The Defense Department said Monday that cyberattacks in 2007 against computer networks operated by governments and commercial institutions around the world "appear" to have originated within China -- marking the first time the Pentagon has so visibly pinned the blame against China for cyberattacks.
"In the past year," the report concluded, "numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within the [People's Republic of China]. These intrusions require many of the skills and capabilities that would also be required for computer network attack. Although it is unclear if these intrusions were conducted by, or with the endorsement of, the [People's Liberation Army] or other elements of the PRC government, developing capabilities for cyber warfare is consistent with authoritative PLA writings on this subject."
The report said that in 2007, networks operated by Defense, other federal agencies, defense-related think tanks and contractors experienced "multiple computer network intrusions, many of which appeared to have originated in the PRC."
The report also highlighted public statements by top intelligence and defense officials in France, Germany and the United Kingdom that pinned the blame for cyberattacks against networks in those countries on China.
The report quoted Hans Elmar Remberg, vice president of Germany's Office for the Protection of the Constitution (the country's domestic intelligence agency), who accused China of sponsoring computer network intrusions "almost daily."
The report also cited an alert in November issued to 300 financial institutions by Jonathan Evans, director general of MI5, the United Kingdom's intelligence service, saying that it was the target of state-sponsored computer network exploitation from China. France also has experienced Chinese cyberattacks, the report said, quoting French Secretary-General of National Defense Francis Delon.
China's use of cyber warfare stems from a doctrine designed to provide the country's military with advantages over technologically superior adversaries, the report said. It quoted a Chinese publication, which said:
"[The] application of non-nuclear high technologies can bring about strategic effects similar to that of nuclear weapons, and at the same time, it can avoid the great political risk possibly to be caused by transgressing the nuclear threshold... Among other things, following the advent of cyber information age, information warfare and information warfare strategy are widely drawing attention."
The report issued Monday does not go as far as a little noticed report sent to Congress in late 2007 by the U.S.-China Economic and Security Review. It said Marine Gen. James Cartwright, the vice chairman of the Joint Chiefs of Staff, viewed Chinese cyberattacks as potentially having an effect equal to "the magnitude of a weapon of mass destruction."
Cartwright told the commission that China has a larger capability to conduct denial-of-service attacks against computer systems than any other country, and such attacks have "the potential to cause cataclysmic harm if conducted against the United States on a large scale."
China also is developing a multidimensional program to limit or prevent the use of space-based assets by its potential adversaries, the report issued Monday said, as part of a process of extending battle space from traditional land and sea domains into outer space and cyberspace.