Chinese hackers assault Rolls Royce’s IT system

Rolls Royce

Earlier, this year, I attended Jane’s U.S. Defense Conference, an annual event packed with security analysts and the defense contractors who love them. One of the more interesting topics discussed was the trend of Western militaries relying increasingly on commercial—rather than exclusively military—supply chains. In practice, this means that, say, U.S. combat vehicles include more and more parts that are manufactured by firms that aren’t strictly “defense contractors.” In some cases, it can mean that such vehicles even share parts with commercial, non-military cars, trucks, and planes.

This can be cheaper for American taxpayers and more efficient for the military, but it comes with risks. Consider this: The London Times reports that hackers based in China recently tried to break into the IT systems of Rolls Royce, which manufactures engines for British, U.S., and NATO combat platforms and in fact claims to be the “number two military aero engine manufacturer in the world.” Notably, Rolls Royce engines are to power the advanced Joint Strike Fighter, the U.S. Air Force’s new baby. There are obvious implications for the military balance of power here. China’s jet fighters are getting better, but they’re still behind. But manufacturing airplane engines is notoriously difficult, and the Chinese are no doubt eager to learn trade secrets from Western firms.

And Rolls Royce could be just the tip of the iceberg. Internet security firm McAfee reports that China is foremost among 120 countries that are experimenting with cyber warfare capabilities. And firms that supply parts to Western militaries obviously represent fat targets for Chinese snoops or saboteurs. Rolls Royce has supplied the British Royal Air Force for many years, so presumably it is no stranger to the security game; but when it comes to more recent entrants, do we really know how secure these supply chains are?