Chinese hackers have infiltrated systems of U.S. Transportation Command contractors at least 20 times in a single year, warned the Senate Armed Services Committee.
Chinese government hackers have infiltrated computer systems of U.S. Transportation Command contractors at least 20 times in a single year, warned the Senate Armed Services Committee in an unclassified investigative report released this week.
The year-long investigation found that TRANSCOM, which is responsible for global movement of U.S. troops and equipment through commercial contract passenger and cargo carriers, was only aware of two of those intrusions. It also found gaps in reporting requirements and a lack of information sharing among government entities, which left the command largely unaware of computer compromises by China of contractors that are key to the mobilization and deployment of military forces.
“These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin, D-Mich., the committee’s chairman, in a statement. “Our findings are a warning that we must do much more to protect strategically significant systems from attack, and to share information about intrusions when they do occur.”
Sen. Jim Inhofe, R-Okla., the committee’s ranking member, added, “It is essential that we put into place a central clearinghouse that makes it easy for critical contractors, particular those that are small businesses, to report suspicious cyber activity without adding a burden to their mission support operations.”
The Senate committee investigation focused on the U.S. military’s use of civilian air, shipping and other transportation to deploy U.S. forces in times of crisis. Through programs such as the Civil Reserve Air Fleet, commercial transportation companies become crucial to TRANSCOM’s plans for moving troops and equipment around the world.
In specific, the committee found during a 12-month period starting June 1, 2012, there were about 50 intrusions into the computer networks of TRANSCOM contractors. At least 20 of those were successful intrusions attributed to an “advanced persistent threat,” a term used to designate sophisticated threats commonly related to governments, but TRANSCOM was only made aware of two by the contractors at the time that they occurred. All 20 intrusions were attributed to China, the committee said.
The investigation’s finding included:
- A Chinese military intrusion into a TRANSCOM contractor between 2008 and 2010 that compromised emails, documents, user passwords and computer code
- A 2010 intrusion by the Chinese military into the network of a CRAF contractor in which documents, flight details, credentials and passwords for encrypted email were stolen
- A 2012 Chinese military intrusion into multiple systems onboard a commercial ship contracted by TRANSCOM
No carriers were named in the public report.
In response to the investigation’s findings, the Senate committee included a provision in its version of the fiscal year 2015 National Defense Authorization Act to address reporting gaps and improve the way in which the Defense Department disseminates information about cyber intrusions into computer networks of contractors.
Specifically, the provision directs Defense to establish procedures for designating companies as ‘‘operationally critical contractors’’ and tightening requirements that those contractors report successful cyber penetrations by known or suspected governments. It also requires Defense to set up procedures to assist contractors in detecting and mitigating cyber threats while ensuring protections for trade secrets, commercial or financial information.
The Senate committee’s public version of the investigative report is called “Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors.”