Chinese view mission-critical computer code

By Charles Smith

According to a newly released General Accounting Office report on
computer security, the Federal Aviation Administration has allowed
Chinese nationals without security clearances to inspect
“mission-critical” computer source code.

“We found instances in which background searches were not performed
— including on 36 mainland Chinese nationals who reviewed the computer
source code of eight mission- critical systems as part of FAA’s effort
to ensure Year 2000 readiness,” states the August GAO report.

“By again not following its own policies, FAA increased the exposure
of its systems to intrusion and malicious attack,” the report notes.

“FAA’s own system penetration testing and vulnerability assessments
demonstrate significant areas of weakness. Because of the sensitivity
of this information, we do not publicly disclose details on these
weaknesses.”

The FAA security weakness, according to one defense adviser, could
spell disaster in the near future. According to William Triplett,
co-author of “Year of the Rat” and

“Red Dragon Rising,”
the possible Chinese army penetration of critical U.S. air traffic control systems is part of an ongoing information war being waged against America.

“This has enormous implications for communist Chinese cyber warfare against the United States,” stated Triplett, who has studied Chinese army information warfare. “In the event of a conflict, they could hold hostage the very lives of hundreds of thousands of American men, women and children.”

According to Triplett’s 1999 book “Red Dragon Rising,” Chinese army information warfare is an “unheralded national security threat to the United States.”

“The American economic, political and social system is essentially unprotected against a Chinese information warfare attack. As the PLA notes, ‘America’s economic system is extremely vulnerable to information attacks.’ Senior PLA officers have begun to talk among themselves about a pre-emptive strike using information warfare,” noted Triplett.

Concern over the GAO report is also growing on Capitol Hill. There are reports that the House National Security Committee discussed the GAO report in closed session on Wednesday. According to one congressional staffer, the FAA air traffic control system has previously been penetrated by the Chinese military.

“The Chinese signals intelligence base in Cuba has already messed with FAA air traffic control around New York during a test last year,” stated the source. “This whole situation is very troubling. The key is that these Chinese nationals were given access to ‘mission-critical’ parts of the FAA system. They know exactly where and how to bring it all down. If the Chinese army does take control of the U.S. air traffic control system, then planes will fall from the sky.”

There is open evidence that American air traffic control is vulnerable to a Chinese cyber attack. The GAO has repeatedly documented security problems inside the FAA.

The August 2000 GAO report states that the FAA has “a history of computer security weaknesses in a number of areas, including its physical management at facilities that house air traffic control (ATC) systems, security for both operational and future systems, management structure for implementing security policies, and personnel systems.

“While FAA reports that it has performed background checks on the majority of its federal employees, the same cannot be said for its many thousands of contract employees,” states the report.

“In January 2000, FAA estimated that it had over 28,000 existing contracts and purchase orders under which approximately 38,000 contract employees were engaged. However, according to the agency’s database on contract personnel, background searches have been performed for only 16,000 contract employees since 1996, which — even with the unlikely assumption that all of these people are still employed — is less than half of the current contract employee population.”

“Over the past three years, we have made over 20 recommendations to FAA to address these weaknesses in the areas of physical security of facilities, systems security, security management, and personnel security,” noted the GAO report.

“While the agency is making progress in each of these areas, much work remains to be done to assess risks and to adequately protect critical ATC facilities, information and resources. Until this work is completed, FAA will remain noncompliant with its own security policies and the systems on which the flying public depends will continue to have vulnerabilities that are not being expeditiously identified and corrected.”

In 1999, the General Accounting Office tested the physical security of the Federal Aviation Administration. GAO inspectors were able to penetrate secure areas including the offices of the secretary of State and critical air traffic computer rooms inside FAA facilities. The GAO auditors warned of the growing security problems during congressional testimony.

“We found significant weaknesses that compromise the integrity of FAA’s air traffic control operations,” stated the GAO auditor. “This review resulted in a number of findings too sensitive to discuss in today’s open hearing; accordingly, my statement will refer only to findings and recommendations contained in the unclassified version of our limited official use report. We can tell you openly, though, that we found evidence of air traffic control systems that had been penetrated, and critical ATC data had been compromised.”

“I am not familiar with this particular case at the FAA,” stated Ross Munro, director of Asian Studies at the Center for Security Studies, a Washington based think tank.

“However, I am at least very concerned,” noted Munro. “There are all too many instances where this administration has held exchanges with the People’s Republic of China and the Americans are far more eager to ingratiate themselves with the Chinese than worry about U.S. national security interests.”

Munro’s concern that air traffic security has a lower priority than diplomatic overtures to China may be correct. Declassified documents from the FAA reveal that Chinese army officials were being given unprecedented access to both sensitive air control facilities and to American military bases at the same time FAA security had been compromised.

The Chinese military visits to U.S. air traffic control facilities took place under a civil airline modernization program for China. The documents, forced from the FAA by the Freedom of Information Act, are official Air Force, Commerce Department and FAA reports on Chinese military contacts between 1993 and 1999.

The documented meetings show that the Clinton administration attempted to conceal the military background of the Chinese representatives. For example, in 1993, a Chinese military delegation visited America under the FAA civil exchange program. According to the FAA, which sponsored the visit, the entire delegation was civilian. One FAA official, however, noted that many members of the Chinese delegation actually held rank in the People’s Liberation Army.

In fact, the FAA official who attended the meeting wrote “military” next to the names of seven members of the 1993 “China Air Traffic Control” delegation in an apparent effort to track the Chinese army officers.


The 1993 FAA delegation list
includes a “Mr. Kui Fulin,” who toured FAA headquarters in Washington, D.C., Andrews AFB in Maryland and Boeing Aircraft Corporation in Washington state. According to the unknown FAA official, Kui was actually “Gen.” Kui Fulin, Chinese army deputy chief of the General Staff. Kui is also known as the man who planned the brutal 1989 army attack on unarmed student demonstrations in Tiananmen Square.

The 1993 FAA list also states that “Mr. Li Yongtai” was the commissioner of the Air Traffic Control Commission of China. According to the handwritten notes taken by the FAA, Li was actually “Lt. Gen.” Li of the Chinese air force.

According to the FAA documents,

the Chinese army access
to the FAA continued through 1999 under the civilian air program. In May 1999, documents show that Chinese air force and navy officers toured Edwards Air Force Base for the FAA civil program. Edwards AFB is a test center for Air Force and NASA research aircraft, including the space shuttle.

According to a May 1999 U.S. Air Force report, the Chinese were given details on “special airspace” areas inside America that are used for military training, research and national security zones. The Chinese military officers were also briefed on the latest in advanced “mobile radars,” command and control systems, global positioning system navigation and surveillance radars.

During the tour, Chinese military officers were also given training on U.S. Air Force combat missions, including “bombing and strafing” and “combat readiness.” The U.S. Air Force documents show Chinese air force officers were given a “simulated” F-16 training mission under the FAA civil program.

The training included a “two ship formation of F-16s from Luke AFB, Ariz.,” on a “bombing” and over-flight mission in a training area, code-named “Baghdad,” northwest of Prescott, Ariz. The simulated exercise also included “in-flight refueling” with a tanker aircraft under control of a U.S. Air Force airborne radar plane.

Related stories:


Defense denies sharing secrets with China


U.S. shares defense data with China

Charles Smith

Charles R. Smith is a noted investigative journalist. For over 20 years, Smith has covered areas of national security and information warfare. He frequently appears on national television for the Fox network and is a popular guest on radio shows all over America. Read more of Charles Smith's articles here.