The Chinese military conducted an exercise in October involving “joint information offensive and defensive operations” and another in 2010 featuring attacks on communications command-and-control systems, according to the commission, which was set up by Congress.
Such exercises, combined with evidence that China is streamlining its forces to integrate cyber and electronic warfare and is financing research in the two areas, show that “Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict,” the report asserted.
Although the report provides no evidence that China can launch destructive attacks on U.S. targets, it serves as yet another warning to policymakers and the public that the United States has adversaries intent on catching up to, or surpassing, it in cyber capabilities. The report comes as Congress considers major cybersecurity legislation.
“The United States suffers from continual cyber operations sanctioned or tolerated by the Chinese government,” Dennis Shea, the commission chairman, said in a news release.
“Our nation’s national and economic security are threatened, and as the Chinese government funds research to improve its advanced cyber capabilities these threats will continue to grow,” he added.
The exercises are an indication that the Chinese “are beginning to practice a capability that some senior U.S. officials say makes them near-peers,” said James A. Lewis, a cyber-policy expert with the Center for Strategic and International Studies.
What that suggests, he said, is that because the United States’ war-fighting capability depends heavily on information technology, “if we get into any kind of a conflict with the PLA, cyber will be their opening move.”
The report was researched in the United States and drew largely on published materials.
American officials have stated that the Chinese have penetrated the U.S. electric grid and that they have gained access to U.S. government and corporate networks.
Leveraging such access, “the PLA may target a combination of networks” in the Pacific Command area, including those focused on logistics and, potentially, transportation, the report asserted.
The report states that the United States lacks a policy to determine appropriate responses to a large-scale cyberattack on U.S. military or civilian networks in the event that the attacker’s identity cannot be conclusively determined.
“Beijing, understanding this, may seek to exploit this gray area in U.S. policymaking and legal frameworks to create delays in U.S. command decision-making,” the report said.