Congress Bans Scientific Collaboration with China, Cites High Espionage Risks
May. 7 2011 – 4:06 pm
Poster advertising lecture by co-founder of Javaphile, a hacking group based in China that has linked with multiple targeted attacks on U.S. websites, in 2007.
A two-sentence clause included in the U.S. spending bill approved by Congress a few weeks ago threatens to reverse more than three decades of constructive U.S. engagement with the People’s Republic of China.
The clause prohibits the White House Office of Science and Technology Policy (OSTP) and the National Aeronautics and Space Administration (NASA) from coordinating any joint scientific activity with China.
Representative Frank Wolf (R-VA), a long-time critic of the Chinese government who chairs a House spending committee that oversees several science agencies, inserted the language into the spending legislation to prevent NASA or OSTP from using federal funds “to develop, design, plan, promulgate, implement or execute a bilateral policy, program, order, or contract of any kind to participate, collaborate, or coordinate bilaterally in any way with China or any Chinese-owned company.”
By prohibiting the OSTP from working with China, Wolf claims the ban will bear on “the entire bilateral relationship on science and technology.”
“It’s the whole ball of wax,” said Wolf in an interview with Science Insider.
Although the ban will expire at the end of the current fiscal year in October, Wolf will seek to make the prohibition on any scientific collaboration between U.S. research agencies and China permanent.
“We don’t want to give them the opportunity to take advantage of our technology, and we have nothing to gain from dealing with them,” said Wolf. “China is spying against us, and every U.S. government agency has been hit by cyber-attacks. They are stealing technology from every major U.S. company. They have taken technology from NASA, and they have hit the NSF computers . . . . You name the company, and the Chinese are trying to get its secrets.”
Meanwhile, the Obama Administration has taken the position that the ban does not apply to any U.S. scientific interactions with China conducted as part of foreign policy. This interpretation will likely allow the President to continue current activities until the spending bill expires in October.
Wolf’s intense concern about the possible theft of intellectual property and sensitive military technologies resulting from joint U.S.-China research activities explain why the spending bill also prohibits NASA facilities from hosting “official Chinese visitors.” While this draconian prohibition may strike some as borderline paranoid, a growing body of evidence suggests that the risks of espionage are considerably higher than most people would suspect.
Wolf has learned this lesson the hard way.
In 2006, Wolf’s office was targeted in a cyber-attack, which the Federal Bureau of Investigation traced to sources operating in the People’s Republic of China. Speaking from the floor of the U.S. House of Representatives in June 2008, Wolf said:
In August 2006, four of the computers in my personal office were compromised by an outside source. This source first hacked into the computer of my foreign policy and human rights staff person, then the computers of my chief of staff, my legislative director, and my judiciary staff person. On these computers was information about all of the casework I have done on behalf of political dissidents and human rights activists around the world.
The history of China’s dabbling in cyber espionage is long. In a study for the U.S.-China Economic and Security Review Commission, Northrup Grumman created a chronology of alleged Chinese cyber-espionage incidents targeting the U.S. and foreign governments. Here is a sample of the chronology:
November 2004: US media reports that Chinese hackers attacked multiple unclassified US military systems at the U.S. Army Information Systems Engineering Command at Fort Huachuca, Arizona, the Defense Information Systems Agency in Arlington, Virginia, the Naval Ocean Systems Center in San Diego, California and the United States Army Space and Strategic Defense installation in Huntsville, Alabama.117
August 2005: Media reporting first covers the story of a Chinese computer network exploitation operation codenamed “Titan Rain,” alleging the intrusions into DoD systems date back to 2003.
July 2006: US media reports that intruders penetrate the US Department of State (DoS) networks, stealing sensitive information and user login credentials, and install backdoors on numerous computers, allowing them to return to the systems at will. DoS systems administrators are forced to limit Internet access until the investigation is completed.
August 2006: Pentagon officials state hostile civilian cyber units operating inside China have launched attacks against the NIPRNET and have downloaded up to 20 terabytes of data.
November 2006: Chinese hackers attack the US Naval War College computer infrastructure, possibly targeting war game information on the networks. The College’s Web and emails systems are down for at least two weeks while the investigation takes place.
June 2007: Media reports indicate approximately 1,500 computers are taken offline following a penetration into the email system of the Office of the Secretary of Defense (OSD).
October 2007: US media reports that China is suspected as the source of at least seven versions of socially engineered email targeting 1,100 employees at the Oak Ridge National Lab in Oak Ridge, Tennessee. Eleven staff possibly opened the malicious attachment, allowing the attackers to gain access to, and potentially steal, sensitive data, including a database at the nuclear weapons laboratory housing personnel records going back to 1990.
May 2008: U.S. authorities investigate claims that Chinese officials surreptitiously copied the contents of a US government laptop during then- Commerce Secretary Carlos Gutierrez’ visit to China.
November 2008: Media sources report that Chinese hackers penetrate the White House information system on numerous occasions, penetrating for brief periods before systems are patched.
November 2008: Business Week magazine publishes a report on significant cyber intrusions dating back several years at some of NASA’s most critical sites including the Kennedy Space Center and Goddard Space Flight Center. The operations to prevent the attacks from China are codenamed, “Avocado.” Attacks included socially engineered emails launched at top officials. Among the data stolen are operational details of the Space Shuttle including performance and engine data.