Former CIA Director Michael Hayden, right, testified alongside two cybersecurity experts (Kevin Mandia, left and Arthur Coviello, middle), before the House Select Committee on Intelligence. AUSTIN B. SMITH/MEDILL
WASHINGTON—The chairman of the House Intelligence Committee accused China on Tuesday of industrial cyber espionage against the United States, calling it “brazen and widespread theft of intellectual property from foreign commercial competitors.”
“China’s economic espionage has reached an intolerable level,” said Rep. Mike Rogers, R-Mich. “Beijing is waging a massive war on all of us, and we [the U.S. and its allies] should band together and pressure them to stop.”
Many companies have attributed computer attacks to China, but Rogers’ accusations at the committee hearing marked a new level of direct, public address from a senior U.S. official.
Rogers also said other companies that privately acknowledge having been victims of China’s cyber spying remained quiet “for fear of provoking further Chinese attacks.”
Many companies, including Google, have been breached in recent years, and the Stuxnet worm in Iran damaged a nuclear reactor, among other adverse reactions.
Former CIA Director Michael Hayden agreed with Rogers’ pointed claims in his testimony, then argued for more transparency and sharing of cyber defense strategies, as well as a consistent view of what our cyber policies need to be.
The agencies are reluctant to talk about any cyber issues, Hayden said. “I think this information is horribly overclassified inside the government.”
After pointing his finger at the government, Hayden was quick to say the private sector is not doing its part, either.
“Industry is also reluctant to share information left to right—within industry—and north to south—between industry and government,” he said. “This lack of transparency prevents us from getting to consensus.”
Defense Industrial Base Cyber Pilot, a new program that has been touted by the government since its inception and was recently extended by the Department of Defense, was mentioned several times in the hearing.
The program helps the government share cyber threat intelligence with private sector companies that provide products or services pertinent to the country’s defense through a voluntary information-sharing agreement.
Hayden had both critiques and congratulations for Cyber Pilot.
“We really do have to keep in mind, as successful as this has been—as hopeful as this seems to be—this was a small group of companies, they were the companies most threatened by the cyber attacks we have been describing,” he said. “And all of these companies are very accustomed to working in an intimate way with the federal government.”
Hayden said it’s unclear if this model will work for addressing the problem on a wider scale.
Cybersecurity expert Kevin Mandia, of Mandiant Corp., expressed similar concerns in his testimony, arguing for the sharing of cyber threat intelligence.
“Both the government and some private sector companies have this information,” he said, “and we need to devise a manner in which they can share actionable intelligence in a codified, standard way that does not betray or diminish the effectiveness of our intelligence mission.”
Mandia also supported legislation in both the House and Senate that would increase penalties for cyber crimes and require companies to disclose data breaches to customers.