The United States must beef up cyber security against Chinese hackers targeting a broad range of U.S. interests to raise the cost to China of engaging in such activities, America’s top intelligence official said on Thursday.
The testimony by Director of National Intelligence James Clapper before a congressional committee added to pressure on Beijing over its conduct in cyberspace just weeks before Chinese President Xi Jinping makes a state visit to Washington.
Presenting a dire assessment of global cyber risks, Clapper said China and Russia posed the most advanced cyber threats but that Iran and North Korea could also cause serious disruptions despite having less sophisticated technology.
“Chinese cyber espionage continues to target a broad spectrum of U.S. interests, ranging from national security information to sensitive economic data and U.S. intellectual property,” he told the House of Representatives intelligence committee.
The Obama administration is considering targeted sanctions against Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials have said.
Chinese hackers have also been implicated in the massive hacking of the U.S. government’s personnel office disclosed this year. Two breaches of security clearance applications exposed the personal data of more than 20 million federal employees.
Clapper did not explicitly blame China for hacking the Office of Personnel Management, but he said the breach could compromise the cover of U.S. spies abroad, though he said there had not yet been any signs of “nefarious” use of the data.
“It’s a significant counter-intelligence threat,” FBI director James Comey testified at the same hearing.
China has denied any involvement in hacking U.S. government and corporate databases and insists that it too has been a victim of cyber attacks.
After the OPM hack, there have been increasing calls on Capitol Hill and on the Republican presidential campaign trail for President Barack Obama to take a tougher line against China on cyber issues. Obama is due to meet Xi in late September.
Clapper called for tighter U.S. cyber security measures and said improved U.S. cyber security would complicate Chinese cyber espionage “by addressing the less sophisticated threats and raising the cost and risk if China persists.”
Clapper said the risk of a “catastrophic attack” was remote now, but he added: “we foresee an ongoing series of low-to-moderate-level cyber attacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security.”
Clapper warned that while most major cyber attacks today involve theft of data, in the future hackers could change or manipulate information in databases to compromise their integrity.
Admiral Mike Rogers, director of the National Security Agency, told the committee that since a high-profile hack last year of Sony Pictures, which U.S. officials said was carried out by North Korea’s response to a film lampooning its leader Kim Jong Un, no evidence had surfaced of further North Korean cyber attacks on U.S. companies.
But he said there had been North Korean cyber attacks on other countries, though he did not name them.