In recent meetings with Chinese counterparts, Defense Secretary Leon E. Panetta exercised extreme caution where the subject of possible Chinese cyber offensives and attribution was concerned.
"It's extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to crisis in this area," Panetta said during a joint press conference with Chinese Defense officials.
Panetta's diplomacy comes in the face of escalating rhetoric from other U.S. government officials who recently sounded alarm bells during House subcommittee on Oversight, Investigations, and Management hearings conducted to better understand the nation's current state of cybersecurity.
Leading the charge with a decidedly alarmist tone was Republican Representative Michael McCaul if Texas, who boldly pronounced, "there are no shells exploding or foreign militaries on our shores. But make no mistake: America is under attack by digital bombs. China's cyber warfare capabilities and the espionage campaigns they have undertaken are the most prevalent of any nation state actor."
Chief among McCaul's concerns is the notion that the Chinese government is actively engaged in "cyber espionage" conducted by "established cyber war military units" which he believes have "laced the U.S. infrastructure with logic bombs."
Northrop Grumman also recently issued an extensive report examining the Chinese government's effort to further develop and centralize information warfare and cyber espionage capabilities.
The report, titled Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, outlines trends in the increased coordination between the nation's various sectors to create a technological and organizational advantage where advanced cyber capabilities are concerned.
"PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively. This goal has effectively created a new strategic and tactical high ground, occupying which has become just as important for controlling the battlespace as its geographic equivalent in the physical domain," the report asserts.
During the joint press conference with Panetta, Chinese Defense Minister Gen. Liang Guanglie strongly disagreed with assertions that any cyber attacks or offensive operations should be attributed to China.
"I can hardly agree with the proposition that the cyber attacks directed to the United States are directly coming from China. And during the meeting, Secretary Panetta also agreed on my point that we cannot attribute all the cyber attacks in the United States to China," he said.
"[However], cyber attacks are important to all countries around the world, and concern politics, the economy, the military and people's livelihood. Therefore, I believe it is correct for all the nations to place such great importance on cyber security."
Many security experts point out the difficulty involved in accurate attribution. Proxies, routing tricks, compromised machines, and spoofed IP addresses can be easily coordinated to give the appearance that an attack is originating far from the actual source.
In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors, a fact Chinese officials are well aware of and may use as an operational advantage.
"Both the United States and China have developed advanced technology with regard to the cyber arena... And it's true, as the general pointed out, that we agreed that there are other countries, there are hackers, there are others involved in some of the attacks that both of our countries receive," Secretary Panetta said.
In spite of Panetta's conciliatory approach to the discussions, numerous reports link Chinese hackers to a multitude of operations directed at government and private enterprise targets in the United States, including:
The largest and perhaps most damaging operation in recent years were the Aurora attacks which targeted an unknown number of large firms, including Adobe, Northrop Grumman, Dow Chemical, Morgan Stanley, and most famously Google.