CAPITOL HILL The Pentagon is kicking off a new effort to integrate counterintelligence and law enforcement into acquisition, citing a string of successful Chinese hacks that resulted in the theft of defense secrets.
The Pentagon’s deputy secretary for intelligence, Kari Bingen, told lawmakers at the House Armed Services Committee today that the Pentagon can no longer be concerned only with cost, schedule, and performance. “We must establish security as a fourth pillar in defense acquisition,” she said, while making security “a major factor in competitiveness for U.S. government business.”
The plan, dubbed “Deliver Uncompromised,” is looking for ways the Pentagon can work with the defense industry on a case by case basis to toughen security and head off threats, adding security and counterintelligence assets “to augment our collection and analysis capabilities, gain a more comprehensive understanding to threats against our technologies.”
The announcement came days after reports emerged that China had hacked into a U.S. defense contractor, stealing classified information about undersea warfare technologies, including plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020.
The episode was seemingly referenced by Rep. Adam Smith, who tore into the administration for failing to put together an industrial-base policy to confront Chinese and individuals’ hacking attempts.
“We had a briefing yesterday on a cyber breach, and it was shocking how disorganized, unprepared, and, quite frankly, utterly clueless the branch of the military was that had been breached,” Smith said.
Bingen added that the current security procedures for government contractors are “checklist-based,” and ineffective for a new era of sophisticated penetration by a variety of means. New rules must be “risk-based” and “informed by the threat and the department’s technology protection priorities.”
She acknowledged that the new scrutiny might not be wholly welcome by industry. “It’s probably going to be more uncomfortable for industry, but we need them as a partner to do this if they’re going to be able to deliver uncompromised.”
Another top Pentagon official, appearing alongside Bingen, compared Chinese theft of American technologies, hacking defense contractors, and investing in U.S. technology companies to the illegal Chinese construction of military outposts in the South China Sea.
“It is adversarial behavior,” research and engineering chief Michael Griffin said. “And its perpetrator must be treated as such.”
Despite the tough talk, however, the government has yet to figure out a way to impose those penalties. Several lawmakers were frustrated at the lack of punitive measures taken against China in the wake of several high-profile hacking and intellectual property theft cases.
Democrat Rick Larsen criticized the Pentagon’s embrace of the phrase “great power competition” when describing the competition between Washington and Beijing. The phrase “is being tossed around like candy at a 4th of July parade, and I don’t think you’re living up to it,” he said, citing the lack of pushback against Chinese investment in U.S. tech companies, and the well-publicized theft of American intellectual property.
Appearing across town at a thinktank event, Gen. Paul Selva, vice chairman of the Joint Chiefs echoed a similar theme. “With the Chinese, you have to protect what you have because, if they can’t learn about it, they’ll try to buy it. If they can’t learn about it or buy it, they’ll try to steal it. And we know they’re active in all three domains–learning, buying and stealing.”
(Of course, many countries play this game of industrial espionage. Just check out some of these reports.)
Speaking with reporters after the hearing, HASC Chairman Mac Thornberry said that a solution is elusive, but some will be dealt with in the upcoming defense policy conference between the House and Senate slated for next month.
He said he doesn’t want to limit the analysis to any particular incident, but instead to consider the broad pattern of Chinese activity against the entire U.S. industrial base and government. “That’s the real concern. It’s what they’re doing across the board that’s so concerning,” he said. The lawmaker also warned not to look for any magic solution that will clean up the problem in the short term. “We’re not going to pass a bill that will fix it all,” he said. “But we’ve got lots of catching up to do because we have not updated our laws to reflect the changes in world circumstances or the changes in technology, primarily cyber.”