45.6 F
Washington D.C.
Friday, December 8, 2023

COLUMN: Addressing the Homeland Security Threat from China

We should not simply take a posture of making decisions about reliance on Chinese-influenced entities based on whether there is a restriction now.

Last month, at the Center for Strategic and International Studies, Department of Homeland Security (DHS) Secretary Alejandro Mayorkas provided significant remarks on his vision for homeland security. One of the key themes of Mayorkas’ speech was the convergence of national security and homeland security. As the Secretary said, “The historical distinction between homeland security and national security challenges has blurred and the role of DHS has grown accordingly.”

One implication of this idea is that adversaries which present national security threats to the United States also present homeland security threats and that foreign threats have domestic implications. This concept certainly guided much of the planning that the department did with the interagency in early 2022 related to the illegal Russian attack of Ukraine, an effort that is being instantiated via the development of homeland security doctrine. Having the capacity to address national security risks with domestic security responses has become an integral part of the homeland security mission.

This capacity is important not just to address the threats of spillover from the Russia-Ukraine conflict, however, but also for additional nation-states that are strategic adversaries of the United States. This, of course, includes China and the threat of heightened tensions caused by Chinese government actions.

The Chinese government is already engaged in activities intended to undermine U.S. national interests. As part of the response to that, the House of Representatives just voted in a bipartisan manner to establish a Select Committee on China, chaired by Rep. Mike Gallagher (R-Wis.), with a broad remit to address China as a threat to the United States. In Gallagher’s words, the committee will expose China’s “coordinated whole-of-society strategy to undermine American leadership and American sovereignty.” It is a positive sign that both the Executive and Legislative branches recognize the importance of addressing China as a homeland security threat.

There is still work to be done, however, to flesh out what exactly that means and how best to address the threat. The homeland threat from China can be viewed through several overlapping lenses. The first is the cybersecurity threat, which is perhaps the most immediate and constant. As the U.S. government has attributed, Chinese state actors have breached managed service providers, done active screening of U.S. critical infrastructure including the energy sector, and stolen personal identifiable information. The Cybersecurity and Infrastructure Security Agency has a good overview of the Chinese cyber threat.

Much of the cybersecurity threat arises from Chinese companies’ access to supply chains, particularly information and communications technology supply chains. Chinese communications companies, whether state-owned or state-influenced, have manufactured equipment with proven vulnerabilities and there is evidence that those companies are being used as ways to access sensitive information.

Supply chain insecurity is exacerbated by intentional foreign investment in critical and sensitive industries. The last decade has seen a surge in foreign direct investment from China to the United States which, although it has leveled off, remains historically high. The administration has recognized much of this investment is focused on acquiring critical technologies or infrastructure that could affect U.S. national security. Access to emerging technologies by the Chinese government and firms, as well as other R&D, presents a particular risk when used nefariously. Chief among those are quantum computing and artificial intelligence, where the pace of evolution is going to create new security risks.

And, finally, there is the element of espionage and pushing of disinformation by the Chinese government – both economic and other – to capture sensitive information and undermine national interests.

When you look at the cumulative threat picture from China, therefore, you see one largely realized through economic and technological means with risk that has been amplified over the past 20 years because of economic and technological interconnectedness.

This leads to a logical conclusion that to manage the risk that China presents to homeland security, there must be an element of unraveling this interconnectedness. Much of the policy discussion has been focused on whether to ban or restrict certain companies or applications from the market – think the recent efforts around restrictions on Huawei and ZTE communications’ infrastructure and products, as well as the ongoing question on what to do with TikTok – but the reality is that banning certain companies cannot be the only policy response. It is difficult to keep up with the pace of Chinese-linked entities that may or may not be acting to undermine security nor, for that matter, to develop airtight evidence that companies are doing so. Technological solutions are necessary to do so. And, while targeted restrictions can be good policy, so too are efforts to continue to incentivize and stimulate alternatives to Chinese technologies, goods, and materials as well as continuing to manage risks through adoption of something akin to “zero trust” principals that are gaining traction in the cybersecurity community for doing business with Chinese-linked enterprises.

There also needs to be a reckoning by individual corporations, nonprofits and governments about risks from entering into business relationships with companies unduly influenced by the Chinese government and relying on untrustworthy Chinese technology and supplies. While there are many regulations in place meant to limit those relationships, businesses (and for that matter nonprofits, such as universities) should not simply take a posture of making decisions about reliance on Chinese-influenced entities based on whether there is a restriction now. Lowering risk tolerances related to Chinese influence is necessary.

Of course, interconnectedness with China is not the only source of homeland security risk. There are also more acute risks stemming from potential conflicts in East Asia, particularly in Taiwan, or more aggressive efforts by the Chinese government to go after American critical infrastructure. Consistent contingency planning for those scenarios and capacity building is needed and DHS is well suited to work with the Department of Defense and others to do that work. That contingency planning is made easier, however, if the baseline of U.S. reliance on Chinese goods and materials is reduced.

It is tempting to use the language of the Cold War when talking about the future of U.S.-China conflict but “war,” whether cold or hot, does not have to be the outcome between the two countries. An end state that is more akin to creating layers of autonomy where American security and economic interests are not subordinate to Chinese threats needs to be the goal. This won’t just happen, however, and clear leadership from the federal government on the scale of the threat of China to the homeland is welcome.

Bob Kolasky
Bob Kolasky
Bob Kolasky is the Senior Vice President for Critical Infrastructure at Exiger, LLC a global leader in AI-powered supply chain and third-party risk management solutions. Previously, Mr. Kolasky led the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center. In that role, he saw the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. As head of the National Risk Management Center, Mr. Kolasky had the responsibility to develop integrated analytic capability to analyze risk to critical infrastructure and work across the national community to reduce risk. As part of that, he co-chaired the Information and Communications Technology Supply Chain Risk Management Task Force and led CISA’s efforts to support development of a secure 5G network. He also served on the Executive Committee for the Election Infrastructure Government Coordinating Council. Previously, Mr. Kolasky had served as the Deputy Assistant Secretary and Acting Assistant Secretary for Infrastructure Protection (IP), where he led the coordinated national effort to partner with industry to reduce the risk posed by acts of terrorism and other cyber or physical threats to the nation’s critical infrastructure, including election infrastructure. . Mr. Kolasky has served in a number of other senior leadership roles for DHS, including acting Deputy Under Secretary for NPPD before it became CISA and the Director of the DHS Cyber-Physical Critical Infrastructure Integrated Task Force to implement Presidential Policy Directive 21 on Critical Infrastructure Security and Resilience, as well as Executive Order 13636 on Critical Infrastructure Cybersecurity.

Related Articles

- Advertisement -

Latest Articles

Verified by MonsterInsights