China's strengthening cyber capabilities will complicate US efforts to defend itself against industrial espionage and possible military confrontations in places such as Taiwan, according to a new US congressional report released today.

The report was written by defence contractor Northrop Grumman for the US-China Economic and Security Review Commission, which was set up by Congress in 2000.

It paints a grim picture for the US, whose defence and high-tech companies including Google have been successfully breached by suspected China-based hackers.

The US faces risks from attackers who seek to infiltrate the supply chains for electronics such as chips or integrated circuits, which could be modified to intentionally fail, the report said.

Stuxnet

"The supply chain for microelectronics and telecommunications-related hardware in particular is extremely diffuse, complex, and globally dispersed, making it difficult for US firms to verify the trust and authenticity of the electronic equipment they purchase," it said.

At particular risk is the telecommunications industry, the report said. Equipment could be modified by an adversary in order to gain covert access, monitor systems. False instructions could be planted to cause "destruction of the targeted system," it said.

In 2010, Iran was targetted by a malicious software program called Stuxnet that caused industrial control equipment made by Siemens fail, interrupting the country's uranium enrichment machinery.

The US has already been battling with counterfeit equipment coming from China. The report said infiltration of hardware resellers and distributors "continue to pose significant law enforcement and counterintelligence challenges to the United States".

Trojan access

"By providing counterfeit hardware that already contains the Trojanized access built into the firmware or software, a foreign intelligence service or similarly sophisticated attacker has a greater chance of successfully penetrating these downstream supply chains," it said.

Within China's military, the report said the People's Liberation Army (PLA) has a broad framework called "information confrontation" that appears to wrap computer network operations together with electronic warfare, psychological operations and deception.

"PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary's information and information systems, often preemptively," the report reads.

Electronic warfare

The difficulty the US faces with electronic warfare is that aggressive cyber acts are difficult to attribute, which complicates a response. China has developed strong capabilities to disrupt the US military's electronic command-and-control systems, known as C4ISR infrastructure, which could hamper a quick response to a crisis in, for example, Taiwan.

"Chinese commanders may elect to use deep access to critical US networks carrying logistics and command and control data to collect highly valuable real time intelligence or to corrupt, the data without destroying the networks or hardware," the report said.

China also invests heavily at an academic level: At least 50 universities that do information security research received grants from national technology grant programmes, supporting the country's broad goals to be an information technology power.