Mark Ralston / AFP - Getty Images

A Chinese paramilitary officer rides a scooter in Beijing on Wednesday. Beijing dismissed an annual Pentagon report that accused it of widespread cyberspying on the U.S. government, rejecting it as an "irresponsible

BEIJING -- China on Wednesday accused the United States of sowing discord between it and its neighbors after the Pentagon said Beijing is using espionage to fuel its military modernization, branding Washington the "real hacking empire.”

The latest salvo came a day after China's foreign ministry dismissed as groundless a Pentagon report that accused China for the first time of trying to break into U.S. defense computer networks.

The Pentagon also cited progress in Beijing's effort to develop advanced-technology stealth aircraft and to build an aircraft carrier fleet to project power further offshore.

The People's Liberation Army Daily called the report a "gross interference in China's internal affairs.”

"Promoting the ‘China military threat theory’ can sow discord between China and other countries, especially its relationship with its neighboring countries, to contain China and profit from it," the newspaper said in a commentary that was carried on China's Defense Ministry website.

The United States is "trumpeting China's military threat to promote its domestic interests groups and arms dealers,” the newspaper said, adding that it expects "U.S. arms manufacturers are gearing up to start counting their money.”

The remarks in the newspaper underscore the escalating mistrust between China and the United States over hacking, now a top point of contention between Washington and Beijing.

A U.S. computer security company, Mandiant, said in February a secretive Chinese military unit was likely behind a series of hacking attacks that targeted the United States and stole data from more than 100 companies.

That set off a war of words between Washington and Beijing.

China has said repeatedly that it does not condone hacking and is the victim of hacking attacks -- most of which it says come from the United States.

"As we all know, the United States is the real 'hacking empire' and has an extensive espionage network," the People's Daily, a newspaper regarded as a mouthpiece of the Chinese Communist Party, said in a commentary.

"In recent years, the United States has continued to strengthen its network tools for political subversion against other countries,” the article said.

"Cyber weapons are more frightening than nuclear weapons," the People's Daily said. "To establish military hegemony on the Internet by repeatedly smearing other countries is a dangerous and wrong path to take and will ultimately end up in shooting themselves in the foot."

Related links:

Report: China snooping around Pentagon computers

'Not based in fact': China angrily denies being behind widespread US hacking

Analysis: As cyberthreat looms, here's what really matters

China is using espionage to acquire technology to fuel its military modernization, the Pentagon said on Monday, for the first time accusing the Chinese of trying to break into U.S. defense computer networks and prompting a firm denial from Beijing.

In its 83-page annual report to Congress on Chinese military developments, the Pentagon also cited progress in Beijing's effort to develop advanced-technology stealth aircraft and build an aircraft carrier fleet to project power further offshore.

The report said China's cyber snooping was a "serious concern" that pointed to an even greater threat because the "skills required for these intrusions are similar to those necessary to conduct computer network attacks."

"The U.S. government continued to be targeted for (cyber) intrusions, some of which appear to be attributable directly to the Chinese government and military," it said, adding the main purpose of the hacking was to gain information to benefit defense industries, military planners and government leaders.

A spokeswoman said it was the first time the annual Pentagon report had cited Beijing for targeting U.S. defense networks, but China dismissed the report as groundless.

The U.S. Defense Department had repeatedly "made irresponsible comments about China's normal and justified defense build-up and hyped up the so-called China military threat," Chinese Foreign Ministry spokeswoman Hua Chunying said.

"This is not beneficial to U.S.-China mutual trust and cooperation," Hua told reporters. "We are firmly opposed to this and have already made representations to the U.S. side."

China's defense build-up was geared towards protecting its "national independence and sovereignty," Hua said.

On the accusations of hacking, Hua said: "We firmly oppose any groundless criticism and hype, because groundless hype and criticism will only harm bilateral efforts at cooperation and dialogue."

Despite concerns over the intrusions, a senior U.S. defense official said his main worry was the lack of transparency.

"What concerns me is the extent to which China's military modernization occurs in the absence of the type of openness and transparency that others are certainly asking of China," David Helvey, deputy assistant secretary of defense for East Asia, told a Pentagon briefing on the report.

He warned of the "potential implications and consequences of that lack of transparency on the security calculations of others in the region."

The annual China report, which Congress began requesting in 2000, comes amid ongoing tensions in the region due to China's military assertiveness and expansive claims of sovereignty over disputed islands and shoals. Beijing has ongoing territorial disputes with the Philippines, Japan and other neighbors.

Beijing's publicly announced defense spending has grown at an inflation-adjusted pace of nearly 10 percent annually over the past decade, but Helvey said China's actual outlays were thought to be higher.

China announced a 10.7 percent increase in military spending to $114 billion in March, the Pentagon report said. Publicly announced defense spending for 2012 was $106 billion, but actual spending for 2012 could range between $135 billion and $215 billion, it said. U.S. defense spending is more than double that, at more than $500 billion.

The report highlighted China's continuing efforts to gain access to sophisticated military technology to fuel its modernization program. It cited a laundry list of methods, including "state-sponsored industrial and technical espionage to increase the level of technologies and expertise available to support military research, development and acquisition."

Dean Cheng, an analyst at the conservative Heritage Foundation think tank, said he was surprised by the number of cases of human espionage cited in the report.

"This is a PLA (People's Liberation Army) that is extensively, comprehensively modernizing," Cheng said. "...China is also comprehensively engaging in espionage."

China tested its second advanced stealth fighter in as many years in October 2012, highlighting its "continued ambition to produce advanced fifth-generation fighter aircraft," the report said. Neither aircraft of its stealth aircraft was expected to achieve effective operational capability before 2018, it said.

Last year also saw China commission its first domestically produced aircraft carrier. China currently has one aircraft carrier bought abroad and conducted its first takeoff and landing from the ship in November.

Reporting By David Alexander and Phil Stewart, Additional reporting by Michael Martina in Beijing; Editing by Nick Macfie

The past several weeks have seen an explosion of news about United States cybersecurity. First, stories about Chinese cyberattacks. Next, the president’s historic reference to cybersecurity in the State of the Union address. Finally, more stories about Chinese cyberespionage. If one is in the business of national security, these and other stories represent identifiable parts of a larger, cohesive story. But for the lay reader, discerning that larger story is more challenging. What is old news? What is new? And what lies ahead?

The old news: the scale, types, and sources of the attacks

According to a recent Washington Post article, a new U.S. government intelligence assessment describes the massive scale of cyberattacks by nation states (most notably, by China), criminal organizations, and individuals. Although it is fair to say that the scale, scope, and sophistication of such attacks have increased over the past several years, the basics have largely remained the same. The U.S. government and affected commercial sectors have been well aware of these threats. All too many industries — information technology, defense, energy, advanced manufacturing, healthcare, agriculture, law, non-governmental organizations, and the media, to name a few — have been attacked, and in the most sophisticated cases the perpetrators have been traced back to China. Even the most technologically able of companies, such as Google and defense contractors, have found Chinese cyberattackers resident in their networks. Intruders have been able to steal enormous amounts of sensitive and valuable information. The combined result of this U.S.-to-China illicit exfiltration is what one official has called “the greatest transfer of wealth in history.” 

Also in the “old news” category is that not all attacks are about stealing. In less common but more immediately disruptive cases, state-sponsored cyberattackers — most notably from Iran — have caused significant harm to computer networks. Specifically, last fall attackers disrupted U.S. financial institutions’ networks, making some websites temporarily inaccessible. Even more destructively, Iranian cyberattackers rendered inoperable 30,000 computers at the world’s largest oil company, Saudi Aramco. These attacks illustrate what cyber professionals have long known: cyberattacks — especially against critical infrastructure — can easily turn from silent burgling to serious disruptions or destruction. 

The new news: exactly who is attacking us, and presidential action

The past several weeks have also highlighted new developments in cyberwarfare, most significantly exactly who the attackers are and more forceful executive branch efforts to combat cyberattacks.     

On the first, a report this week by the network security company Mandiant concluded that a significant number of sophisticated attacks originated not just from China, but likely were perpetrated by the Chinese military. Although this may not be new to many “on the inside,” the public attribution to the People’s Liberation Army (PLA) with a highly detailed description of their modus operandi as well as individuals involved is something we have not seen publicly before. There are real risks to this disclosure, as it will undoubtedly drive the PLA to pursue new tactics to avoid detection, but Mandiant (and many others) clearly believe that those risks are outweighed by the value of highlighting China’s efforts.

On the second point, there has indeed been a flurry of presidential activity over the past two weeks. Most significantly, the president’s executive order sought to maximize what federal departments could do absent legislation. The executive order specifically seeks to improve classified and unclassified information-sharing between the government and private sector, prioritize the protection of critical infrastructure (e.g., our electrical grid), and develop voluntary private sector standards for cyberdefense. The administration has also announced a government-wide effort to combat the theft of trade secrets from U.S. companies. This is significant in that it is the first high-profile and consolidated public statement — quite clearly focused on China — that contemplates more forceful legal and trade action against China should it not alter its behavior.

What lies ahead: legislation, confrontation, destruction?

Where then does this leave us? I expect major developments on at least three fronts. 

First, legislation. Although the executive order is a first step, most recognize that legislation is necessary to enhance our cyberdefenses. Specifically, only legislation can provide companies immunity for providing cybersecurity-related information to the government. In addition, only legislation can clarify who in the government — the Departments of Defense, Justice, Homeland Security, and Intelligence Community, among others — should or must have access to the private sector information that is provided to officials. There are, of course, difficult questions embedded in these high-level issues: Will such information sharing affect the privacy of ordinary citizens? How will the federal bureaucracy (and federal workforce) keep pace with rapid technological change? More broadly, will the focus on information-sharing provide enough defense against a smart, determined adversary for whom economic espionage is a national imperative?

Second, confrontation. Assuming — and I think it is a very solid assumption — that cyberdefense can never do enough to protect networks, to what degree will the U.S. (and other nations) confront China (and other large-scale cyberattackers) to convince them to limit their use of cybertheft? Although the new administration strategy suggests greater forcefulness, the proof will be in the pudding. Neither the United States nor other nations can afford to view China through a singular cyberlens given our deep economic ties and reliance on their support for global hotspots like North Korea. In addition, to what degree will private companies who look to China as a massive emerging market be willing to proclaim publicly that their secrets have been stolen by China or others? I expect to see continued confrontation with China over these matters, but I’m less sanguine that we will be able to seriously alter its current cybercalculus.

Third, destruction. While the present focus has been largely on economic loss, we must not lose sight of the very real risk of destructive cyberattacks. As already noted, Iranian-sponsored cyberattacks effectively destroyed computers in Saudi Arabia, as well as computers at RasGas in Qatar. Using cybertools, determined adversaries can disrupt industrial control systems that govern our critical infrastructure, to include electrical, water, telecommunications, and air traffic control systems. In an armed conflict with a country like Iran, we will have to be prepared for such attacks; if Iran is willing to disrupt U.S. banking institutions today, then we would be foolish to think they would not be willing to do more in the midst of a hot war. And although Iran may not possess sufficiently skilled cyberwarriors to cause serious harm, we must remember that other, non-state actors might well be willing to assist in the fight if the price is right. Warning of a “cyber Pearl Harbor” is in my view a bit too alarmist, but we must nevertheless recognize — and mitigate — what is a clear, nationwide vulnerability today. 

Michael Leiter was director of the United States National Counterterrorism Center under Presidents George W. Bush and Barack Obama, serving from 2007 through 2011. He is a counterterrorism, cybersecurity and national security analyst for NBC News.

A report tying the Chinese military to computer attacks against American interests has sent a chill through cyber-security experts, who worry that the very lifelines of the United States — its energy pipelines, its water supply, its banks — are increasingly at risk.

The experts say that a successful hacker attack taking out just a part of the nation’s electrical grid, or crippling financial institutions for several days, could sow panic or even lead to loss of life.

“I call it cyberterrorism that makes 9/11 pale in comparison,” Rep. Mike Rogers, a Michigan Republican and chair of the House Intelligence Committee, told NBC News on Tuesday.

An American computer security company, Mandiant, reported with near certainty that members of a sophisticated Chinese hacking group work out of the headquarters of a unit of the Chinese army outside Shanghai.

The report was first detailed in The New York Times, which said that the hacking group’s focus was increasingly on companies that work with American infrastructure, including the power grid, gas lines and waterworks.

The Chinese embassy in Washington told The Times that its government does not engage in computer hacking.

As reported, the Chinese attacks constitute a sort of asymmetrical cyberwarfare, analysts said, because they bring the force of the Chinese government and military against private companies.

“To us that’s crossing a line into a class of victim that’s not prepared to withstand that type of attack,” Grady Summers, a Mandiant vice president, said on the MSNBC program “Andrea Mitchell Reports.”

The report comes as government officials and outside security experts alike are sounding ever-louder alarms about the vulnerability of the systems that make everyday life in the United States possible.

Outgoing Defense Secretary Leon Panetta warned in October that the United States was facing a threat that amounted to “cyber Pearl Harbor” and raised the specter of intentionally derailed trains, contaminated water and widespread blackouts.

“This is a pre-9/11 moment,” Panetta told business executives in New York. “The attackers are plotting.”

RELATED: Report: Chinese army tied to widespread U.S. hacking

The Times report described an attack on Telvent, a company that keeps blueprints on more than half the oil and gas pipelines in North and South America and has access to their systems.

A Canadian arm of the company told customers last fall that hackers had broken in, but it immediately cut off the access so that the hackers could not take control of the pipelines themselves, The Times reported.

Dale Peterson, founder and CEO of Digital Bond, a security company that specializes in infrastructure, told NBC News that these attacks, known as vendor remote access, are particularly worrisome.

“If you are a bad guy and you want to attack a lot of different control systems, you want to be able to take out a lot,” he said. “The dirty little secret in these control systems is once you get through the perimeter, they have no security at all. They don’t even have a four-digit pin like your ATM card.”

Carlos Barria / Reuters

Locals walks in front of 'Unit 61398', a secretive Chinese military unit, in the outskirts of Shanghai. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said.

The 34-minute blackout at the Super Bowl earlier this month highlighted weak spots in the nation’s power system. A National Research Council report declassified by the government last fall warned that a coordinated strike on the grid could devastate the country.

That report considered blackouts lasting weeks or even months across large parts of the country, and suggested they could lead to public fear, social turmoil and a body blow to the economy.

Vital systems do not have to be taken down for very long or across a particularly widespread area, the experts noted, to cause social disorder and to spread fear and anxiety among the population.

Last fall, after Hurricane Sandy battered the Northeast, it took barely two days for reports of gasoline shortages to cause hours-long lines at the pumps and violent fights among drivers.

Peterson described being in Phoenix, Ariz., during a three-day gas pipeline disruption “when people were waiting in line six hours and not going to work. You can imagine someone does these things maliciously, with a little more smarts, something that takes three months to replace.”

Similarly, hacking attacks last fall against major American banks — believed by some security experts and government officials to be the work of Iran — amounted to mostly limited frustration for customers, but foreshadowed much bigger trouble if future attacks are more sophisticated.

What worries Dmitri Alperovitch, co-founder of the computer security company CrowdStrike, is a coordinated attack against banks that modifies, rather than destroys, financial data, making it impossible to reconcile transactions.

“You could wreak absolute havoc on the world’s financial system for years,” he said. “It would be impossible to roll that back.”

While the report Tuesday focused on China, the experts also highlighted Iran as a concern. That is because China, as a “rational actor” state, knows that a major cyberattack against the United States could be construed as an act of war and would damage critical economic cooperation between the U.S. and China.

“With the Iranians in the game,” Rogers said, “what’s worrisome is they don’t care. They have no economic lost opportunity.”

Security experts have for years expressed concern, if not outrage, that the nation’s critical infrastructure remains so vulnerable so long after Sept. 11, 2001.  

But the escalating threats from hackers in China and Iran, in addition to Russia and North Korea, appear to be lending new urgency to efforts to make sure companies and government agencies are better prepared.

President Barack Obama announced in his State of the Union message last week that he had signed an executive order directing federal agencies to share certain unclassified reports of cyber threats with American companies.

The next day, Rogers and Rep. Dutch Ruppersberger, a Maryland Democrat, reintroduced legislation designed in part to help companies share information. The bill passed the House last year but stalled in the Senate.

State Department spokeswoman Victoria Nuland said Tuesday that the United States has “substantial and growing” concerns about threats to the U.S. economy and national security posed by cyberattacks.

“I think as recent public reports make clear, we’re obviously going to have to keep working on this,” she said. “It’s a serious concern.”

Peterson said that oil, gas and electric companies had led the way in developing security perimeters, with water companies “kind of in the middle” and transportation and mining companies lagging.

But even the protections enacted by companies so far leave too many holes, he said.

“They’re all in the same situation,” Peterson said. “If you get through the perimeter, you can do whatever you want.”

This story was originally published on Tue Feb 19, 2013 2:47 PM EST