It’s mildly encouraging that the United States seems to have awoken to two aspects of China’s deep strategy inside the United States—the potential for wireless networks made by Huawei to serve as surveillance channels and the danger represented by allowing a Chinese state-owned railroad company to make subway cars—equipped with malware-loaded security cameras—for the Washington, D.C. Metro.
But there is a much larger technological offensive underway inside the United States being carried out by different arms of the Chinese government and Americans do not seem to have connected the threads of this fundamentally hostile operation, much less summoned the resolve to respond. I outline all this in my book, “The New Art of War: China’s Deep Strategy Inside the United States,” seen here.
Chinese state-affiliated actors such as the Tianjin-based APT10 group have penetrated the U.S. cloud computing system, demonstrating surprising sophistication in using malware to deceive intrusion detection systems. They operated inside these sophisticated systems for four full years before U.S. authorities broke it up in December 2018. They continue to steal technology secrets and massive amounts of data. Federal Bureau of Investigations (FBI) Director Christopher Wray said this summer that his agency is investigating 1,000 cases of Intellectual Property theft in all 50 states, most of them associated with China.
Elsewhere, the Wall Street Journal reported that the secretary of the U.S. Navy has proclaimed that the Navy is under “cyber siege” from Chinese hackers, who have hacked into different tiers of naval suppliers, stolen names and personal details of at least 100,000 naval personnel, and penetrated the Navy’s dealings with research universities.
The human penetration of governmental institutions and private sector companies proceeds apace. The single most stunning example was the involvement of an official of China’s Ministry of State Security—Beijing’s equivalent of a combined FBI and Central Intelligence Agency—in seeking to obtain secrets of General Electric’s use of carbon composites in its jet engine blades. The Department of Justice and the FBI detained Yanjun Xu as part of a sting operation in Brussels. GE has displayed leadership in working with federal authorities on two economic espionage cases, but many other companies have been reluctant to follow suit, because of fear that doing so would either hurt their stock prices or incur China’s anger.
The Chinese party-state has taken advantage of the open scientific environment in the Unites States to pilfer new ideas in many ways. Perhaps the most shocking was news that some Chinese and Chinese-American academics who took part in the National Institutes of Health’s peer review process stole ideas from grant proposals and opened “shadow” laboratories in China to develop the ideas faster than the Americans could.
One of the biggest question marks is what different arms of the Chinese government are doing with the incredible amount of data they have stolen. The Office of Personnel Management was hacked in 2015 and Chinese actors obtained personal records of 22 million U.S. government employees, including CIA operatives and agents. Equifax, the credit rating agency, was hacked at the behest of China’s central bank, which obtained credit reports for 145 million Americans. And the Starwood division of Marriott lost identifies and travel details, including passport numbers, for nearly 400 million customers. Security experts report the Chinese also are stealing massive amounts of health information.
Chinese actors do not appear to be dumping these personal details on the Dark Net for commercial gain. The best guess among experts is that Chinese government entities are using Big Data techniques to compile dossiers on prominent Americans involved in technology fields or in U.S.-Chinese relations. Another use is identifying and tracking dissidents—whether Chinese, Tibetan, Uighur or Taiwanese—who are active inside the United States. Being able to combine financial, health and travel records for all these individuals would be a powerful intelligence tool.
Why has America not awoken to the scale of Chinese activities, the vast majority of which have been publicly reported? Part of the explanation seems to be sheer disbelief. How could Chinese government entities dare to do what they have been caught doing?
But the other part of the denial is the recognition that it would require a massive, expensive effort by companies and governmental bodies to harden the nation’s computing and communications infrastructure. Chief executive officers, concerned about profitability, would have to spend billions on hardening their systems. Governmental entities would have overcome bureaucratic rivalries and work together to create more resistant Information Technology systems.
There is scant chance that any negotiations with Beijing, by the Trump Administration or any other, could force a cessation of China’s digital and intelligence hostilities. Clearly, tariffs have no impact. The government of President Xi Jinping is clearly seeking to strip the United States of its technological advantage, which has enormous commercial and military implications. In so doing, he is heeding the advice of Sun Tzu, author of “The Art of War,” who wrote, “The supreme art of war is to subdue the enemy without fighting.”