China Has “Penetrated Every Major Corporation,” Says Intelligence Expert
John Michael McConnell was the director of the NSA under Bill Clinton and later the Director of National Intelligence under George W. Bush, and during a speech in Missouri on Thursday, he said that the Chinese have systematically infiltrated organizations in the US, from the Department of Defense to major corporation US Steel.
“We’ve never, ever not found Chinese malware,”
he said, noting that the malware enables America’s greatest frenemies to extract sensitive information whenever they want.
Magnitude of Chinese Intelligence Spelled Out in Numbers
One of the things that McConnell outlined in his speech which should put any corporate security technician on edge is that by the end of the Bush administration, China had amassed an army of 100,000 network-oriented hackers. By comparison, the total number of US spies is roughly that much, those engaged in computer intelligence being only a fraction of those.
Terrorists a Bigger Problem
China is, however, not McConnell’s greatest concern. His greatest concern is that the malware being developed by China winds up in the hands of terrorist organizations or states with greater potential and motive for harm of American citizens and corporations. While the financial implications of companies being robbed of trade secrets are immediately apparent to any thinking person, it can take as long as two decades for such thefts to have a real impact on US markets. However, if major defense contractors are vulnerable to data theft, then it can greatly aid specifically terroristic actors in the construction of nuclear weapons and the like.
McConnell wrote about the China problem back in 2012 for the Wall Street Journal with Michael Chertoff and William Lynn. Their opinion piece pulled no punches and laid some of the responsibility on the corporations at risk themselves:
Corporate America must do its part, too. If we are to ever understand the extent of cyber espionage, companies must be more open and aggressive about identifying, acknowledging and reporting incidents of cyber theft. Congress is considering legislation to require this, and the idea deserves support. Companies must also invest more in enhancing their employees’ cyber skills; it is shocking how many cyber-security breaches result from simple human error such as coding mistakes or lost discs and laptops.
Since that article’s publication, the Obama administration has expressed specific support for a bill called the Cyber Intelligence Sharing and Protection Act, or CISPA. Numerous corporations have pushed back against CISPA, saying that it violates essential liberties in the United States and is largely a push by certain forces within the government to further centralize authority over online activities. There is a feeling that if CISPA gets through, then other, even more draconian laws will follow.
McConnell’s statements about Chinese hackers are anything but unfounded, even if focusing on China specifically can be perceived as a radical move. The Chinese were implicated in the major data breach at Insurance provider Anthem earlier this year, but other high-profile attacks in recent memory were attributed to other regions. Another fact to note is that the Department of Defense claims to be recently dealing largely with Russian-based hacks and attempted hacks.
Here is a 2009 speech McConnell gave about intelligence innovation: