Claiming that China is the origin of malicious cyber activities targeting the US, a noted American security expert on Thursay said the government should vigorously monitor and defend its computer and critical infrastructure networks.
"China is the origin of extensive and malicious cyber activities that target the US," Larry Wortzel, Vice Chairman of the US-China Economic and Security Review Commission, said at a Congressional hearing.
The commission, in a contracted report, provided a case study of a penetration into the computer systems of an American high-technology company.
"The study detailed the way the data was acquired and transferred to an Internet protocol address in China and what institutional and individual actors in China may have been involved," Wortzel said.
Testifying before the House Foreign Affairs Committee, he claimed there are three types of "malicious" Chinese computer network operations: those that strengthen political control in China; those that gather economic, military or technology intelligence and information; and those that reconnoiter, map and gather targeting information on US military, government or civil infrastructure networks for later exploitation.
The organisations in China most likely to have gathered the information or attempted to gather information about rights activists during the Google penetrations are those responsible for internal security, repression of the Chinese population and control over the distribution of information, he alleged.
These are the ministry of state security, the public security bureau and subsidiaries of the Chinese Communist Party, such as the party's central propaganda department," Wortzel said.
The second type of malicious activity is intended to gather information of military, technical, scientific or economic value, he said.
"Gathering this type of information may speed the development and fielding of weapons, improve technology in sectors of China's industries, while saving time and money in research and development and compromises valuable intellectual property.
"The organisation of the Chinese government with the mission and capability that conducts such activities span military and civilian agencies as well as the state-owned companies in China's military industrial complex," he said.
In the third type of cyber activity, China's intelligence or military scientists penetrate computers that control vital infrastructure or military computer networks of the US, Wortzel said.
"We can order them electronically and map or target nodes in the systems for future penetration or attack. Malicious code is often left behind to facilitate future entry," he said. "I believe the government should vigorously monitor and defend our government computer and critical infrastructure networks. Congress also should put in place legislation that facilitates similar programmes for industry," he said.
"Our government should work closely with allies and friends to combat militia cyber activity."
