China's multidimensional war against US interests is already underway and well-documented. One underappreciated dimension of its attack on American primacy, however, is the arena of cybersecurity.
For decades, Communist China's spies, hackers and businessmen have feasted on the forced transfer of technology from vulnerable US corporate enterprises drawn to the vast Chinese market. Little has been accomplished to reduce this massive theft of intellectual property. US businesses seem to have resigned themselves to such unfair practices as the price of doing business in China.
In the last two years, however, the Chinese Communist Party's (CCP) cyber-attacks against America have undergone a deadly shift that seriously threatens the US's capability to prevail in any open conflict with China.
These changes in the CCP's cyber offensive on America consist of two basic capabilities.
The newer capability is China's comprehensive data-collection operation, given the title of "Salt Typhoon" by Microsoft, and known by other names, such as "GhostEmperor." It represents an advance of great magnitude, approaching the capabilities of America's National Security Agency (NSA).
China is also simultaneously exploiting its expertise in quantum cryptography to harden its defenses against US penetration of its telecommunication systems. "Salt Typhoon" operatives, directed by China's Ministry of State Security (MSS), have reportedly penetrated as many as nine US telecommunications companies, including Verizon and AT&T. MSS teams have also collaborated with China's Ministry of Public Security in its enormous data-collection effort from US systems. The FBI responded to this CCP counterintelligence operation's upgraded collection threat by directing not just US government employees, but all Americans, to encrypt all conversations end-to-end.
The second revolutionary advance in China's offensive cyber-warfare capabilities that target US interests is more deadly. It threatens a Pearl Harbor-magnitude attack on America. "Volt Typhoon," aka "Vanguard Panda," involves the stealthy insertion of potentially debilitating malware into the computer systems that control critical nodes of US infrastructure. The malicious code is designed to remain quiescent and undiscovered until China activates it during a future military confrontation with the US.
Then US Rep. Mike Waltz, shortly before he was appointed National Security Advisor, stated in an interview with CBS News:
"[W]e have been, over the years, trying to play better and better defense when it comes to cyber. We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us, and that even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure, our water systems, our grids, even our ports."
China could activate this malware during a future crisis between China and the US in the Indo-Pacific, perhaps regarding the Philippines or Taiwan, significantly affecting outcomes in China's favor. One indicator of China's malevolent intent was the discovery that Beijing inserted malware into Guam's water supply control systems. Guam just so happens to be the site of critically-needed US military assets in the Indo-Pacific. Presumably, once the CCP China decides to invade or subdue Taiwan, China's military would attempt to delay or disable any American military attempt to come to its ally's defense.
The gravity of this weaponization of cyberspace at the strategic level has been fully shared by the US with at least some of its closest allies, such as the UK and Australia. China's malware could easily be placed into -- or may already be inside -- critical nodes of US systems that control transportation, electricity infrastructure, defense industrial manufacturing and IT networks. Without fully operable communications and logistical support capabilities, America's ability to mobilize in wartime may be severely compromised.
Volt Typhoon is devised to create chaos in the US. Jen Easterly, former head of the US Cybesecurity and Infrastructure Security Agency, described such a disabling attack as "everything, everywhere, all at once." The period necessary for the US to recover could provide the China time enough militarily to subdue and absorb Taiwan.
If China is successful in placing undiscovered and undefused malware that is capable of disabling critical infrastructure in the US, the result would most likely be the complete loss of confidence in America's ability to protect "Free Asia" or anyone else, and enabling China to be closer to achieving its goal of ruling in the Indo-Pacific region, which it appears to see as the first step in "replacing America as the global superpower."
The Trump Administration's plan of action would do well to include massive arms deliveries to Taiwan and encouraging the island democracy to move to a war footing. President Donald Trump has already sent six B2 bombers to the US-UK military base at Diego Garcia in the Indo-Pacific.
Trump might also convene a cabinet meeting to assure that all aspects of American public and private capabilities should be mobilized to build resiliency in critical national infrastructure, while simultaneously examining US cyberspace vulnerabilities.
The US also might also go on the offense and target China's critical national infrastructure, perhaps starting with the Cyberspace Administration of China?
Dr. Lawrence A. Franklin was the Iran Desk Officer for Secretary of Defense Rumsfeld. He also served on active duty with the U.S. Army and as a Colonel in the Air Force Reserve.
