[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]


 
                    COMMUNIST CHINESE CYBER-ATTACKS, 
            CYBER-ESPIONAGE AND THEFT OF AMERICAN TECHNOLOGY 

=======================================================================

                                HEARING

                               BEFORE THE

              SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS

                                 OF THE

                      COMMITTEE ON FOREIGN AFFAIRS
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 15, 2011

                               __________

                           Serial No. 112-14

                               __________

        Printed for the use of the Committee on Foreign Affairs


 Available via the World Wide Web: http://www.foreignaffairs.house.gov/

                               ----------
                         U.S. GOVERNMENT PRINTING OFFICE 

65-800 PDF                       WASHINGTON : 2011 

For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
Washington, DC 20402-0001 






















                      COMMITTEE ON FOREIGN AFFAIRS

                 ILEANA ROS-LEHTINEN, Florida, Chairman
CHRISTOPHER H. SMITH, New Jersey     HOWARD L. BERMAN, California
DAN BURTON, Indiana                  GARY L. ACKERMAN, New York
ELTON GALLEGLY, California           ENI F.H. FALEOMAVAEGA, American 
DANA ROHRABACHER, California             Samoa
DONALD A. MANZULLO, Illinois         DONALD M. PAYNE, New Jersey
EDWARD R. ROYCE, California          BRAD SHERMAN, California
STEVE CHABOT, Ohio                   ELIOT L. ENGEL, New York
RON PAUL, Texas                      GREGORY W. MEEKS, New York
MIKE PENCE, Indiana                  RUSS CARNAHAN, Missouri
JOE WILSON, South Carolina           ALBIO SIRES, New Jersey
CONNIE MACK, Florida                 GERALD E. CONNOLLY, Virginia
JEFF FORTENBERRY, Nebraska           THEODORE E. DEUTCH, Florida
MICHAEL T. McCAUL, Texas             DENNIS CARDOZA, California
TED POE, Texas                       BEN CHANDLER, Kentucky
GUS M. BILIRAKIS, Florida            BRIAN HIGGINS, New York
JEAN SCHMIDT, Ohio                   ALLYSON SCHWARTZ, Pennsylvania
BILL JOHNSON, Ohio                   CHRISTOPHER S. MURPHY, Connecticut
DAVID RIVERA, Florida                FREDERICA WILSON, Florida
MIKE KELLY, Pennsylvania             KAREN BASS, California
TIM GRIFFIN, Arkansas                WILLIAM KEATING, Massachusetts
TOM MARINO, Pennsylvania             DAVID CICILLINE, Rhode Island
JEFF DUNCAN, South Carolina
ANN MARIE BUERKLE, New York
RENEE ELLMERS, North Carolina
VACANT
                   Yleem D.S. Poblete, Staff Director
             Richard J. Kessler, Democratic Staff Director
                                 ------                                

              Subcommittee on Oversight and Investigations

                 DANA ROHRABACHER, California, Chairman
MIKE KELLY, Pennsylvania             RUSS CARNAHAN, Missouri
RON PAUL, Texas                      DAVID CICILLINE, Rhode Island
TED POE, Texas                       KAREN BASS, California
DAVID RIVERA, Florida


































                            C O N T E N T S

                              ----------                              
                                                                   Page

                               WITNESSES

Pat Choate, Ph.D., director, Manufacturing Policy Project........     5
Mr. Richard Fisher, senior fellow, Asian Military Affairs, 
  International Assessment and Strategy Center...................    11
The Honorable Edward Timperlake (former Director, Technology 
  Assessment, International Technology Security, Office of the 
  Secretary of Defense, U.S. Department of Defense)..............    25
Adam Segal, Ph.D., senior fellow, Council on Foreign Relations...    35

          LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING

Pat Choate, Ph.D.: Prepared statement............................     7
Mr. Richard Fisher: Prepared statement...........................    13
The Honorable Edward Timperlake: Prepared statement..............    27
Adam Segal, Ph.D.: Prepared statement............................    37

                                APPENDIX

Hearing notice...................................................    50
Hearing minutes..................................................    51


COMMUNIST CHINESE CYBER-ATTACKS, CYBER-ESPIONAGE AND THEFT OF AMERICAN 
                               TECHNOLOGY

                              ----------                              


                         FRIDAY, APRIL 15, 2011

                  House of Representatives,
      Subcommittee on Oversight and Investigations,
                              Committee on Foreign Affairs,
                                                    Washington, DC.
    The committee met, pursuant to notice, at 12 o'clock p.m., 
in room 2172 Rayburn House Office Building, Hon. Dana 
Rohrabacher (chairman of the subcommittee) presiding.
    Mr. Rohrabacher. I call to order the Subcommittee on 
Oversight and Investigations of the House Foreign Affairs 
Committee.
    I would like to thank all of you for joining us today. And 
today we are examining the Communist Chinese cyber-attacks, 
espionage and theft of American technology.
    We will proceed with our opening statements and then 
introduce the witnesses. And, hopefully, there will be a vote 
coming up I am afraid, but let us hope we get through the 
testimony of the witnesses and then we will go and vote and 
come back and ask the questions.
    So, starting off with a Reuters news story this morning 
reveals that secret U.S. State Department cables trace computer 
system attacks colorfully code named the Byzantine Hades by 
U.S. investigators. They have traced these to the Chinese 
military itself. An April 2009 cable even pinpoints the attacks 
to a specific unit of the Chinese People's Liberation Army. 
According to U.S. investigators China has stolen terabytes of 
sensitive data from password for State Department computers to 
designs for multi-billion dollar weapon systems.
    The United States is under attack.
    Cyber-attack and cyber-espionage traced backed to China 
have been dramatically increasing every year. What kind of 
damage is being done? How is our national security being 
compromised? Well shielding our digital infrastructure from 
attacks, and protecting the intellectual property and 
classified information is strategically important to our 
national security. But how do that and what else needs to be 
done in terms of protecting this?
    The Communist Chinese Government has defined us as the 
enemy. It is buying, building and stealing whatever it takes to 
contain and destroy us. Again, the Chinese Government has 
defined us as the enemy.
    Chinese cyber-attacks on U.S. assets now number in the 
thousands every year. The 2009 report on ``China's Military 
Power'' published by the Office of the Secretary of Defense 
notes that, ``numerous computer systems around the world, 
including those owned by the United States Government, 
continued to be a target of intrusion that appears to have 
originated within the PRC,'' end of quote. One of the high 
value targets that Chinese cyber warriors have repeatedly 
attacked is the F-35 Joint Strike Fighter program which is the 
centerpiece of future American air power capabilities.
    The heavy use of outsourcing of computer and consumer 
electronic production to China, not only by American but also 
by Japanese, Taiwanese, German, and South Korean firms, has 
helped create a Chinese cyber threat that now compromises the 
security of the Western world. Beijing has been given 
technology and a manufacturing base, making Western networks 
vulnerable to escalating Chinese capabilities.
    The Office of the Secretary of Defense in their 2010 annual 
report to Congress, which was the ``Military and Security 
Developments Involving the People's Republic of China'' 
outlined this challenge. And I quote,

        ``The PRC utilizes a large well-organized network of 
        enterprises, defense factories and affiliated research 
        institutes and computer network operations to 
        facilitate the collection of sensitive information and 
        export-controlled technology.''

    The Chinese often use, and here it is, the term ``patriotic 
hacker'' as a cover for their activities, as well as of course 
corporate spies. But in that dictatorship the line between 
state and private efforts is blurred intentionally to give 
Beijing plausible deniability.
    Chinese thinking is based on slogans such as ``Give 
Priority to Military Products,'' and ``Combine the Military 
with the Civil.'' Thus, economic and commercial spying and 
theft are most frequently connected with tech-heavy industries 
deemed to be strategic to the regime. This includes computer 
software and hardware, biotechnology, aerospace, 
telecommunications, transportation, engine technology, 
automobiles, machine tools, energy, materials and coating.
    A new study by the RAND Corporation, which it was ``Ready 
for Takeoff: China's Advancing Aerospace Industry,'' that 
report found, and I quote,

        ``China's aerospace industry has advanced at an 
        impressive rate over the past decade, partly due to the 
        increasing participation of its aerospace industry in 
        the global commercial aerospace market and the supply 
        chains of the world's leading aerospace firms . . . 
        China's growing civilian aerospace capabilities are 
        unquestionably contributing to the development of its 
        military aerospace capabilities.''

    Combine these commercial transfers with the espionage 
committed against American military programs like the F-35, and 
no one should be surprised by the roll out of the new J-20 
``stealth'' Chinese airplane last January. It was years ahead 
of what all the experts predicted that China was able to do on 
its own.
    It is what happens during ``peace time'' that determines 
the balance of power and governs the outcome when that peace 
breaks down. National security must be a constant concern.
    Battleships and mass armies were left behind by aircraft 
carriers and rockets. Now we must understand that today's 
threat emanating from cyberspace and technology transfers as 
well as from traditional practices of espionage.
    Today we have before us four experts on the connection of 
technology transfers and national power in a competitive world.
    Mr. Pat Choate is currently the director of the 
Manufacturing Policy Project, a private, nonprofit institution. 
Mr. Choate has written widely and several books, including 
``Agents of Influence'' and the ``The High Flex Society,'' 
which document the decline in America's competitiveness and the 
influence of foreign powers right here in Washington, DC.
    Mr. Richard Fisher is a senior fellow with the 
International Assessment and Strategy Center. He is an active 
writer and a scholar on China having worked for the Jamestown 
Foundation, the Center for Security Policy, and The Heritage 
Foundation. He is the author of ``China's Military 
Modernization, Building for Regional and Global Reach,'' and 
has been published in numerous newspapers and professional 
journals.
    Mr. Edward Timperlake served as Director of Technology 
Assessment, International Technology Security for the 
Department of Defense from 2003 to 2009. He identified and 
protected the Defense Department from espionage, that was his 
job and we're anxious to hear more about that. He also served 
as the Department of Defense's representative to the National 
Counterintelligence Executive Committee. Before that he 
graduated from the Naval Academy and served as a Marine fighter 
pilot, as my dad did for 23 years. And co-authored the book, 
``Showdown: Why China Wants War with the United States.''
    And finally, we have Mr. Adam Segal, a senior fellow with 
the Council on Foreign Relations and an expert on security 
issues and China policy. He has recently written a book 
entitled, ``Advantage: How American Innovation Can Overcome he 
Asian Challenge.'' He has taught Vassar College and Columbia 
University. He holds a Ph.D. from Cornell.
    I want to thank all my witnesses, or our witnesses for 
being here today.
    And now we'll have opening remarks from our members, and 
then we will proceed with your testimony.
    Mr. Carnahan.
    Mr. Carnahan. Thank you, Mr. Chairman for holding this 
hearing. And I want to compliment on the interesting and timely 
subjects that you have brought to this subcommittee. And we 
look forward to continuing this work together.
    As the U.S. economy continues to recover, we must do 
everything we can to create jobs here at home and support 
domestic manufacturing.
    As of 2010, China was the world's third largest buyer of 
products from my home state of Missouri ranging from machinery, 
pharmacueticals, agriculture products. We experienced a 43-
percent growth in exports from Missouri to China. Nearly $1 
billion sales last year alone. Missouri made products exported 
to China that are creating jobs here at home in the midwest and 
beyond.
    With nearly 20 percent of the world's population, the 
Chinese market represents an opportunity for American business 
to create job here at home by making American products at home 
and exporting them to China, but here's the ``but.'' This 
growth, while it is an opportunity, it cannot and will not 
reach its full potential so long as American companies remain 
at risk. Given the long running efforts to illicitly acquire 
technology from Western companies, and a lack of protection of 
intellectual property rights there is a significant limitation 
to the export growth potential of U.S. corporations.
    While it is in our economic and security interest clearly 
to counter any and all of these issues, it is also in China's 
best interest to come to the table and address them in a 
serious way. China itself is increasingly susceptible to 
hacking and cyber crime and theft of intellectual property by 
others around the world, especially given that its technology 
is not as superior as ours. It is in the best interest of both 
countries to diplomatically address these issues and encourage 
Chinese officials to come to the table to do just that: Address 
these issues in a serious way.
    I look forward to hearing from our witnesses today. And I 
yield back, Mr. Chairman.
    Mr. Rohrabacher. Thank you very much.
    And we have with us, I am going to see if I am pronouncing 
right, David Cicilline?
    Mr. Cicilline. Yes.
    Mr. Rohrabacher. And you're from Rhode Island. And we would 
recognize you for an opening statement.
    Mr. Cicilline. Just thank you, Mr. Chairman. I just would 
like to welcome the witnesses and thank the chairman for 
scheduling this hearing.
    This issue of how do we support American manufacturers and 
deal with the very real issue of the theft in intellectual 
property is of great interest to me and to my constituents, and 
to our country. And I am particularly also interested in 
hearing the witnesses' testimony on what we might do to further 
enhance cyber security.
    So, I welcome you and thank you for being here today.
    Mr. Rohrabacher. Thank you very much. Welcome to the 
subcommittee.
    Mr. Choate?
    Mr. Choate. Mr. Chairman, members----
    Mr. Rohrabacher. I am sorry. I was trying to figure out how 
to pronounce his name so much that I did not even see him 
there.
    And another one of our new members, Ms. Bass. No, if you 
have an opening statement, please feel free.
    Ms. Bass. Thank you for holding this hearing. And I am also 
very interested in the testimony that you have to say, and a 
particular interest, I mean in addition to the cyber-attacks, 
is the whole idea of the problem in China with piracy. I know 
that is not the topic today, but hopefully in a future hearing 
we will be addressing that.
    Mr. Rohrabacher. Thank you very much.
    You have a very easy name to pronounce. All my life with a 
name Rohrabacher I have got to pay attention to pronunciations.
    Mr. Choate, go right ahead.

STATEMENT OF PAT CHOATE, PH.D., DIRECTOR, MANUFACTURING POLICY 
                            PROJECT

    Mr. Choate. Thank you, Mr. Chairman, members of the 
committee.
    Let me focus my comments on how the United States actually 
facilitates such cyber-espionage and talk about things that we 
can do here at home in dealing with it.
    Chinese cyber-attacks, of course, are massive, there have 
been numerous studies that have identified these attacks. We 
know that all of our major agencies, corporations, banks, 
research and other entities are subject to these attacks.
    The greatest concentration of technology, of new 
technologies, advanced technologies in the world is at the U.S. 
Patent Office. What we have is  deg.each year is 
500,000-plus applications from around the world, about half of 
those applications are foreign-based but half are from the 
United States, seeking a patent. And at the Patent Office what 
we have is a situation in which we have probably the oldest 
computers in the Federal Government are found at the Patent 
Office. There have been a number of comments on that by Mr. 
David Kappos, who is the Director of the US PTO.
    Another basic principle that we can assume: Anything that 
is on the internet can be hacked into, whether it is our IPhone 
or whether it is our personal computer, or our IPod that is 
connected.
    So, we have to assume that the Patent Office is regularly 
hacked into and the best information is taken from the Patent 
Office. I do not think that has received the attention that it 
merits.
    The second thing that happens in talking to computer 
security experts, and I have done this for a couple of books, 
is the first thing that a foreign intruder seeks is to identify 
the sources of this technology.
    If you go into the Patent Office, or if you just simply 
take the published Patent applications, you can narrow down the 
fields to those companies that are doing the most advanced 
research, large and small. Then once those companies are 
identified, the Chinese are particularly effective at doing a 
barrage of attacks upon the computer systems of those companies 
in an attempt to put in Trojan spyware that will enable them at 
the schedule of the intruder to produce the information of the 
company itself and literally on an hourly or daily basis, they 
know exactly what is going on with the technology or research 
there. The issue is one of how do we improve the security of 
information in that process.
    A second issue that I mention in my testimony relates to 
the entire question of the security of economic technology. We 
have both national and economic security needs in this country. 
We have laws on the books that deal with the national security, 
the military technology. We have laws that require the 
imposition of secrecy orders. We have no such laws on economic 
technology. And increasingly what has happened over the years 
is we have dual technologies that are used for both purposes.
    In the back of my testimony I have a table that I would 
direct your attention to on the number of secrecy orders that 
have been given. It's the fifth column over.
    And what we see in during the Cold War era we would have 
hundreds of items each year that would be put under a secrecy 
order. A patent would be given, but the secrecy would not be 
allowed. That rate has declined by about 90 percent in recent 
years.
    Last year there were 86 secrecy orders issued at the Patent 
Office. Of those, about 60 were from the National Labs and 
dealt with atomic issues. There were about 26 John Doe secrecy 
orders imposed.
    Now here's the problem. We have the Department of Commerce, 
the Department of Defense, Department of State, Homeland 
Security imposing export controls on certain technologies 
because we do not want people who might be hostile to us to 
have that technology. At the same time, we are putting up 
through the Patent Office on the internet the patent 
applications and the full patent itself which includes the best 
mode for the best way to make it. So simultaneously we are 
losing billions of dollars of sales and we have absolutely no 
security benefit from that.
    So, I think this is a very rich area of study of how do we 
take our national security and recognize the dual use 
technologies? How do we make sure that we have an improved 
security inside the Patent Office on this publication of 
materials?
    Thank you, and I look forward to your questions later.
    [The prepared statement of Mr. Choate follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Rohrabacher. Thank you very much, Mr. Choate. And 
appreciate you keeping it within 5 minutes, and we will have a 
longer session to ask questions and answers after that.
    Mr. Fisher?

STATEMENT OF MR. RICHARD FISHER, SENIOR FELLOW, ASIAN MILITARY 
     AFFAIRS, INTERNATIONAL ASSESSMENT AND STRATEGY CENTER

    Mr. Fisher. Chairman Rohrabacher, I would like to begin by 
thanking you for your consistent leadership in helping to alert 
this nation to the threat from China's Communist Party. And 
Chairman Carnahan and other members, I would like to extend my 
thanks to you for holding this hearing today.
    Both the internet and the dual use technologies that I will 
cover in my remarks have helped to propel a far more globalized 
world economy which has produced myriad benefits, has many 
defenders, but I would also submit, Mr. Chairman, that it is 
time for the United States to devise new defenses against those 
who are exploiting these benefits and harming of the security 
of the United States.
    In my testimony one of the major points that I make is to 
highlight the cost of China's cyber warfare against this 
country. I have provided some figures in a PowerPoint slide and 
that looks at, at least, open source estimates of annual 
expenditures. And last year I found an estimate that describes 
the cost of just cyber-espionage alone as mounting to almost 
$200 billion a year. This is comparable to what the United 
States is spending to defend ourselves or what is the cost of 
the impact of the war against in this hemisphere.
    Admiral Winnefeld just 3 days ago provided the figure of 
$181 billion as he impact on this country of the war on drugs.
    So with that level of importance, that level of comparison, 
I think a far greater degree of public focus needs to be placed 
on this challenge of Chinese cyber warfare.
    In my testimony I describe some points about the order of 
battle that PLA has put together, how cyber warriors or drawn 
from the criminal sector, from the computer industry. You 
mentioned the Reuters story today that described a U.S. Embassy 
cable that has traced attacks back to a specific unit in 
Chengdu. The Chinese have a cyber army that is fully integrated 
into their order of battle. What we need to do to defend 
ourselves is another long and complex subject, but at minimum 
we need to consider how we can raise this issue in importance 
in terms of the information that we share with American 
citizens.
    Every year at the Pentagon, because of the Congress, has to 
print a report about PLA modernization, Chinese military 
modernization. I believe that we need a similar report that 
highlights China's cyber war against the United States and all 
other democracies.
    Now I'd like to move on to looking at how American dual use 
technologies are being used by China increasingly for military 
purposes. I have written on this at some length in the past, 
and I put together just a few PowerPoint slides that provide 
some examples.
    Early in the last decade two Chinese companies basically 
stole the AM General Humvee and put it into production. One 
company, the Dong Feng Motor Company is now producing this 
vehicle for the People's Liberation Army and the People's Armed 
Police. It's not something that AM General would talk to me 
about until just a few years ago. And it apparently is 
something that happens with the approval of the Commerce 
Department. And it does not appear that there is anyone who is 
aware or taking any action to address an American-designed 
vehicle being used by the Chinese military.
    Another example that I discovered at a Chinese air show in 
2004 was that two Boeing 737s have essentially been dragooned 
into the People's Liberation Army Air Force. My sources in 
another country explained to me soon after that these airplanes 
were being used in China's Cruise missile development program. 
There are now 400, 500, 600 Cruise missiles appointed at 
Taiwan, and this aircraft helped to develop them.
    Here we see at the far left the 737s and Chinese electronic 
warfare and electronic technology development unit.
    Here we have another problem, and that is how China has 
integrated the airliners and the cargo liners that we have sold 
them into a civilian reserve force that is now helping to 
transport PLA troops and forces, and equipment. This is an 
exercise that took place in 2008, a U.S. built Boeing 747, a 
McDonnell Douglas DC-10 and we see Humvees being arrayed as 
part of the forces being transported.
    This is an exercise that took place last year. China 
Southern Airlines just acquired this Boeing 777F and promptly 
went into a mobility exercise.
    Finally, there is the problem of how to control academic 
research, especially when it has a military use. I included in 
my testimony an explanation of the case of a certain professor 
who was allowed or invited to be a visiting fellow with a NASA 
Laboratory in the late 1980s. She then returned to China with 
her information and became a leading expert for China in the 
development of composite ceramic matrix materials which are 
used to shield spacecraft. And she is now involved in China's 
effort to build military spacecraft and military hypersonic 
products.
    I do not think that there is enough of an awareness or a 
willingness on the part of those who should be defending our 
technology, and that would be my final point, sir.
    Thank you very much.
    [The prepared statement of Mr. Fisher follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Rohrabacher. Thank you very much, Mr. Fisher. We will 
get back to you during the questions and answer. But it appears 
that we are spending a lot of money on research and development 
here and maybe the benefit is going overseas. But we will let 
our next witnesses comment on that as well.
    Mr. Timperlake?

STATEMENT OF THE HONORABLE EDWARD TIMPERLAKE (FORMER DIRECTOR, 
   TECHNOLOGY ASSESSMENT, INTERNATIONAL TECHNOLOGY SECURITY, 
OFFICE OF THE SECRETARY OF DEFENSE, U.S. DEPARTMENT OF DEFENSE)

    Mr. Timperlake. Thank you very much, Mr. Chairman, 
distinguished members.
    I would like to submit my testimony for the record and 
summarize briefly.
    The 106th Congress of the First Session reported out a 
bipartisan document that is a tribute to the fact that the U.S. 
Congress in national security concerns come together as one, it 
was called the Cox Report. It was a report on the activities of 
the People's Republic of China. I linked it in my testimony. 
Anybody that reads that can go to the Congressional Web site or 
buy a copy on Amazon. Read it, look at today's headlines to 
check and see the lineage of what they went after and where it 
is today. I picked three quick examples.
    In the '90s, the People's Republic of China targeted 
ballistic missiles. Sure enough, they also proliferate, by the 
way. Boom goes the dynamite on January 11, 2007 they 
successfully kinetically killed one of their satellites. Some 
day that may be seen as the precursor to the opening round of a 
quasi-war in space.
    They went after high performance computers. I looked that 
up, and in 1999/2000 I think Saudi Arabia and Portugal were 
ahead of China, we had the top nine out of the ten, Japan was 
closing. And again on 20 October the BBC announced that China 
now has the top super computer in the world. So, they got that 
one.
    Stealth and composite technology, they went after that. 
Sure enough, as you mentioned, they rolled out the J-20 
Annihilator and embarrassed everybody. Previous to that the 
Russians flew their F-22ski, the TF-50. Both of them were a 
test flight that caught several by surprise. Three Air Force 
officers did not see it that way, General Corely U.S. Air 
Force, Lieutenant General Deptula of the Air Force Head of 
Intelligence, and General Thomas McInerney. Unfortunately, the 
F-22 was stopped at 187 Raptors, and I think that was a 
strategic blunder which tell us we have to protect the F-35 at 
all cost because that is our ace in the hole coming in combat 
maneuvering in the future.
    Concurrently while the Chinese were spying, they did the 
``Revolution in Military Affairs,'' they saw Andrew Marshall 
publish this great document in which Mr. Marshall, director of 
Net Assessment, said here was two evolutionary technologies: 
Precision-guided munitions and remote sensors, and information 
war.
    The Chinese military literature tells us in the late '90s 
they were giving doctorates in information war. The term 
``cyber'' had not been in vogue at that time, so they really 
got off the dime very quickly on that.
    I would argue though, and we will discuss this, that the 
PRC actually has two cyber enemies. They have the free world 
for whatever they can get, and the other one is their own 
people. And they are very concerned about that, so that 
compounds their problem and is an area that we can exploit.
    There are two case studies I presented. The first one was 
the Varyag, the aircraft carrier, that's denial and deception. 
They sent a team over to buy it, it was a cold war relic. And 
they claimed that they were purchasing an aircraft carrier to 
be a casino Macau. They got though the Turkish Straits of the 
Bosphorus by that cover story. Sure enough, very recently 
Xinhua is on saying ``The huge warship on the verge of fitting 
out, is fulfilling 70 years of China's dreams for an aircraft 
carrier.'' I would say that basically they named it the Shi 
Lang after the Ming Dynasty admiral. I'd rather call it the 
Casino, because that's how they said hey were going to use it.
    The other case is they send bad things to bad people. 
Whenever the Chinese Government gets something, they have a 16 
character policy which says: We get it, we filter it through 
the use and the need for the state. And in doing so it's a 
brilliant strategy. They then perfect it and balance it by 
proliferation. I went to Iraq, I looked at all the Chinese 
weaponry that were oil for food violations, and sure enough I 
listed them in my report. In addition, Huawei a Chinese firm 
was in pre-war Iraq, post-war Iraq. And I was looking at the 
CPA, I was engaged with that. I noticed on the Web site they 
were bragging that they had gotten into Iraq and basically that 
was prohibited. In my personal opinion Huawei is an ongoing 
criminal operation as much as anything.
    How are we doing and what are we doing about it? The 
Justice Department formed up a task force in 2007 to focus on 
this. They have done a magnificent job. I give a link to that. 
I even gave some of their press releases on spy cases they have 
busted, and they really are making these cases.
    Finally, the issue of cyber security; it's a black swan 
event, which is a great book. Basically, expect the unexpected, 
the highly improbable. And we formed up the U.S. Cyber Command. 
I want to give Mike Wynne a credit to his vision, the Billy 
Mitchell of our generation. He saw the need early with the U.S. 
Air Force Cyber Command that melded into the bigger cyber 
command picture.
    I really do believe that we as Americans have a challenge 
but we will, because of hearings like this, address that 
challenge.
    Thank you, sir.
    [The prepared statement of Mr. Timperlake follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
        

    Mr. Rohrabacher. Thank you very much for your testimony.
    And now Dr. Segal.

   STATEMENT OF ADAM SEGAL, PH.D., SENIOR FELLOW, COUNCIL ON 
                       FOREIGN RELATIONS

    Mr. Segal. Mr. chairman and members of the committee, thank 
you very much for asking me to testify on this very important 
subject.
    I would like to place cyber-espionage in a larger context, 
which is a push on the Chinese for extremely techno-nationalist 
technology policy driven toward reducing dependence on advanced 
countries for foreign technology, and particularly reducing 
dependence on the United States and Japan. That policy was 
enshrined in the 2006 Medium-to Long-Term Science and 
Technology Development Plan, introduced the idea of 
``indigenous innovation,'' and it set the goal for China to 
become an innovated-oriented society by 2020 and among the 
world's scientific and technology leaders by 2050.
    The pursuit of these goals follows three tracks. The first 
track is industrial policy, which is basically a top-down, 
state-led focus on big science, but also includes the use of 
standards policy, the use of procurement and the failure to 
protect intellectual property rights, as well as forcing 
technology transfer between foreign companies that want access 
to the Chinese domestic market.
    The second strand is what you would call innovation 
strategy, and this is a much more market-oriented focus on 
creating technological entrepreneurship and new growth in the 
Chinese economy.
    And the third strand is cyber-espionage and traditional 
espionage.
    These three strands clearly are overlapped and intertwined, 
although plucking out the individual strands is difficult to 
do. In some cases it's very easy. We can see private companies 
as they grow larger begin to accept funding and support from 
the state. And also in the case of cyber-espionage as the 
``Shadows in the Cloud'' report shows that there is a nexus 
between criminal and state hackers and the information that 
those hackers find sometimes shows up on the black market and 
other times it seems to work its way back to state 
institutions.
    The question for the United States, of course, is how do 
you respond to this? And I think the most important response is 
domestically: How do we defend our own networks? How do we move 
to risk management? Because I think most of this is in the end 
is going to be very difficult to protect, and so we have to 
think about what type of information we actually want to be 
digitalized and placed on networks. But also, how do we raise 
the cost for Chinese hackers, and that's probably going to 
involve some forms of active defense.
    But I think the larger issue as well is: What are U.S. 
companies saying about this problem? Because like with 
intellectual property rights theft, U.S. companies do not like 
to talk about when they have been hacked. We saw with the 
Google hack, Google said 30 other companies were attacked in 
this hacking, but then no other company publicly stated that, 
yes, this was a problem for us. And I think the reasons that 
they do not state it is because they are afraid of retribution 
from the Chinese Government. So the United States has to figure 
out how are you going to respond to that problem and get U.S. 
Government more involved.
    And then the third area, I think, is how do we shape this 
debate within China. Because we can see with the technology 
policy there is, in fact, people who question the wisdom of 
this--excuse me this technology policy, this top-down state 
strategy. They think that that is not going to be successful 
long-term and they are afraid that in fact China will fall 
further and further behind. That Chinese standards will only 
cut them off from the rest world.
    And as Chinese technology companies themselves become more 
global, they have a stake in a digital infrastructure that is 
more open and more global. So what the United States wants to 
do is to think about how we strengthen those individual units.
    I suspect, although I have no evidence, that those same 
factions, we can call them the innovation strategy factions, 
are also suspicious of a technology policy that is based on 
espionage. Copying is not going to create incentives for 
innovation. So those people are the ones that we want 
strengthen, those are the ones we want to convince that they 
have an interest in these global structures and these open 
infrastructures, and to convince them that China is 
increasingly becoming more vulnerable to cyber-attacks itself.
    This is not going to be easy. The techno-nationalist view 
is widespread in China. It is, in fact, held by the innovation 
strategy faction. They also want to reduce dependence on the 
West, but they at least are pushing in more open ways of doing 
it. So that I think it is important to engage the Chinese on 
that front, but the more important short-term is probably going 
to be defending ourselves and raising costs to Chinese hackers.
    I'll stop there.
    [The prepared statement of Mr. Segal follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Rohrabacher. Thank you very much.
    And Mr. Carnahan may not be able to join us after the next 
series of votes, so I think we will give you the courtesy of 
asking your questions now.
    Mr. Carnahan. Great. Thank you, Mr. Chairman. And thanks to 
all the panels here today. This has been a very good overview.
    I wanted to start with just an overall question to really 
any of the panelists that want to weigh in on this. President 
Obama had stated that ``our ability to partner is a 
prerequisite for progress on many of the most pressing global 
challenges.'' I wanted to get your assessment of the 
willingness of the Chinese to engaged with the U.S. in this 
manner regarding cyber threats and technology threats. And why 
do we not just start with Mr. Choate and work our way across?
    Mr. Choate. Well, I think we can anticipate--well I think I 
can start by looking at our own history. From 1790 to around 
1838 the United States was under a very aggressive policy of 
technology acquisition under a manufacturing strategy put 
together by Alexander Hamilton. We literally stole everything 
that we could from any place in the world.
    And I think that China, and any other developing country, 
would feel an obligation to do almost the same thing. From our 
perspective I think we must assume that for years to come as 
long as our technology is superior, they have ever incentive in 
the world to go out and steal our technology. That gives a 
series of mandates on what we should do as a country.
    We should be not naive. We should take a look at the way 
that we have agglomerated technology, who has access to it, how 
we in effect have our companies understand that one of the 
things they've got do is take certain of their computers off of 
the internet. We need to take a look at our policies with the 
Patent Office with all of the new technologies there. In other 
words, we must assume as a policy that not only China, but 
Germany and Brazil and other countries are out to steal to our 
technology. It's our responsibility to not make it easy as we 
do now.
    Mr. Carnahan. And before I get to the next witness, to the 
extent that China is becoming a target increasingly of 
intellectual property----
    Mr. Choate. Yes.
    Mr. Carnahan [continuing]. Is that going to get them to the 
table on these issues?
    Mr. Choate. Not really, I don't think so.
    One of the things that is happening with the Chinese, they 
have made in their last 5-year plan a major effort to do 
patenting in China. Probably the largest set of patenting in 
the world now is done inside China. So their conscious about 
the need to create legal rights and at the same time they're 
conscious about securing their own technology. So I do not 
think that we're really going to wind up with any real 
cooperations. I think we must proceed on that basis.
    Mr. Carnahan. Thank you. I am going to try to get everybody 
in if we can after this bell went off.
    Mr. Fisher?
    Mr. Fisher. Thank you, Mr. Chairman.
    I do not see that the Chinese Government today shares any 
interest in partnering with the United States in an effective 
way, at least as we would view it. The cyber warfare effort 
along with the range of miliary modernization efforts that we 
have seen underway all date back to the 1989 Tiananmen 
uprising. That scared the bejesus out of the Chinese Communist 
leadership. And all that they have done since then in the 
military strategic sphere has been devoted to protecting their 
dictatorship, their control, their position of power to include 
this aggressive campaign of cyber warfare.
    They are not going to be interested in talking to us until 
they have reached a level of power for which they are 
comfortable. And I am not sure that their concepts of 
partnering will include any kind of concept of equality that we 
have, that we will share interests and then move forward. Once 
they gain a position of superiority, they are going to want to 
start dictating and changing the rules, rewriting rules.
    Mr. Carnahan. Let me move on to Mr. Timperlake.
    Mr. Timperlake. Yes, sir. Thank you for the question.
    I think you have to approach it from two perspectives. The 
first is they are very good at denial and deception, which is 
their charm offensive. They will stay engaged and do whatever 
accrues to their advantage. No problem, no debate on that. What 
they will do, though, is take it to their advantage first and 
foremost through their 16 character policy. Where I think you 
can actually find their true intentions is if you read their 
War College literature. Surprisingly, or not surprising, the 
Chinese will tell you, the PLA, what their intentions are. In 
fact, they are quite proud of what they are doing.
    So the engagement policy always has to go in with that huge 
caveat that they are very, very good, as you saw, taking an 
aircraft carrier and calling it a casino, and then converting 
it into a ship of war. So when you engage at that level be 
careful.
    Mr. Carnahan. Mr. Segal?
    Mr. Segal. I do not fundamentally disagree with most of the 
bad news that the panelists have given you, but I will try to 
give a glimmer of hope here.
    On one hand, I think there are some parts of the Chinese 
bureaucracy that are beginning to think about how they defend 
themselves from these vulnerabilities. We see a track now that 
is going on with some members of the Ministry of State Security 
and MIIT that are participating on these discussions.
    At the U.N. the Chinese have unwillingly gone along with 
the Russians for discussions about cyberspace arms control 
agreements.
    And in my own dealings with members of the Ministries, they 
are beginning to practice certain arguments, rule them out 
about how they want to engage in cyberspace.
    I think it is very early. I am not expecting any progress 
on those fronts, but I think within the Chinese bureaucracy 
there is some thinking about it. But I do not widely disagree 
with the generally negative that the panel has given.
    Mr. Carnahan. Great. Thanks to all of you.
    Thank you, Mr. Chairman., Yield back.
    Mr. Rohrabacher. Thank you.
    How many minutes do we have? We have 10 more minutes to get 
to the vote, and I think what I am going to do is get my 
questions now and seeing that our other members are not here, 
that will be the end of the hearing. So, we do have 10 minutes.
    So if you would like to any moment, because we are 
restricted here, you can jump in and ask a follow-up question 
as well, Mr. Carnahan.
    What about joint ventures with Chinese companies? We have 
aerospace industry and others who are pushing in that area. Is 
this going to work for us or against us? And be succinct and we 
will go on down?
    Mr. Choate. Basically what we are doing is giving away our 
technology.
    Mr. Rohrabacher. And so the things that we have developed 
and spent billions of dollars developing will then be 
eventually used competitively against us?
    Mr. Choate. Yes.
    Mr. Rohrabacher. Mr. Fisher?
    Mr. Fisher. Absolutely, I agree with Pat on this.
    We are helping the Chinese to build competitors to Boeing 
and Airbus, and that advantage will be much narrower by the end 
of this decade. And the Chinese are taking all of this 
technology and applying it to military programs that will be 
largely aimed at us as well.
    Mr. Rohrabacher. This policy has destroyed several 
manufacturing industries in the United States already. And for 
us to put at risk the aerospace industry with this type of 
involvement, would the Chinese who are clearly our adversaries, 
certainly more than just our competitors but our adversaries 
and perhaps our enemies? Mr. Timperlake?
    Mr. Timperlake. Yes, sir, I think you are exactly right. In 
fact, one dimension of the role out of the J-20 that catches my 
interest is they are notorious proliferators. So in addition to 
perfecting a fifth generation aircraft, you can expect them to 
try and sell a fifth generation aircraft. And that will intrude 
on the international aircraft market to their benefit. So they 
steal stuff, they build something and they proliferate it and 
they do it for money, or they will buy their way in. And they 
are very good at that.
    Mr. Rohrabacher. Mr. Segal?
    Mr. Segal. Clearly in aerospace and avionics the joint 
ventures are probably not going to be good for U.S. national or 
economic security interests. But I think in a range of other 
economic sectors companies have moved away from the joint 
venture model because of the technology transfer reason. They 
have moved to wholly foreign-owned ventures and not wanting to 
partner for this technology transfer reason. And they 
themselves have become gradually over time more sophisticated 
in breaking up technology into specific components and making 
sure that the most advanced components do not go into China. 
But I think for national security reasons there are certain 
sectors that do.
    Mr. Rohrabacher. Of course, it is not necessarily what goes 
into China physically, but----
    Mr. Segal. Yes.
    Mr. Rohrabacher [continuing]. Perhaps what the Chinese can 
hack into and bring the plans over.
    Mr. Fisher, you had something you wanted to add?
    Mr. Fisher. ...is important as well, because in my opinion, 
at least what some Chinese sources have told me, they have 
their own F-35 program as well. A lower cost fighter, fifth 
generation fighter that, as Mr. Timperlake mentioned, will be 
on the market probably within the decade.
    Mr. Rohrabacher. And is that based on our research and 
development, Mr. Timperlake?
    Mr. Timperlake. It is an important point. What I found in 
my research is that the Chinese acquisition system which we 
still are trying to figure out, we have trouble with our own of 
course, is develop, develop, steal, develop, steal, buy, 
develop; whatever. But what happens is they go dark for a 
period 5 to 7 years so they can surprise you.
    And if they laid out the J-20 as more a surprise then 
anything, what is next, and what is next is cascading in from 
the great spy cases of the '90s and those cyber intrusion to 
this day. So, there are surprises still coming in their 
perfection of technology.
    Mr. Rohrabacher. We have a major economic challenge before 
us. And I would suggest that from the testimony we hear today a 
considerable amount of that challenge can be traced to the fact 
that we now have permitted in wealth in the form of research 
and technology development to be stolen or just transferred to 
a competitor.
    Yes, Pat?
    Mr. Choate. The problem really extends across our advanced 
technology trades. Department of Commerce does an analysis. We 
are running an $80-billion-a-year deficit in advanced 
technology trade. The largest part of that deficit is now with 
China.
    I think that what we have to be leery about is that the 
Chinese on certain technologies, once they gain control of 
those, they will use that as they have their control of 90 
percent of the world's rare earths as strategic leverage, 
foreign policy leverage. Our risk is that we become totally 
dependent upon China or the countries immediately around China, 
in the China sphere those ten countries for certain of our most 
vital technologies. And we are well on the way of having such a 
dependency.
    Mr. Rohrabacher. Well, let me just note that we are going 
to break in a few minutes. So, I am sorry, I apologize for that 
but this is the way it has worked out today.
    We face many challenges as a free people. One is how are we 
going to be prosperous and our people are going to have a 
decent standard of living. And number 2, of course, and which 
is probably the number one concern, is how are we going to make 
sure that we are safe from threats to our security and the 
safety of our people. And in both of these goals that should be 
primary goals of the Federal Government, the transfer of 
technology and the cyber theft of American technology is 
putting our ability to have a prosperous and have a safe 
American, it is putting that at risk. This is an issue that I 
am pretty happy this is one of the first things we covered in 
this subcommittee. We will be coming back to that and probably 
asking you gentlemen to return in a few months. But we have 
broken the ground here. And we want to make sure that we have a 
national debate on where we draw the line.
    I would say the American people would be outraged to 
understand that tens of billions of dollars that have been 
taken from them in order for research and development in our 
country has ended up in the hands of an economic and military 
adversary like Communist China, which is also one of the 
world's worst human rights abusers.
    So, if we are going to preserve the peace and we are going 
to have prosperity in America, we have got to come to grips 
with this challenge.
    I have got to come to grips because I have got 3\1/2\ 
minutes left to vote.
    I would like to thank you all for testifying.
    This hearing is adjourned.
    [Whereupon, at 1:01 p.m., the subcommittee was adjourned.]
                                     

                                     






















                            A P P E N D I X

                              ----------                              


     Material Submitted for the Hearing Record Notice 

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                               Minutes 
                               
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
                               
                                 
