Finding a Cure for China’s Technology Theft

by Stephen Bryen with Rebecca Abrahams

The news is out –semi-officially– thanks to a report by the Defense Science Board. The Board, which was established in 1956, is made up of civilians who advise the Pentagon on a variety of technology-related subjects. It has released a report, Resilient Military Systems and the Advanced Cyber Threat, which makes it clear that the Pentagon’s cyber “hygiene” is weak and U.S. defense technology has been effectively targeted by foreign governments. The result is that most advanced U.S. weapons systems, from the F-35 stealth fighter to the most advanced underwater torpedoes, and everything in-between, has been stolen. While the word “China” is not mentioned, everyone knows that it is China that is systematically purloining our technology.

PLA Insignia

Department of Defense

The fact is, we can say we have two defense budgets –one for us and one for them. Indeed, as things stand today, the technology pipeline to China is wide open, and we are losing billions and billions of dollars of investment and seriously compromising our security.

While the Report of the DSB is serious and important, unfortunately it is not “news.” The fact of the matter is that China’s rip off of America’s defense technology assets has been going on for a number of years. There are numerous public reports about it, and the intelligence community has been watching this happen for an even longer period.

It is fair to ask a straightforward question. Why have we let this go on?

We believe the answer is that we have approached the problem with a fundamentally flawed concept on how to stop Chinese cyber theft.

The Pentagon’s idea, which is more or less shared across the government, is that the answer is to build better cyber defenses. While cyber defenses are certainly important, so far implementation of effective cyber defenses remains incomplete and, to some degree, elusive. Technology is moving so fast, and hacking has become so extreme, that keeping up is nearly impossible. The DSB is pushing for more and better cyber defense measures, but the jury remains out whether this tactic can succeed.

Defense technology is shared between government organizations and the military on one side, and industry on the other. Millions upon millions of pages of documentation are associated with every defense program, and much of this documentation is not classified.

The reason for this is operational. It is probably impossible to classify all defense department documents since doing so would limit the number of engineers and technicians who can work on defense programs, make sharing with allies and friends extremely difficult, and create a massive supervisory burden that today’s system cannot manage.

If information is not classified, typically it is stored on computers that also are not classified. What does this mean? It means that the information is not encrypted or scrambled. In turn that means that if the information is stolen, it is readily accessible by the thieves.

What has to change is the ground rule on encrypting sensitive, but not classified information.

Most government information is poorly protected because it is not encrypted –information such as tax forms, social security data, health and human services documents to name a few. The bulk of defense system information is not encrypted.

The classical division between classified information and unclassified information is no longer functional. We need to implement encryption, not classification, for all government materials that are not accessed by the public, and particularly for defense information. Defense contractors should be directed to do the same.

Good encryption will block the Chinese from using stolen information. While it won’t prevent cyber attacks (we still need good cyber defense for that), it will blow up China’s effort to use our defense systems against us.

Tagged , , , , , , , ,

2 thoughts on “Finding a Cure for China’s Technology Theft

  1. barbarinej says:

    I have a question unrelated to China.

    Are there reports of rogue hackers organized by rogue elements within foreign governments targeting U.S left-leaning journalists, supposed dissidents, or others, with or without the tacit compliance of US or foreign intelligence agencies? What seemed impossible a few years ago–in terms of hacking of personal electronic media–is today a commonplace…Where does an individual go to attempt to redress vicious hacking of personal media? In France, government has set up an oversight branch to handle such complaints. When is the United States going to try to protect its population against vicious, organized hackers?

  2. jaylj says:

    What you’ve written about here reminds me of a conversation I had with a professional computer “geek” back in the 90’s – he told me that even the computer experts didn’t know everything there was to know about a computer – I would say this holds true to this day. Essentially every country’s security program appears comparable to children in fighter planes with inadequate training: Scary and ridiculous.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: