The United States must beef up cyber-security against Chinese hackers targeting a broad range of US interests to raise the cost to China of engaging in such activities, America’s top intelligence official said on Thursday.
The testimony by Director of National Intelligence James Clapper before a congressional committee added to pressure on Beijing over its conduct in cyberspace just weeks before Chinese President Xi Jinping makes a state visit to Washington.
Presenting a dire assessment of global cyber risks, Clapper said China and Russia posed the most advanced cyber threats but that Iran and North Korea could also cause serious disruptions despite having less sophisticated technology.
(Also see: China, US Can Cooperate on Cyber-Security: Chinese Official)
“Chinese cyber espionage continues to target a broad spectrum of US interests, ranging from national security information to sensitive economic data and US intellectual property,” he told the House of Representatives intelligence committee.
The Obama administration is considering targeted sanctions against Chinese individuals and companies for cyber-attacks against US commercial targets, several US officials have said.
Chinese hackers have also been implicated in the massive hacking of the US government’s personnel office disclosed this year. Two breaches of security clearance applications exposed the personal data of more than 20 million federal employees.
Clapper did not explicitly blame China for hacking the Office of Personnel Management, but he said the breach could compromise the cover of US spies abroad, though he said there had not yet been any signs of “nefarious” use of the data.
“It’s a significant counter-intelligence threat,” FBI director James Comey testified at the same hearing.
China has denied any involvement in hacking US government and corporate databases and insists that it too has been a victim of cyber-attacks.
After the OPM hack, there have been increasing calls on Capitol Hill and on the Republican presidential campaign trail for President Barack Obama to take a tougher line against China on cyber issues. Obama is due to meet Xi in late September.
Clapper called for tighter US cyber-security measures and
said improved US cyber-security would complicate Chinese cyber espionage “by addressing the less sophisticated threats and raising the cost and risk if China persists.”
Clapper said the risk of a “catastrophic attack” was remote now, but he added: “we foresee an ongoing series of low-to-moderate-level cyber-attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.”
Clapper warned that while most major cyber-attacks today involve theft of data, in the future hackers could change or manipulate information in databases to compromise their integrity.
Admiral Mike Rogers, director of the National Security Agency, told the committee that since a high-profile hack last year of Sony Pictures, which US officials said was carried out by North Korea’s response to a film lampooning its leader Kim Jong Un, no evidence had surfaced of further North Korean cyber-attacks on US companies.
But he said there had been North Korean cyber-attacks on other countries, though he did not name them.