The Cipher Brief is engaging with dozens of Cipher Brief experts, government speakers and private industry executives this week on the national security challenges that are impacting the public and private sectors. We will have special coverage of the 2019 Threat Conference and will be re-posting some of our most insightful comment from experts.
Today, we revisit The Coming Chinese Storm.
Director of National Intelligence Dan Coats briefed the Senate Select Committee on Intelligence in January about the comprehensive threat that China poses to U.S. national security.
While there were a number of areas where the IC assessed a serious national security threat, (cyber, counterintelligence, space and counterspace) the DNI also laid out the threat based on China’s expanding global reach and predicted a coming ideological battle between the U.S. and China.
"We assess that China’s leaders will try to extend the country’s global economic, political, and military reach while using China’s military capabilities and overseas infrastructure and energy investments under the Belt and Road Initiative to diminish U.S. influence," reads Coats' Statement for the record. The statement also includes the IC's prediction of a coming ideological battle. "Chinese leaders will increasingly seek to assert China’s model of authoritarian capitalism as an alternative – and implicitly superior – development path abroad, exacerbating great-power competition that could threaten international support for democracy, human rights, and the rule of law."
Cipher Brief Expert and former CIA Deputy Director for Counterintelligence, Mark Kelton examines the roots of The Coming Chinese Storm.
A gifted intelligence officer with whom I worked was fond of pronouncing, “A storm is announced by a single breeze”. That supposed Chinese saying was invariably invoked when we thought we had divined the first hint of our adversary’s intent.
The Chinese intelligence storm bearing down on the U.S. has long since announced itself, building from that portentous breeze to a truly gale force. It is a secret assault on America that is without parallel since the assault mounted by Moscow in the 1930’s and 40’s.[1] As was the case during that so-called “Golden Age" of Soviet espionage, Beijing’s ongoing intelligence campaign has garnered no more than episodic public attention, and then only when a spy is arrested or a high-profile cyber-attack is detected.
Mark Kelton, Former Deputy Director for Counterintelligence, CIA's National Clandestine Service
"Although U.S. counterintelligence (CI) professionals have long viewed the Chinese intelligence threat with concern, there has been little broader consideration of the potential cumulative impact of that effort on broader U.S. national security, or what we have learned about our adversary. Nevertheless, indications of the scale and increasing intensity of this intelligence tempest abound, particularly in comparison with past Chinese intelligence practices."
In contrast with the Cold War battle between Soviet and American spy services, intelligence activity directed against the U.S. by Beijing during that period, reflected China’s relative strategic weakness. Aptly captured by its moniker - “A Thousand Grains of Sand”[2]- most Chinese spying activities of that era were characterized by patient, low-profile activity intended to minimize risk of exposure and consequent damage to relations with the target country. Such operations relied (and rely in that they continue today) heavily on the numerous students, researchers, and other legal travelers visiting, or living in, the U.S. for the collection of information. “If you want information on a certain question”, Mao said of this approach, “then the intelligence reports come in as so many snowflakes. We also have our intelligence service and it is the same with them.” While time consuming, such tactics produced some significant successes (e.g., the theft of U.S. nuclear warhead designs, most notably the W-88) without engendering the robust U.S. response that more aggressive methods might have evoked.[3]
American CI organizations; their experience and knowledge shaped by struggles with Soviet services that conducted espionage operations in a manner familiar to their ‘Main Enemy’; struggled to come to grips with this subtler way of spying.
Some Chinese spies, such as Central Intelligence Agency (CIA) turn-coat Larry Wu-Tai Chin and Federal Bureau of Investigation (FBI) source turned double agent Katrina Leung (aka ‘PARLOR MAID’), were uncovered. But even those notable cases of spying were in keeping with the preferred Chinese intelligence methodology of that time, which concentrated on those of Chinese heritage, both because they were viewed as more susceptible and compatible targets, and because dissident organizations – a focus of China’s intelligence and security organizations then and now - were largely composed of ethnic Chinese.
In recent years, however, we have seen the exposure of an unprecedented number of Americans from a variety of backgrounds, working as Chinese spies, or accused of working as Chinese spies. They include former CIA officers Kevin Mallory (convicted of espionage in June) and “Jerry” Chun Shing Lee (arrested in January 2018 on spying charges with a trial set to begin next week), former Defense Intelligence Agency (DIA) officer Ron Rockwell Hansen (arrested in June and charged with passing technology and information about U.S. military and intelligence issues to China); U.S. State Department official Candace Claiborne (arrested in 2017 on charges of passing information to Chinese intelligence in exchange for cash and gifts); FBI employee Kun Shan “Joey” Chun (who plead guilty in 2016 to providing China with restricted and sensitive information); and Glenn Duffie Shriver (recruited while studying in Shanghai and arrested in 2010 while applying for CIA employment at the behest of the Chinese Ministry of State Security).
Mark Kelton, Former Deputy Director for Counterintelligence, CIA's National Clandestine Service
"As CI professionals know all too well, however, no matter how many spies are caught, there are always more at liberty. That said, Sun Tzu’s age-old wisdom that “knowledge of the enemy's dispositions can only be obtained from other men” needs a cyber caveat."
The considerable damage - to include the lives of heroes lost - ascribable to the betrayal of those uncovered as Chinese spies, has been compounded by seemingly myriad Chinese cyber-attacks, principally ordered by by the People’s Liberation Army Third Department (3PLA), against the U.S. government and private sector organizations.[4]
Moreover, Chinese theft of technology and secrets through espionage is greatly assisted by an asymmetrical advantage that Beijing enjoys over the U.S. By law, U.S. intelligence cannot conduct industrial espionage to the benefit of American business and industry. In contrast, China brings to bear all means available to it, including intelligence resources, to advance Chinese businesses and industries vis-à-vis their competitors.[5] In effect, Chinese economic espionage is indivisible from the China’s circumvention of U.S. law, utilization of unfair trade practices and exploitation of the promise of access to Chinese markets to steal U.S. technology, industrial secrets and intellectual property. Among the ploys employed by Beijing:
- Leveraging joint ventures to acquire intellectual property and to effect technology transfers;
- Combining cyber-attacks with the use of human penetrations to collect sensitive information from U.S. technology and R&D firms;
- Using private equity firms and shell companies to hide Chinese government involvement in business ventures, to include payment of premiums for acquisitions and the targeting of distressed American companies through bankruptcy;
- Manipulating deals to reduce the market value of targeted companies before acquisition;
- Offering investment opportunities to individuals and small companies seeking quick funding;
- Making the transfer of technology and intellectual property a pre-condition for granting U.S. firms access to the China market;[6]
- And exploiting China’s 2017 internet regulations requiring foreign firms seeking access to the China market to provide source code to facilitate technology theft.[7]
This holistic Chinese assault on U.S. business and industry has, in the words of former House Permanent Select Committee on Intelligence Chairman, Mike Rogers, “reached an intolerable level.” The pilfering of U.S. technology, much of it embargoed military and defense equipment stolen by China and Russia, has reached Cold War levels.[8] At the same time, in accord with its so-called ‘Thousand Talents’ Plan begun in 2008, Beijing is also drawing on the skills of its citizens educated or employed in the U.S., to ‘transfer, replicate and eventually overtake U.S. military and commercial technology’.[9] The aggregate loss of U.S. technology and knowledge to China endangers our national security. As General Michael Hayden has rightly said: “This is stealing American wealth. It’s stealing American jobs. It’s stealing American competitive advantage.”
Read part two of The Coming Chinese Storm, focusing on the reflections of this aggressive shift in Chinese strategy and the reach of China's expansionist goals and what they mean for U.S. national security.
This piece was originally published in The Cipher Brief in August 2018 and was updated February 5, 2019.
[1] As documented by the VENONA Project, the Soviets succeeded in recruiting hundreds of Americans as agents; in the placement of many of those spies in key positions; in the theft by such front organizations as AMTORG[1] of voluminous American industrial secrets; and in the penetration of key U.S. defense programs, to include the Manhattan Project. [2] “If a beach was an espionage target, the Russians would send in a sub, frogmen would steal ashore in the dark of night and with great secrecy collect several buckets of sand and take them back to Moscow. The Americans would target the beach with satellites and produce reams of data. The Chinese would send in a thousand tourists, each assigned to collect a single grain of sand. When they returned, they would be asked to shake out their towels. And they would end up knowing more about the sand than anyone else.” – Peter Mattis (Former CIA China analyst).[3] Warhead for the Trident D-5 submarine-launched ballistic missile. [4] Among the higher profile cyber espionage operations publicly attributed to Chinese intelligence agencies are the 2014 “hack” of U.S. Office of Personnel Management databases that compromised information on millions of Americans (many with security clearances and, consequently, involved with, or having insight into, classified U.S. information and programs); the indictment that same year of five 3PLA officers for their roles in cyber-attacks on several American companies; and the 2016 guilty plea by Su Bin, a Chinese citizen living in Vancouver, who used his knowledge on the aviation industry to direct cyber-attacks that stole information on 32 U.S. military projects, to include the F-35, C-17 and F-22 aircraft. [5] This was most clearly demonstrated by the case of the Canadian Telecommunications giant NORTEL, which was subjected to extensive 3PLA cyber-attack, eventually being driven out of business. It was, not coincidentally, superseded in the telecommunications market by its Chinese rival, HUAWEI. [6] From a briefing provided by the Committee on Foreign Investment in the U.S. (CFIUS) to the Intelligence and National Security Alliance Insider Threat Subcommittee, 12 June 2018. [7] Jill Singer, “Beijing’s Drive Toward Global Technological Supremacy”, The Cipher Brief, June 25, 2018. [8] Ron Nixon, “Smuggling of U.S. Technology is Outpacing Cold War Levels, Experts Say”, The New York Times, March 18, 2018. [9] “China’s ‘Thousand Talents’ plan key to seizing U.S. Expertise, Intelligence Officials Say”, Bloomberg, Friday 22, 2018.
