Chinese cyber attacks on Transcom reveal wartime plans to disrupt U.S. military logistics

US military sealift

US military sealift

Cyber attacks aided by U.S logistics data shared with PLA in 1990s 

China’s military has conducted scores of cyber attacks against critical U.S. Transportation Command contractors a clear sign the People’s Liberation Army (PLA) is preparing to disrupt U.S. logistics and supply networks in a future conflict. 

The Chinese targeting of the Transcom networks, including 50 known attacks against 20 command contractors, was disclosed in a declassified Senate Armed Services Committee report made public last week. 

“Cyber intrusions by foreign countries into the computer networks of the U.S. Transportation Command pose a threat to U.S. military operations,” the report concludes. 

China’s military has targeted U.S. logistics – the systems used to provide arms, food, fuel and other military goods to deployed forces – for disruption in wartime and intelligence-gathering in preparation for war during peacetime, the report says. 

Chinese military planners will “seek to use cyber capabilities to impede U.S. force deployment in a contingency,” the report states. 

And the contractors hit by the Chinese included “operationally critical contractors” — both airlines and shipping companies.

The report also faulted the key military command for not being aware of the cyber attacks. “Transcom was unaware of the overwhelming majority of successful cyber intrusions,” the report said. 

Not mentioned in the Senate report is the fact that the U.S. military’s decades-long program of military-to-military exchanges aimed at “building trust” with the PLA likely contributed to China’s cyber targeting of strategic Transcom logistics capabilities. 

U.S. military exchanges with the PLA in the 1990s included revealing key details of U.S. logistics and supply capabilities, before Congress stepped in and halted logistics exchanges.

According to the Congressional Research Service, in 1995 a PLA general in the General Logistics Department was “briefed on logistics doctrine and systems” and was allowed to observe U.S. military logistics activities and installations. 

Then in 1998, another PLA general from the General Logistic Departments was allowed to visit the Warner-Robins Air Logistics Center in Georgia, and the Defense Logistics Agency’s Defense Supply Center in Richmond, both facilities in charge of critical military logistics. 

“At the Pentagon, DoD provided briefings on organizations for the DoD logistics systems, logistics modernization initiatives, joint logistics/focused logistics,” the CRS report, dated July 29, 2014, says. 

Congress blocked exchanges related to advanced logistics and 11 other critical U.S. military capabilities in 2000 over concerns the Pentagon was helping Chinese warfighting capabilities. 

But the Pentagon did not halt all exchanges on the topic. For example, during the August 2013 visit to the United States by Chinese Defense Minister Gen. Chang Wanquan, the Pentagon said of the visit that “the two sides will explore support in logistics.” 

According to the once-secret Senate report, future conflicts will include a range of cyber attacks related to denial of service, data corruption, supply chain corruption, traitorous insiders, and kinetic and non-kinetic attacks across the spectrum, from underwater to space. 

Quoting an earlier Defense Science Board report, the Senate study warns that, as a result of Chinese cyber attacks, “U.S. guns, missiles and bombs may not fire, or may be directed against our own troops.” 

“Resupply, including food water, ammunition, and fuel may not arrive when or where needed,” the report said. “Military commanders may rapidly lose trust in the information and ability to control systems and forces.” 

Cyber attacks against to defense contractors who provide vital transportation services to the military is a strategic threat to the United States “The ability to establish a foothold in DoD or contractor computer networks could provide a valuable position from which to target operations and affect the U.S. military’s ability to response quickly or effectively in the event of a contingency,” the Senate report said. 

More than 80 percent of U.S. military logistics for worldwide operations are transported by private air cargo and shipping services. And almost all communications for the services are done on unclassified networks. 

The Senate report makes clear that the Chinese military has recognized the U.S. military superiority in logistics as a vulnerability to be exploited and thus has targeted those networks for cyber attacks. 

Chinese military cyber attacks revealed in the report included a contractor who was compromised between 2009 and 2010 and lost emails, documents, user accounts, passwords and source code, indicating the penetration gain broad access. 

A second attack broke into a network used by Transcom’s Civilian Reserve Aviation Force contractors and obtained documents, flight details, credentials and personal identification numbers and passwords for encrypted email. 

Additionally, the PLA compromised multiple systems on a commercial ship used by Transcom for logistics routes. 

In a 2013 spear-phising attack, the PLA targeted commercial logistics contractors used by the U.S. Central Command, including commercial shipping companies. 

— Bill Gertz
Sept. 21, 2014