DOI Data Center Security and Chinese Cyber Espionage

March 6, 2017 by The GTech Operations Team

In 2015, federal data security was severely compromised when hackers obtained unauthorized access to Office of Personnel Management (OPM) records from host servers at a Department of Interior center. The NYT reports that the breach exposed the personnel data of 21.5 million federal employees. In recent years, DOI has documented 19 data security breaches. Three of the most egregious were:

  • The May 2013 security breach, when Chinese hackers obtained unparalleled access to sensitive data and used malware to destabilize DOI security systems.
  • The October 2014 security breach, when European-based hackers obtained control of two DOI public web servers.
  • The October and December 2014 security breaches, when hackers were able to gain privileged administrative access to all DOI security systems. This breach constituted one of the worst instances of cyber espionage in DOI history.

The United States government continues to warn that Chinese cyber espionage efforts have increased in recent years. In fact, China has recently announced the inception of its new cyber-warfare force, the Strategic Support Force, which includes 3PLA, said to comprise 100,000 cyberwarriors. The NSA reports that 3PLA hackers were able to obtain more than 50 terabytes of sensitive military data from recent breaches of American defense networks. Crucially, the Chinese were able to modify the stealth radar and engine schematics of the F-35 to build a new generation of F-20 stealth jets. According to Der Spiegel, the Chinese also obtained access to the engine schematics of the B-2 and F-22.

Additionally, the Chinese appropriated the U.S. Pacific Command's refueling schedules. The Pacific Command represents America's first line of defense in any future conflicts with China, so a knowledge of American wartime operations would be crucial to Chinese defense ministers. Chinese hackers also seized U.S. Navy missile and navigation systems data, nuclear submarine/anti-air missile designs, and International Traffic and Arms Restrictions (ITAR) secrets. ITAR regulations allow the Department of State to control the export and import of sensitive military technology on the United States Munitions List (USML). Essentially, all manufacturers and exporters of military technology must register with the Department of State in order to be ITAR compliant. ITAR compliance is especially critical in light of Chinese efforts to appropriate American military technology. In 2016, Su Bin, a Chinese national, was convicted of stealing data on the Boeing C-17 strategic transport aircraft and a newly developed military fighter jet.

China's focus on cyber espionage is secondary to their goal of having global military dominance. As such, it is crucial that federal agencies like DOI protect its sensitive military and federal data from further incursions by Chinese cyber-hackers. To date, the DOI has uncovered 3,000 high-risk vulnerabilities from three major bureaus: Bureau of Safety and Environmental Enforcement, United States Bureau of Reclamation (which oversees water management), and the United States Geological Survey, which operates the National Wildlife Health Center. The National Wildlife Health Center is responsible for monitoring H7N9 avian influenza outbreaks. After experiencing at least five epidemics of avian-based H7N9 human infections, the Asian power openly accused the United States of biological warfare in 2013. In response to what it considers an American threat, China has developed its own offensive biological warfare program.

Therefore, it is imperative for bureaus that house sensitive federal data on DOI servers to implement Cloud-based data security measures. Recent cyber-attacks by Chinese hacker groups such as Axiom and Deep Panda provide further evidence that the Chinese place increasing reliance on cyber espionage to fulfill its aspirations for military dominance.