U.S. ingenuity created the Internet; can it keep it safe and secure?
Washington Times | Rep. Mike Gallagher
On March 23, 2016, Su Bin, a Chinese national, pled guilty to a criminal conspiracy involving hacking into the networks of key American defense contractors, stealing critical military data and then sending that information back to China. The data he stole involved programs such as the C-17 strategic airlifter as well as advanced American fighter jets. This operation was just one in a series of recent high-profile, cyber espionage campaigns against U.S. military targets.
Chinese cyber warfare, however, targets much more than the American military. As the U.S.-China Economic and Security Review Commission describes, “China has laid out an ambitious whole-of-government plan to achieve dominance in advanced technology.” To this end, Chinese doctrine blurs military and economic power and leverages cyberattacks and vulnerabilities to further its interests in both domains. A landmark 2013 study on intellectual property theft found that China is responsible for 96 percent of cyber espionage attacks. Even if this figure is high, Chinese intellectual-property theft alone costs the United States more than $100 billion in annual sales and 2.1 million jobs. All told, roughly $300 billion in American intellectual property is stolen over networks each year.
This past summer, U.S. Immigration and Customs Enforcement released a memo cautioning that DJI — a Chinese company that owns about half of the entire commercial drone market across North America — was transmitting key information on American infrastructure and law enforcement to the Chinese government. As the memo describes, DJI targets American customers based on their “ability to disrupt critical infrastructure,” amassing customers that include “some of the biggest utility and transportation companies in the United States.” Concerns about data security led the Army to ban soldiers from using DJI devices last fall.
And last year, the FBI arrested a Chinese national linked to the catastrophic 2015 breach of the Office of Personnel Management, which resulted in the compromise of highly sensitive information of over 21 million Americans. Intelligence officials are also concerned about the recent Chinese purchase of Grindr, a gay dating application, as it potentially gives the Chinese government access to a large pool of extremely personal data.
The threat extends into all our communities. A few hours from my hometown of Green Bay, Wisconsin, Chinese actors hacked the back office computer of Cate Machine & Welding, a local family-owned business. After taking control of Cate’s relatively unprotected server, the hackers used it to launch subsequent attacks against businesses, law firms and universities across the globe — from Silicon Valley to New York to Thailand.
This integrated Chinese approach to cyber, economic and military power demands that we come up with a creative and strategic response of our own. The United States cannot and should not mirror China’s centralized model. China is an autocratic society in which the government can centrally plan and implement a unified approach. In contrast, our free and open system, while less directed, fosters innovation and creativity. This is a feature, not a bug. This is one reason why almost 330,000 Chinese nationals came to America in 2016 to study in our world-class universities.
So we must find a way to reinforce the strengths of our open system — a system in which citizens should jealously guard their privacy and intellectual property — while also fostering closer collaboration between government and the private sector. As one group of cyber experts recently argued, “the U.S. public and private sectors [must] learn how to train, exercise, and operate cooperatively in cyberspace.”
After all, success in cyber ultimately depends on human capital and creativity. Here too, we face challenges. China has built-in numeric advantages when it comes to its labor force, and it is moving rapidly to develop specialized cyber warriors — with four to six dedicated cybersecurity schools planned over the next 10 years. In contrast, the United States is struggling to meet the increasing demand for cyber, with over 285,000 cyber-related job openings. We must work diligently to develop new educational and workforce-development pathways to stay ahead of our competitors.
One idea we should explore is creating a cyber service academy, not unlike West Point or the Naval Academy, where we could train the next generation of cyber warriors to serve in and out of uniform. The private sector has already recognized the importance of starting cyber education well before college, and leading companies are already working with schools and organizations at the K-12 level to teach basic cyber skills. The government needs to catch up and complement this effort.
The United States cannot afford to fall further behind in this increasingly central domain of geopolitical competition or suffer additional cyberattacks that increase our vulnerabilities across all levels of society. We need a national wake-up call that acknowledges our long-term competition with China, especially in the cyber domain, and recognizes that in order to win, we all have to participate. After all, American ingenuity invented the internet, thereby unleashing opportunities for human advancement and prosperity that would have seemed impossible just a few decades ago. Now it is our responsibility to secure these blessings to ourselves and our posterity.