Head of Cyber Command Adm. Mike Rogers told Congress on Thursday that China’s government has conducted cyberattacks against U.S. businesses, universities and defense industries. The attacks were a direct violation of an agreement between the two countries created during the Obama Administration.
The agreement, which was reached in 2015 between Chinese leader Xi Jinping and then-President Barack Obama, was supposed to ensure that both countries refrained from any cyberattacks that stole intellectual property for commercial gain.
“Subsequent evidence, however, suggests that hackers based in China sustained cyber espionage that exploited the business secrets and intellectual property of American businesses, universities and defense industries,” Rogers said.
“In addition, the Chinese government could exploit the production of information and technology products to harvest corporate, government and even personal data from foreign countries,” Rogers explained.
Rogers’ statement on the cyberattack was the first time any senior military or intelligence official confirmed that China had violated the 2015 agreement. Previous congressional testimony assessed whether China was abiding by the agreement and asserted that there was a reduction in cyber thefts.
However, Rogers stressed that even with agreements in place, several states continue to sustain “campaigns against our cleared defense contractors to scout and steal key enabling technologies, capabilities and systems.”
“Our adversaries have grown more emboldened, conducting increasingly aggressive activities to extend their influence without fear of significant consequence,” he said. “We must change our approaches and responses here if we are to change this dynamic.”
As of now, no action has been taken against China for any of its large-scale cyber attacks.
In 2015, China was deemed responsible for the theft of 22 million records of federal workers from the Office of Personnel management. China has also carried out more damaging attacks against American military and private sector networks, including defense contractor systems.
China is among four nations that Rogers says pose major cyber threats, including Russia, North Korea and Iran.
“China and Russia, who we see as peer and near-peer competitors in cyberspace, remain our greatest concern, but rogue regimes like Iran and North Korea have growing capabilities and are using aggressive methods to conduct malicious cyberspace activities,” Rogers said.
However, China’s attacks, in particular, have proven to be the most damaging with the theft of critically important data.
Some Chinese cyber attacks have cost more than $100 million to assess damage and rebuild compromised networks, including strategically important information systems.
China was also responsible for stealing internal Air Force records of 33,000 officers, and more than 300,000 user identifications and passwords from the Navy.
Overall, Rogers said that cyberattacks have “evolved dramatically” in the past eight years.
“Today we face threats that have increased in sophistication, magnitude, intensity, volume and velocity, threatening our vital national security interests and economic well-being,” Rogers said.