2011 report to congress - U.S.-China Economic and Security Review ...

More documents

Recommendations

Info

174Malicious Cyber Activities onU.S. Department of Defense Networks—ContinuedFigure 2: Department of Defense Reported Incidents of Malicious CyberActivity, 2001–2010, with Projection for 2011* The figure for 2011 represents a projection based on incidents logged from January 1,2011, to June 30, 2011. The projection assumes a constant rate of malicious activitythroughout the year.Sources: U.S.-China Economic and Security Review Commission, Hearing on China’s ProliferationPractices, and the Development of its Cyber and Space Warfare Capabilities, testimonyof Gary McAlum, May 20, 2008; Name withheld (staff member, U.S. Strategic Command),telephone interview with Commission staff, August 28, 2009; Name withheld (staffmember, U.S. Cyber Command), e-mail interview with Commission staff, August 17, 2010;Name withheld (staff member, U.S. Cyber Command), e-mail interview with Commissionstaff, September 6, 2011.Computer network exploitationIn 2011, U.S. and foreign government organizations, defense contractors,commercial entities, and various nongovernmental organizationsexperienced a substantial volume of network intrusions andattempts with various ties to China. In March, security firm RSAannounced that hackers had breached their networks and compromisedelements of one of the firm’s security products.* Althoughthe company did not name China specifically, subsequent researchdemonstrated that components of the attack utilized a tool called‘‘HTran,’’ developed by a well-known member of the hacking group‘‘Honker Union of China.’’ † An error in the tool’s configuration revealedthat the attackers attempted to obscure their location byrouting command instructions from mainland China through serv-dkrause on DSKHT7XVN1PROD with $$_JOB* The affected product was ‘‘SecurID,’’ a two-factor authentication system where a tokengenerates a unique number that users must provide in order to log into a protected account.Art Coviello, ‘‘Open Letter to RSA Customers’’ (Bedford, MA: RSA, March 17, 2011). http://www.rsa.com/node.aspx?id=3872.† Joe Stewart, ‘‘HTran and the Advanced Persistent Threat’’ (Atlanta, GA: Dell SecureWorks,August 3, 2011). http://www.secureworks.com/research/threats/htran/. The tool’s developer, LinYong, who also goes by the name ‘‘Lion,’’ recently announced plans to reconstitute the HackerUnion of China after several years of inactivity. See Owen Fletcher, ‘‘Patriotic Chinese HackingGroup Reboots,’’ Wall Street Journal China Real Time Report, October 5, 2011. http://blogs.wsj.com/chinarealtime/2011/10/05/patriotic-chinese-hacking-group-reboots/.VerDate Nov 24 2008 13:46 Nov 10, 2011 Jkt 067464 PO 00000 Frm 00186 Fmt 6601 Sfmt 6601 G:\GSDD\USCC\2011\067464.XXX 067464Ch2Fig2.eps
dkrause on DSKHT7XVN1PROD with $$_JOB175ers in Japan, Taiwan, Europe, and the United States.‡ The perpetratorsthen used information about the compromised RSA securityproduct in order to target a number of the firm’s customers,including at least three prominent entities within the U.S. defenseindustrial base. Those intrusions and intrusion attempts, accordingto some reports, also originated in China and appeared to be statesponsored. 132Many intrusions linked to China involve numerous victims,sometimes spanning sectors and national borders. 133 When researchersidentify and gain access to elements the systems used toeffectuate the intrusion, such as servers that maintain contact withcompromised systems, it becomes possible to identify related victims.The breadth of victims itself can suggest state involvement ifthe diversity in targets exceeds any conceivable scope of interest toa lone, subnational actor (or even a coalition of subnational actors).*Although links to China are speculative and come from secondaryreporting, a case study by McAfee, called Operation ShadyRAT [remote access tool], illustrates this principle.† The 2011study catalogues a series of penetrations affecting over 70 victimorganizations that span numerous sectors, including federal, state,local, and foreign governments; energy and heavy industry; electronicsand satellite communications; defense contractors; financialindustry; and international sports institutions, think tanks, andnonprofits. 134 In discussing the possible actors behind the penetrations,the report states:The [perpetrators’] interest in the information held at theAsian and Western national Olympic Committees, as wellas the International Olympic Committee (IOC) and theWorld Anti-Doping Agency in the lead-up and immediatefollow-up to the 2008 Olympics was particularly intriguingand potentially pointed a finger at a state actor behind theintrusions, because there is likely no commercial benefit tobe earned from such hacks. The presence of political nonprofits,such as a private western organization focused onpromotion of democracy around the globe or a US nationalsecurity think tank is also quite illuminating. Hacking theUnited Nations or the Association of Southeast Asian Na-‡ The tool is probably available from Chinese websites and chat rooms. Whether the serversin mainland China were the true origin of the command traffic can only be verified with cooperationfrom China Unicom, a Chinese state-owned firm and the relevant network operator.Joe Stewart, ‘‘HTran and the Advanced Persistent Threat’’ (Atlanta, GA: Dell SecureWorks, August3, 2011). http://www.secureworks.com/research/threats/htran/; and Gregg Keizer, ‘‘Researcherfollows RSA hacking trail to China,’’ Computerworld, August 4, 2011. http://www.computerworld.com/s/article/9218857/ResearcherlfollowslRSAlhackingltrailltolChina.* This applies for penetrations that seek to maintain surveillance capabilities or extract informationwithout inherent monetary value. Considerations of target scope do not apply for penetrationstargeting personally identifiable or sensitive financial information, along with penetrationsthat seek to compromise systems for the purposes of creating a botnet.† For the original report, see Dmitri Alperovitch, Revealed: Operation Shady RAT (SantaClara, CA: McAfee: August 2011). http://www.mcafee.com/us/resources/white-papers/wp-operationshady-rat.pdf.The report itself does not mention China. For suggestions that China may bebehind the intrusions, see Ellen Nakashima, ‘‘Report on ‘Operation Shady RAT’ identifieswidespread cyber-spying,’’ Washington Post, August 3, 2011. http://www.washingtonpost.com/national/national-security/report-identifies-widespread-cyber-spying/2011/07/29/gIQAoTUmqIlstory.html; and Mathew J. Schwartz and J. Nicolas Hoover, ‘‘China Suspected of Shady RAT Attacks,’’InformationWeek, August 3, 2011. http://www.informationweek.com/news/security/attacks/231300165.VerDate Nov 24 2008 13:46 Nov 10, 2011 Jkt 067464 PO 00000 Frm 00187 Fmt 6601 Sfmt 6601 G:\GSDD\USCC\2011\067464.XXX 067464
Page 1 and 2:
12011REPORT TO CONGRESSof theU.S.-C
Page 3 and 4:
U.S.-CHINA ECONOMIC AND SECURITY RE
Page 5 and 6:
dkrause on DSKHT7XVN1PROD with $$_J
Page 7 and 8:
CONTENTSPageTRANSMITTAL LETTER TO T
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
23Figure 1:China’s Share of the U
Page 33 and 34:
25The weakness in U.S. exports of a
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
31Table 3:RMB Bond Issuances by Mul
Page 41 and 42:
Page 43 and 44:
35of bilateral negotiations under t
Page 45 and 46:
37Stonewalling the WTO: A Case Stud
Page 47 and 48:
39that China’s existing system of
Page 49 and 50:
41now. Because the structures of th
Page 51 and 52:
43How Big Is China’s State Sector
Page 53 and 54:
45Fortune Global 500, compared to j
Page 55 and 56:
47panies are less profitable, after
Page 57 and 58:
49erate primarily within state-cont
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
57Figure 1: Chinese FDI Stock in th
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
63U.S. firms with sensitive technol
Page 73 and 74:
65Addendum I: SASAC Companies, Larg
Page 75 and 76:
67Addendum I: SASAC Companies, Larg
Page 77 and 78:
69dkrause on DSKHT7XVN1PROD with $$
Page 79 and 80:
71January 2010, the heads of 19 U.S
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
77cause Beijing had sought to exclu
Page 87 and 88:
Page 89 and 90:
81China in Search of Western Techno
Page 91 and 92:
83scious policy seeking to drive Ch
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
89Like previous plans, the 12th Fiv
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
95Consultative Conference National
Page 105 and 106:
Page 107 and 108:
99panies account[ed] for fully 7 pe
Page 109 and 110:
101Dr. Shih has testified before th
Page 111 and 112:
103ment subsidies, which in turn wi
Page 113 and 114:
105Addendum II: Figures 1-2Figure 1
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
113drivers cited increased fuel pri
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132: 123uating from college and hoping t
Page 133 and 134: dkrause on DSKHT7XVN1PROD with $$_J
Page 139 and 140: 131unfairly or unjustifiably harm U
Page 169 and 170: 161gress, the DoD noted that China
Page 173 and 174: 165eral U.S. military policies, inc
Page 175 and 176: 167Figure 1:Territorial Disputes in
Page 179 and 180: 171provides guidelines for dealing
Page 181: 173network exploitations to facilit
Page 189 and 190: 181ligence, surveillance, and recon
Page 195 and 196: 187Therefore, the PLA maintains the
Page 197 and 198: 189Of import, the PLA’s geographi
Page 205 and 206: 197ther moves toward independence,
Page 207 and 208: 199trates the depth of China’s sp
Page 209 and 210: 201Figure 2:Representation of Beido
Page 213 and 214: 205ganization, modeled on the Europ
Page 215 and 216: 207China’s leadership also places
Page 219 and 220: 211[General Armaments Department] p
Page 221 and 222: 213Table 2: Select Chinese Satellit
Page 223 and 224: 215weapons or coorbital satellite w
Page 225 and 226: 217Malicious Cyber ActivitiesDirect
Page 229 and 230: RECOMMENDATIONSChina’s ‘‘Area
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
239320. Chang Xianqi, Military Astr
Page 249 and 250:
Page 251 and 252:
243woman Jiang Yu simply expressed
Page 253 and 254:
245Table 1:Timeline of Sino-North K
Page 255 and 256:
Page 257 and 258:
249China also provides economic sup
Page 259 and 260:
251economic and social strains woul
Page 261 and 262:
Page 263 and 264:
255Iran’s South Pars Gas Field af
Page 265 and 266:
257When asked by Commissioners abou
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
281trade, and dispute settlement. 2
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
287of Request to the United States
Page 297 and 298:
289fense, since its current fleet o
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
3190aRCRD&ss=Hong+Kong&s=News; Pete
Page 329 and 330:
Page 331 and 332:
323mation Office. Day-to-day superv
Page 333 and 334:
Page 335 and 336:
327Although the slogans change over
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
335What Constitutes a ‘‘Core In
Page 345 and 346:
Page 347 and 348:
339Selected CAIFC/CPD Track Two Exc
Page 349 and 350:
341disseminated through diplomatic
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Page 369 and 370:
Page 371 and 372:
Page 373 and 374:
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
375ecutive Schedule under section 5
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
APPENDIX IIIPUBLIC HEARINGS OF THE
Page 397 and 398:
Page 399 and 400:
APPENDIX IIIALIST OF WITNESSES TEST
Page 401 and 402:
393Alphabetical Listing of Panelist
Page 403 and 404:
Page 405 and 406:
397In TaiwanU.S. Government• Amer
Page 407 and 408:
APPENDIX VLIST OF RESEARCH MATERIAL
Page 409 and 410:
401The National Security Implicatio
Page 411 and 412:
APPENDIX VIACRONYMS AND ABBREVIATIO
Page 413 and 414:
show all

2011 report to congress - U.S.-China Economic and Security Review ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?