sIndia, and do they h ave d ifferent st rategies with respect to potential conflict withIndia?DR. SCHNEIDER: Well, Chin ese nuclear capab ilit y is vast ly greaterthan current Indian capab ilit y, I mean across the board . Th e qualit y and the rangeand the types of warheads they have o n the Chinese nuclear missiles d warf sanythin g the Indian s are doing.If an ything, the Indians have been fairly restrained in the growth oftheir nuclear abilit y although they apparently are second --you know, thin king t hatover again because --they are try ing to improve their cap abilities to China.They're doin g either a very long - range IRBM or a limited range. Th ey h ave ICBMsnow, full coverage of China. They have a program for a submarine with a sh ort -range SLBM, which would b e nuclear, on it. So the Indians are doin g an ything.The Chin ese h ave, I think, t remendou s inherent cap ability right now totarget India, and that will on ly improve as they introduce t he new systems inlarger numbers, and if they go ahead with MIRVing the way there are a lot ofAsian press rep orts. That will I thin k further in crease the d isparity b etween In dia165

and Chinese cap abilities.DR. SAUNDERS: The Chinese haven't b een so focused on In dia. Theydo have units that b y virtue of geograp hy and the range of the missiles theyoperate seem to be about India, but it h asn't been a main d river of their forcestructure.I thin k the concern is that there are t ension s that we see f rom time totime bet ween China and India, and fanned by nationalist s on both sides, thatmake the possib i lit y of a conflict there seem a lot higher than it once was, and Ithink the other con cern is if you thin k about it as a proliferation chain , Pakist an isengaged in a p retty serious effort to build up its nuclear capabilit ies.India thin ks about t hat wit h resp ect to Pakistan . India is connected toChina. China is con nected to u s, and h ow those d ynamics might work, right n owIndia h as not responded to the Pakist an build -up with an equivalent one of it sown, but if it were to do so, then that might make i t more of a fact or in theChinese calculu s, an d so there might be more of a connection there.CHAIRMAN SHEA: Thank you .HEARING CO -CHAIR FIED LER: Than k you very mu ch, gentlemen. Th at'sour final p anel for t oday. I want to thank you for your test imony. I want to thankthe staff of the Hylt on Performing Arts Center for all the good work they've d oneto make this possible, and I'd like to thank especially General Cart wright andCongressman Wolf f or attendin g today, as well as the staff of the Commission t hatput this hearing together.Thank you very mu ch. We're adjourned .[Whereupon, at 3:15 p.m., the hearin g was adjourned .]166

167ADDITIONAL MATERIAL SUBMITTED FOR THE RECORDPREPARED STATEMENT OF MARK STOKESEXECUTIVE DIRECTOR, PROJECT 2049 INSTITUTEPrepared Statement ofMark A. Stokes *Executive DirectorProject 2049 InstituteBeforeThe U.S.-China Economic and Security Review CommissionHearing on Developments in China’s Cyber and Nuclear CapabilitiesMonday, March 26, 2012* Written testimony only.

163Hylton Performing Arts CenterGeorge Mason University Prince William Campus10960 George Mason Circle, Manassas, VA 20109China’s Nuclear Warhead Inventory:Alternative Approaches for Research and AnalysisAs the United States and Russia continue a concerted effort to reduce the role and importance ofnuclear weapons, the People’s Republic of China (PRC) remains the only original nuclear weapon statethat is increasing its arsenal. While estimates vary, the Chinese People’s Liberation Army (PLA) maybe expected to double the number of warheads available for deployment on missiles that could target theUnited States by the mid-2020s. China’s declared policy is maintenance of a minimal deterrent and ano-first-use pledge. Ambiguity surrounds how PLA planners define minimum deterrence, and thecurrent and future scope of its nuclear warhead inventory. A general consensus holds that China isincreasing its arsenal, including development and deployment of new nuclear-capable delivery vehicles.Yet questions remain as to the extent and intent of China’s nuclear force modernization.In 2006 testimony before the Senate Armed Services Committee, the Director, DefenseIntelligence Agency (DIA) assessed that “the number of deployed Chinese nuclear-armed theater andstrategic systems will increase in the next several years” and that China currently has more than 100nuclear warheads. DIA assessed that China likely has fewer than 50 intercontinental ballistic missiles(ICBMs) that could strike the U.S., but that figure could double by 2025. Based on fissile material anddelivery vehicle estimates, the Federation of American Scientists (FAS) assesses that China has around240 nuclear warheads for delivery on approximately 180 missiles and aircraft. FAS also estimates thatas many as 140 of the operational missiles are land-based and that 50 of those can reach the continentalUnited States. The estimate of 240 warheads also includes devices supporting the PLA’s future ballisticmissile submarine force, weapons for bombers, and some for spares.While these estimates appear reasonable, the potential for a margin of error exists, particularlywith regard to future inventory. How many nuclear weapons does China have? How many warheadsdoes China need? If we do not know with a high degree of confidence, what metrics or counting rulescould produce the most accurate estimate? An assessment of China's nuke inventory could include fourdifferent approaches: 1) strategic requirements; 2) delivery vehicles; 3) production capacity; and 4)storage and handling capacity.Strategic RequirementsIf one placed him or herself in the position of a nuclear force strategic planner, how would onedevelop requirements? Which specific organization is responsible for developing nuclear weaponsrequirements? To begin, an initial assumption should be established regarding whether or not a singlestaff organization develops requirements. While not confirmed, the Second Artillery may serve as thecentral authority for planning, programming, budgeting, storage, and handling of all nuclear weapons,including those that could be delivered from Air Force aircraft and Navy nuclear submarines. Apreliminary review of PLA General Staff Department (GSD) organization does not reveal a nuclear-

elated bureau. Drivers and methodology that Second Artillery force planners adopt in developingstrategic and technical requirements remain unknown.More specifically, a tentative judgment is that the Second Artillery Equipment Department isresponsible for nuclear force structure planning, with the Central Military Commission (CMC) andCentral Committee Political Bureau (Politburo) having approval authority. Nuclear warhead inventoryrequirements may be developed by the Equipment Department’s General Planning Department, with theacquisition carried out by the Special Equipment Management Department. The Second ArtilleryEquipment Research Academy may play a contributing role. The Second Artillery HeadquartersDepartment Nuclear Security Bureau likely coordinates with nuclear regulatory agencies within China.The Second Artillery Equipment Department presumably oversees research and development (R&D),manufacturing, and follow-on support contracts with the China Academy of Engineering Physics(CAEP). The Second Artillery presumably ensures sufficient fissile material exists to satisfy warheadrequirements. Acquisition officers within the Second Artillery likely work closely with the GeneralArmaments Department (GAD) Services Department. Within this department, the Second Artillery andNuclear Bureau may function as an acquisition policy coordinating body.164Planners may determine how much of a nation’s population should be placed at risk in order todeter an opposing leadership from taking action viewed as contrary to Beijing’s interests. For example,the Second Artillery may believe that holding at risk 5-10% of the population of other nuclear powers inurban areas, such as Los Angeles, New York, Chicago, and Houston, is sufficient to undercut thedeterrent or coercive value of that country’s nuclear force. Estimates may be made regarding attrition,or numbers of payloads expected to reach their targets due to losses on the ground or inception in flight.Planning for use of nuclear weapons to support warfighting could increase requirements significantly.However, increasingly accurate and lethal conventional payloads able to achieve the desired effects maydampen incentives for fielding a large arsenal of tactical nuclear weapons.Delivery VehiclesThe size of China’s current and future nuclear warhead inventory likely would be relatedavailable means of delivery. Major agreements to limit or reduce offensive nuclear arms that werenegotiated by the two superpowers during and immediately after the Cold War focused on deliveryvehicles and launchers. Warhead estimates appeared to be based on “counting rules” that creditnumbers of deployed warheads to a particular delivery vehicle. In its most recent report to Congress onPRC military power, the U.S. Department of Defense (DoD) appears to assume one nuclear-capableballistic missile per launcher. The DoD report assesses the PLA has 50-75 intercontinental ballisticmissiles (ICBMs), with ranges between 5,400 and 13,000 kilometers (kms), and equal number oflaunchers in its inventory; between 5 and 20 intermediate range ballistic missiles (IRBMs) with rangesbetween 3000-5400 kms on an equal number of launchers; and 75-100 medium range ballistic missiles(MRBMs) – presumably DF-21 variants -- with ranges above 1750 kms on an equal number oflaunchers. In all, between 130 and 195 ballistic missiles are assessed to be capable of delivering nuclearwarheads.

164Preliminary analysis indicates that China’s holds at least 207 warheads in its inventory, assumingone missile per launcher and one launcher per company. The principle discrepancy in DoD reportingcould be DF-21 numbers, but this is unclear. Regardless, based on structure and certain assumptionsregarding table of organization and equipment alone, China’s nuclear warhead inventory could bejudged as no less than 200. This figure is based on a notional assessment of Second Artillery order ofbattle, including at least two DF-5 ICBM brigades capable of reaching targets in continental U.S.; one ortwo DF-4 IRBM brigades; at least three DF-31 brigades (at least one DF-31A, at least one DF-31, andone unknown DF-31 variant); 10 DF-21 MRBM/IRBM brigades; and one DF-3 brigade. This minimalfigure does not include potential tactical warheads allocated to the six short range ballistic missile(SRBM) brigades under 52 Base, the corps-level Second Artillery organization opposite Taiwan, or atleast two land attack cruise missile (LACM) brigades. The 200-warhead figure also does not includewarheads developed for China’s nuclear submarines to be equipped with the JL-2 missile; or possibleair-delivered nuclear munitions.In developing a minimal figure, the premise is that the Second Artillery basic missile launch unitis the brigade, with each brigade having six launch battalions with two companies each (e.g., a “6/2”structure). Each company likely has a launch platform (either silo or mobile launcher) and associatedsupport vehicles in its table of organization and equipment, and stores the equipment in battaliongarrison facilities. Therefore, each brigade’s table of organization and equipment s assigned at least 12launch platforms. Other battalions within a brigade are responsible for missile diagnostics, check out,warhead mating, and other functions, usually in an underground facility (referred to as a “central depot”)operated by the brigade’s site management battalion. As many as six subordinate companies under asite management battalion oversee missile-related preparation, pre-surveyed launch sites, storage, andother facilities. Among site management battalion responsibilities include underground facilitymanagement such as power and electricity, water, air conditioning, and ventilation. A service battalionis responsible for security and concealment, camouflage, and deception.

165A complicating factor in assessing warhead numbers is that the Second Artillery EquipmentDepartment does not appear to assign nuclear warheads, and perhaps even missiles, to a missilebrigade’s permanent table of organization and equipment. A central warhead base (known as “22 Base”in Taibai County, Shaanxi Province) and storage regiments under each of the six missile bases (referredto as “Equipment Inspection” regiments) likely maintain custody of warheads, and possibly missiles,during peacetime. Warheads and missiles may be dispatched to site management battalions that aresubordinate to missile brigades for assembly in underground facilities for training and during periods ofelevated readiness. As a result, the system is heavily dependent upon transportation regiments, reportingdirectly to missile base headquarters. This hypothesis regarding the relationship between brigades andregiments requires more research. Under this system, the PLA could have few or no “operationallydeployed strategic nuclear weapons,” which are defined as warheads that are loaded on delivery vehiclesand ready for launch.Production CapacityThe infrastructure supporting nuclear weapon R&D and production also likely shapes inventorysize. Assessments of China’s nuclear warhead inventory often are based upon estimates of plutoniumproduction and reserves. In 2009 testimony, DIA assessed that “China likely has produced enoughweapon-grade fissile material to meet its needs for the immediate future.” The International Panel onFissile Materials estimates that China’s two production facilities at Jiuquan and Guangyuan haveproduced about 20 tons of highly enriched uranium and two tons of weapon-grade plutonium.Assessments of current and future warhead inventory are founded upon estimated amount of plutoniumor highly enriched uranium (HEU) needed for a warhead. Assessments of China’s fissile materialstockpile appear credible. However, research to date should be augmented by a more detailedunderstanding of China’s nuclear weapon R&D and production infrastructure, specifically CAEP. Alsouseful would be details regarding storage and handling of weapon-grade fissile material. For example,which specific organization – PLA or civilian – is responsible for storage and handling of military-usefissile material?Storage and HandlingChina's capacity for warhead storage and handling also may shape the size of the country’snuclear weapon stockpile. With stockpile security appearing to be of equal or greater importance tooperational efficiency and effectiveness, China’s warhead storage and handling system is centralized.However, it appears designed to survive a first strike and retain sufficient operational capability forretaliation. Expansion of underground facilities directly supporting handling and storage of nuclearweapons, components, and fissile material could indicate an increase in warhead inventory. Whileunderground facilities could be an indicator, greater precision is warranted. Reliable sources report thatthe Second Artillery centrally stores most of the country’s nuclear warheads in Taibai County, deep inthe Qinling Mountains of Shaanxi Province. Base 22 was established under the PLA’s Commission ofScience, Technology, and Industry for National Defense (COSTIND) in the mid-1960s adjacent to theoriginal manufacturing base in Qinghai Province. Within a few years, the base was relocated to TaibaiCounty in the Qinling Mountains west of Xian and eventually subordinated to the Second Artillery in1979.

165Working closely with the central storage complex in Taibai, each missile base manages a smallernuclear warhead and missile storage depot. According to an internal Second Artillery account, the depotunder each of the six corps-level missile bases store a minimal number of nuclear warheads at any onetime. Depots under each of the Second Artillery’s six missile bases are referred to as EquipmentInspection regiments. Each regiment oversees at least three battalion-level facilities (literally“equipment inspection sites”) with each having as many as seven subordinate facilities (e.g., 21 possiblestorage sites per base). Missiles appear to be stored separately from warheads.ConclusionIn summary, uncertainty surrounds China’s current and future inventory of nuclear warheads. Whileexisting estimates appear reasonable, the potential for a margin of error exists. At least one approach tovalidating existing estimates is to examine perceived strategic requirements; operational infrastructure,and current/future nuclear-capable delivery vehicle inventory; industrial R&D and manufacturinginfrastructure; and warhead and fissile material storage and handling capacity. Planning assumptionsregarding warheads, delivery vehicles, and launch vehicles/platforms remain unknown. A minimalinventory estimate could assume one warhead per missile, one nuclear-capable missile per launchplatform (mobile launcher or silo), and two launch platforms per company (two companies per battalionand six battalions under each launch brigade). Based on these assumptions, a preliminary minimalestimate of China’s existing inventory is 240 warheads. Additional missiles and warheads available foreach mobile launcher could expand this figure. However, beyond assessments of China’s fissilematerial stockpile, another limiting factor could be China’s stress on security, as exemplified by itscentralized approach to warhead storage and handling, over operational efficiency and effectiveness.