China’s Digital Threat: Not Just Balloons and TikTok Dances

By Larry Clinton, Contributing Author/ September 26, 2023 

Larry Clinton is President of the Internet Security Alliance (ISA). The ISA is a multi-sector trade association that focuses on thought leadership, policy advocacy and developing best practices for cyber security. Mr. Clinton holds a certification on Cyber Risk management for Corporate Boards from Carnegie Mellon University, He is on the faculty of the Wharton School where he teaches a graduate Executive Education course in cyber security. 

The National Association of Corporate Directors has twice named Mr. Clinton as one of the 100 most influential people in the field of corporate governance. He is a two term Chair of the IT Sector Coordinating Council and serves on the Cybersecurity Advisory Board for the Center for Audit Quality and the Cyber Advisory Board for the Better Business Bureau. He is widely published and has been a featured spokesman in virtually all major media outlets from WSJ, USA Today Fox News, NBC, CBS, NYT, PBS Morning Edition CNN & even MTV in India. He testifies often before Congress. He has briefed industry and governments world-wide including NATO and the OAS. ISA was also the only trade association to be part of the official cyber security briefing for the Republican National Convention in Cleveland. 

ISA recently published the Cyber Social Contract (Vol. 3), which outlines 106 recommendations for the President and Congress. The previous editions of the ISA Social Contract were endorsed by the House GOP Task Force on Cyber Security and were the basis for President Obama’s Executive Order 13636 on Cyber Security. He is the industry co-chair – DHS is the government co-chair– of the Policy Leadership Working Group on Cyber Security Collective Defense featured at the National Cyber Security Summit in New York in July. 

He literally “wrote the book” — the Cyber Risk Handbook for corporate boards which is the only private sector publication endorsed by both DHS and DOJ. PWC has independently evaluated the Cyber Risk Handbook and found it substantially changed how corporate director’s address cyber risk management leading to higher budgets, better risk management, closer alignment of cyber security with business goals and helping to create a culture of security. In 2017 ISA adapted the Handbook for the UK and Germany. As in the US, the German edition has been endorsed by the German government. ISA is now working with the OAS on a Latin American version of the handbook; as well as an edition for India and Japan, in partnerships with industry groups. 

China’s Digital Silk Road 

In the past few weeks, China’s surveillance balloon and the ubiquity of TikTok have created substantial concern in Washington, as they should. However, these are simply among the most obvious tactics China is using in its competition with the West. For the U.S. to be adequately responsive, we need to be more aware of the broader and most surreptitious digital strategy China has engaged, and we need to be more aware of how far we have to go to match them in this domain. 

China’s Digital Silk Road (DSR) initiative is strategically designed to upend the post-World War II United States and Western European-dominated world order, and it’s working. 

As Sun Tzu wisely cautioned in ‘The Art of War’ centuries ago, “if you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Given the lack of progress we have made over the last 20 years in creating a reliably secure cyberspace, it is arguable that we are neither adequately self-aware of our peril nor are we fully appreciating the threat we are facing from China (and others – Russia, Iran, etc.). Sun Tzu’s words may very well be prophetic with respect to the USA in the digital age. 

The sad reality is that the U.S. and Europe have nothing in comparison to the sophisticated, comprehensive, and integrated digital strategy that the Chinese Communist Party (CCP) has instigated. 

China’s digital strategy dates back to the 1980s and is steadily becoming more extensive. In contrast, for over thirty years the U.S. has relied on a patchwork of cybersecurity tactics like information sharing, standards development, and reporting requirements, which are all important. But these are not a strategy in the same sense as those being employed by our adversaries. 

In the upcoming series of posts, we will first analyze the Chinese digital strategy and its ongoing successes, despite the headwinds China is currently facing. In successive posts, we will compare the strategies of our adversaries to our own. Readers interested in an in-depth analysis can find it in the Internet Security Alliance’s new book ‘Fixing American Cybersecurity: Creating a Strategic Public Private Partnership.’ 

China’s Economic Growth 

Arguably, the Chinese government has many advantages over the U.S. in creating its integrated digital strategy. Unlike our political system, China has a one-party political structure, consisting of the CCP. The efficiency of the one-party rule makes it easier to implement decisions and demand compliance from industry. China’s progress is undeniable. Since the opening of China in the late 1970s and 1980s, it has raised almost 800 million people out of poverty in what the World Bank has termed “the fastest sustained expansion by a major economy in history.” The average gross domestic product (GDP) of China has reached 9.5% growth from 1979 to 2018. Even now, in what is considered a down year for China, expectations are that China will see about 3% growth in its economy. In comparison, economists in the USA are almost giddy over the prospects that the U.S. may see growth at 2.1%. 

China’s economic success is impressive, and its leaders ought to be acknowledged for achieving so many of their goals. Certainly, China is a very worthy adversary. As Sun Tzu advised, it is important to know your adversary, and one of the most important things to know about China is that a central tactic in their very successful strategy has been exploiting digital vulnerabilities in the West. 

Intellectual Property Theft through Cyber Espionage 

China’s digital strategy has been developed, honed, and refined in a series of official councils and plans dating back to the 1980s. From 1991 to 1995, the Chinese State Council introduced a policy rooted in industrialization to promote the development of pillar industries to directly influence the economy. China cleverly accessed the vulnerabilities in networks of the U.S. and other Western nations and understood they would be able to leapfrog generations of Western R&D through the theft of intellectual property via cyber espionage. By the turn of the century, the Chinese Communist Party had adopted intellectual property theft as a main pillar in their strategy. The internet gave the Chinese unparalleled access to poorly secured Western networks. 

The U.S. Trade Representative Report estimates the theft of trade secrets alone by actors affiliated with the Chinese government to cost between $180 and $540 billion annually. According to former head of NSA, General Keith Alexander, this transfer of wealth by cyber intellectual property theft is the largest transfer of wealth in human history. 

Massive Investments with Geopolitical Consequences  

By 2020, China’s strategy to disrupt the current world order was set into motion. The Belt and Road Initiative was introduced with more than $1 trillion in investments, with its objectives affecting more than sixty countries along with its sister Digital Silk Road initiative, which is currently budgeted at $1.4 trillion over the current 5-year period beginning in 2022. The budget for China’s digital strategy is growing faster than its traditional military budget. 

China realized that its ultimate goals couldn’t be accomplished by solely stealing from the West. The next step in the Chinese strategy was to make massive investments to build upon the baseline the West had provided them and then use their technological, economic, and philosophical tactics to achieve their international geopolitical goals, which would come at the expense of the West. 

As we will detail in subsequent posts, this strategy is already being implemented successfully. In some instances, the successes China has already achieved may prove difficult to roll back. 

The Need to Leverage Competitive Advantages More Effectively  

The U.S. still does not have a digital strategy that is comparable to China’s strategy in terms of its comprehensiveness, degree of integration, and economic support. It is in that sense that one wonders if we know ourselves adequately to compete in the digital age and if we really know our adversaries well enough. It is clear that as bothersome as examples of China’s cyber strategy are, spy balloons and TikTok are mere trifles of what China is doing. The essence of the Chinese strategy is to overturn the current world order. To compete for that prize, the U.S. cannot copy the Chinese strategy. Indeed, the Western values of free speech, free markets, and private enterprise are probably a better match for the quickly changing parameters of the digital age. However, we will need to learn how to leverage these advantages more effectively than we are currently doing to win in this highly competitive struggle. 

In subsequent posts we will detail multiple examples of how China’s strategy is playing out not just over our heads and in simple entertainment venues but in terms of enhancing their military readiness, altering the basis for U.S. oriented international allies, creating sustainable pathways to intercept our communications, replacing the dollar as the world’s dominant currency and even changing the way technical standards will be written. 

It’s a lot more than balloons and cute dances.