What happens when China hacks U.S. weapons designs?

The Pentagon and defense contractors likely took a three-pronged approach to responding to Chinese hackers accessing dozens of American weapons designs, a former top U.S. intelligence official told Killer Apps today.

First, they assessed the extent of the damage. Next they determined what military techniques and doctrines needed to change to prevent the intruders from being able to use the stolen info effectively. And finally, they gamed out how to turn the attack against the attackers.

"Those are the three big roman numerals in the outline that would shape the [government’s] meeting about this," the former official said.

He then drew a distinction between the problem of Chinese spies going after American weapons designs and China’s alleged state-backed economic espionage campaign against U.S. businesses.

Defense secrets, unlike business secrets, are fair game. "Those are legitimate targets," said the official, pointing out that accessing U.S weapons designs via hacking is simply traditional espionage via a new(ish) tool: the Internet.

"[A]ll nations conduct espionage, and we can’t complain when some other nation’s espionage service successful," the official said. "Steal my secrets, shame on me."

Therefore, in the wake of the penetrations by foreign hackers, the Pentagon and defense contractors had to first assume the worst when assessing the impact of the hacks, asking themselves:

"What is the impact of the loss of this information" and "how much of this is truly special stuff that would not be surmised by the Chinese" without using espionage, said the former official. "You go through the detailed information as to ‘what does this loss mean for me’ — which of my designs, tactics, techniques, procedures, training, expectations of the Chinese [way of fighting] do I have to adjust because I must assume that they know this and will act on it."

This doesn’t necessarily mean that China will be able to build its own versions of American weapons or figure out how to better fight against U.S. weapons, he pointed out.

"Collecting information is only the start of this process" for the Chinese, or any spy agency, said the former official. "You’ve got to process it, you’ve got to translate it, you’ve got to analyze it, you’ve got to report it. But [the victim] has got to assume that if they’ve accessed it, then they’re going to make good use of it."

The worst-case scenario means that the United States assumes China will do everything from making cheaper, or more effective, versions of U.S. weapons to figuring out how to defeat those weapons on the battlefield by understanding their designs and how the U.S. will use them.

"It erodes your advantage from both ends. They begin to be more able, more quickly, to match that which you are creating, and they have detailed knowledge of you so that they can begin to develop their countermeasures" to your weapons, the ex-official said.

Assume the hackers are able to make good use of their new trove, the ex-official said. "What of my doctrine, tactics, techniques, procedures, training do I change because now I assume they have that information?"

For example, "If they learn the beyond-visual-range [BVR] doctrine we have for AMRAAM missiles is not to launch it 35-miles [from a target] although it’s technically capable of flying 50-miles, well, you may say, ‘We’d better change our doctrine," the ex-official said, offering a hypothetical scenario of how the Pentagon would react to this type of espionage.

It can take a long time for a government to assess and fix the damage of this kind of espionage. The attacks on U.S. weapons programs likely occurred more than two years ago, according to Pentagon officials.

But once the initial leak is contained, it’s time to think about countermeasures.

"You can take advantage of a penetration to lead an adversary where you want him to go," said the former senior spook.

"You can also work to make the adversary lose confidence in the information he’s acquiring. The layman’s response to spying and the cop’s response to spying is, ‘Lock the bastard up,’ [but] in the world of pure intel, you say, "’Wait a minute here. That may not be our best option.’"