Congress Bans Collaboration with China - Cites Espionage Risk

Monday, May 09, 2011



The spending bill passed by Congress several weeks ago contains language that prohibits some government agencies from participating in collaborative projects with China.

Specifically, the law bans the White House Office of Science and Technology Policy (OSTP) and the National Aeronautics and Space Administration (NASA) from undertaking any scientific projects that would entail sharing technical information with Chinese counterparts or with privately owned Chinese companies.

The bill prohibits any engagements “to develop, design, plan, promulgate, implement or execute a bilateral policy, program, order, or contract of any kind to participate, collaborate, or coordinate bilaterally in any way with China or any Chinese-owned company.”

An apparent loophole in the prohibition may allow the Obama administration to continue information sharing for projects deemed to be crucial to White House foreign policy operations.

The law aims to stem the flow of sensitive information and intellectual property from the U.S. to the Chinese government. The prohibition is set to expire at the conclusion of the current fiscal year in October, but the author of the ban, Representative Frank Wolf (R-VA), will press to make the prohibition permanent.

“We don’t want to give them the opportunity to take advantage of our technology, and we have nothing to gain from dealing with them. China is spying against us, and every U.S. government agency has been hit by cyber-attacks. They are stealing technology from every major U.S. company. They have taken technology from NASA, and they have hit the NSF computers . . .  You name the company, and the Chinese are trying to get its secrets," said Wolf.

Defense contractor Nothrup Grumman complied a chronology of Chinese cyber espionage activity for the U.S.-China Economic and Security Review Commission. Some of the events detailed are as follows:

November 2004: US media reports that Chinese hackers attacked multiple unclassified US military systems at the U.S. Army Information Systems Engineering Command at Fort Huachuca, Arizona, the Defense Information Systems Agency in Arlington, Virginia, the Naval Ocean Systems Center in San Diego, California and the United States Army Space and Strategic Defense installation in Huntsville, Alabama.117

August 2005: Media reporting first covers the story of a Chinese computer network exploitation operation codenamed “Titan Rain,” alleging the intrusions into DoD systems date back to 2003.

July 2006: US media reports that intruders penetrate the US Department of State (DoS) networks, stealing sensitive information and user login credentials, and install backdoors on numerous computers, allowing them to return to the systems at will. DoS systems administrators are forced to limit Internet access until the investigation is completed.

August 2006: Pentagon officials state hostile civilian cyber units operating inside China have launched attacks against the NIPRNET and have downloaded up to 20 terabytes of data.

November 2006: Chinese hackers attack the US Naval War College computer infrastructure, possibly targeting war game information on the networks. The College’s Web and emails systems are down for at least two weeks while the investigation takes place.

June 2007: Media reports indicate approximately 1,500 computers are taken offline following a penetration into the email system of the Office of the Secretary of Defense (OSD).

October 2007: US media reports that China is suspected as the source of at least seven versions of socially engineered email targeting 1,100 employees at the Oak Ridge National Lab in Oak Ridge, Tennessee. Eleven staff possibly opened the malicious attachment, allowing the attackers to gain access to, and potentially steal, sensitive data, including a database at the nuclear weapons laboratory housing personnel records going back to 1990.

May 2008: U.S. authorities investigate claims that Chinese officials surreptitiously copied the contents of a US government laptop during then- Commerce Secretary Carlos Gutierrez’ visit to China.

November 2008: Media sources report that Chinese hackers penetrate the White House information system on numerous occasions, penetrating for brief periods before systems are patched.

November 2008: Business Week magazine publishes a report on significant cyber intrusions dating back several years at some of NASA’s most critical sites including the Kennedy Space Center and Goddard Space Flight Center. The operations to prevent the attacks from China are codenamed, “Avocado.” Attacks included socially engineered emails launched at top officials. Among the data stolen are operational details of the Space Shuttle including performance and engine data.


Possibly Related Articles:
Enterprise Security
China Intellectual Property NASA Headlines Espionage Security Congress White House
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.