China remains the biggest threat, according to the defense security community

In mid-December, the United States Defense Intelligence Agency (DIA) hosted its annual Department of Defense Intelligence Information System Worldwide conference, known as DoDIIS. The event brought together various Department of Defense (DoD) and DIA department heads, leaders from within the intelligence community, leaders from the Five Eyes (FVEY) community comprised of Australia, Canada, New Zealand, the United Kingdom, and the United States. Those in attendance also included flag officers from the ranks of the various US uniformed services who spoke to industry on the theme of “Chaos to Clarity — Leveraging Emerging Technologies.” Chief among the concerns of this august community was the ever-growing threat to security posed by China.

While talk of next-generation technologies and the advent of artificial intelligence was present, my main takeaway was that China should be a major concern within the context of global strategic competition for all types of industry, especially those involved in critical infrastructure, defense and intelligence, and the supply chain.

In the cybersecurity game, chaos is China’s ally

Chaos is China’s ally in its global competition with the United States and other Western nations; indeed, chaos presents opportunities for disruption. The director of the National Geospatial-Intelligence Agency (NGA) spoke of the rising challenge posed by China in the realm of artificial intelligence, asserting that the commercial capabilities of AI will help such adversary nation-states complete the dynamic analysis necessary to create commercial-off-the-shelf attack solutions.

The discussion also touched on China’s appetite for garnering intellectual property secrets from the US and other Western nations. Many have accused China of having purloined the secrets related to the F-22 fighter jet as it went about creating its own aircraft. Indeed, China’s J-20 stealth fighter is an example of how China uses what it gathers. This targeting of the US military sector has been well documented, with indictments, convictions, and sentencing of individuals with access to US classified information who have opted to share the same with Chinese intelligence officials.

China targets military intelligence through vendors

We don’t have to go back far to see the concerted effort of China to target Western aviation via vendors, including the targeting of GE Aerospace and other aerospace companies. Then there is the continuous targeting and luring of former NATO fighter pilots to China to teach “flying.”

Some of these former pilots have found themselves on the wrong side of prosecutions for unauthorized sharing of controlled technologies. Some countries have resorted to issuing warnings, as was the case with both the United Kingdom and Germany. The two reminded their former military pilots that they are duty-bound to protect the secrets they learned while in their respective air forces.

Not to be too cynical, but my first thought when I read the warning was, “Yeah, right.” Any former NATO pilot accepting a contract to train China’s fighter pilots knows full well that they are signing up to provide China with an intellectual advantage, no matter how much they obfuscate the mission statement.  

It is this intellectual advantage, the ability to garner information through open-source intelligence, that carries such a high risk to the defense sector. Mention was made at DoDIIS, more than once, of the need to invest in operational security (OPSEC), the need to keep the mundane private, and the need to avoid sharing too much information on social network sites about one’s activities.

Government-corporate partnerships are key to cyber-resilience

When conflict happens, it’s too late to begin forging the relationships that foster cyber-resilience. Sharing information is required now, in the quieter times, across agencies and across borders. The technology is there, the will is there, but the policy will require some slight adjustments to make international intelligence sharing a more regular reality.

Mid-level bureaucracy often gets in the way of the forging of relationships across borders. As my sage father (who may have been responsible for my own adoption of the mindset that it is “better to beg forgiveness than ask permission”) would say, our systems constipate when middle-grade executives hesitate to make a decision out of fear that it will blow back, and their career advancement will be stymied.

The US DIA and DoD are on the hook to get past such bureaucratic roadblocks and find a way to share information with other countries and share intelligence with their partners within the private sector. This is what is required of a sustainable partnership. Companies also must adapt and adjust their “sales-centric” approach to engagements. While competition in the vendor marketplace is very much a zero-sum world, such is not the case when it comes to protecting national infrastructure, specifically that of the defense establishment. There has never been a clearer need for all to be rowing in unison to protect their common customers.  

Companies need to step up in the defense against Chinese cyber incursions

Let there be no doubt, this is the opportunity for companies to step up, demonstrate partnership and be counted. Why? If the collective wisdom isn’t brought together, then we should not be surprised when these same opportunities to collectively protect one and another’s hide are exploited by China.

CEOs, CIOs, and CISOs all have a role to play in the creation of a culture of security. It is incumbent upon these same company’s employees to keep secrets secret. One need not regale others with their unique and privileged access to sensitive information or operations or technologies to gain credibility or notoriety — and no one should be permitted to do so, given the risks.

Industry must join in a partnership with national defense for there to be a chance to thwart China’s forays in the global strategic competition. This is achieved via trust — the data in networks must be trusted and industry and multinational partnerships must be trusted. After all, trust is a force multiplier, the advantage necessary to excel against a most formidable China.