A final element of the Chinese strategy appears to be achieving the ability to surveil American decision-making systems. “China wants to have somebody sitting in a big control room in Beijing with a set of screens in front of them looking at every computer system in the United States on a real-time basis,” Dickinson said. “Not just computer systems, but also every Internet of Things system, every cell phone system. They’ll use Artificial Intelligence to filter the information so that it’s not just a random blob on the screen. That’s their goal. There’s no question about it.” 

As a result of China’s increased sophistication, government agencies, such as the Department of Defense and the Department of Energy, which collectively oversee the nation’s nuclear capability, face vulnerabilities in their supply chains. Chinese hackers target small sub-suppliers that have scant protection and work their way up to larger and larger companies.  

The Pentagon’s defense industrial base includes more than three hundred thousand companies, and it faces a constant battle to identify foreign government intrusions. In a hack revealed by the U.S. Department of Justice in 2018, APT10—malicious cyber actors associated with the Ministry of State Security—obtained the names and personal information of over one hundred thousand members of the U.S. Navy as well as ship maintenance records. Governmental departments and agencies often rely heavily on private-sector networks.  

American CEOs have been reluctant to face up to the fact that their networks are vulnerable, assuming it is just the cost of doing business in China. Or else they have persuaded themselves that Chinese hackers are not a threat because they don’t actually disrupt a system as the North Koreans did to Sony’s studios in Hollywood. Executives also may fear negative publicity and angry shareholder lawsuits. Perhaps they assume that national security is not their job, but rather the government’s job. 

But it appears that China, which has declared a “military-civil fusion,” is exploiting the gaps in the American pluralistic system to undermine both governmental and corporate interests. As U.S.-China technology tensions mount, American companies need to embrace more public-private partnerships with U.S. government entities to secure the nation’s information technology systems. 

For starters, the Pentagon needs the authority to obtain visibility into the information and technology systems of all the companies in its supply chain, which it currently lacks. That’s just one piece of the puzzle. Companies have to invest to harden their systems and employ more people to monitor those systems. The American educational system, for its part, must get serious about creating more STEM students so that the United States has the human capital to build and monitor communications infrastructures. American companies must work with the government to bring critical technology manufacturing back to the United States, easing an almost-complete dependence on China in key areas. The new National Strategy for Critical and Emerging Technologies is an important first step. But it clearly will require a massive public-private mobilization, a “whole-of-nation” response, to prevent the United States from sliding into Xi Jinping’s surveillance state.

Americans could once rest comfortably in the assumption that they possessed overwhelming technological dominance. But China’s government is working hard to prove them wrong. 

Michael G. McLaughlin is the Senior Counterintelligence Advisor for United States Cyber Command and a Juris Doctor candidate at the University of Maryland School of Law. William J. Holstein is the author of The New Art of War: China’s Deep Strategy Inside the United States. 

The views and opinions expressed in this paper and/or its images are those of the authors alone and do not reflect the official policy or position of the U.S. Department of Defense (DoD), U.S. Cyber Command, or any agency of the U.S. government. Any appearance of DoD visual information or reference to its entities herein does not imply or constitute DoD endorsement of this authored work, means of delivery, publication, transmission, or broadcast. 

Image: Reuters