The U.S. government routinely collaborates with universities to research and pursue innovative technological and other advancements; however, the cultural differences between the U.S. government and academia create vulnerabilities. The U.S. government operates on a somewhat restrictive platform, while universities champion transparency, openness, and free exchange of ideas amongst researchers. One of the major challenges in this collaboration is the targeting of IP within the U.S. defense sector by adversarial nations such as China, whose goal is to challenge or supplant U.S. dominance.
The U.S. defense sector is the largest in the world and is one of the 16 critical infrastructures defined by the Department of Homeland Security (DHS). According to DHS, the U.S. Defense Industrial Base (DIB) sector is the worldwide industrial complex that enables research and development, design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements; the sector consists of approximately 100,000 companies.[i] The DIB is vitally important as the U.S. military spent over $50 billion on aircraft, shipbuilding, ground systems, munitions and missile defense programs in FY 2019.[ii] In 2010 DHS created an annex to the National Infrastructure Protection Plan (NIPP) to formulate plans for protecting the U.S. DIB sector. DHS codified priorities and addressed vulnerabilities, which included cybersecurity and insider threats as chief concerns. Today, the U.S. DIB is under attack by those who seek to gain an economic and military advantage over the U.S. and others; they accomplish this by stealing intellectual property (IP), which according to the Intellectual Property Commission costs the U.S. economy between $225-600 billion annually.[iii] U.S. DIB is under attack by adversarial countries who target universities, exploit privileged relationships, and use cyber theft as a tool.
In 2016, Foreign Policy magazine identified the top 25 public universities for Chinese students, and all these institutions have partnerships with the U.S. defense industry, including major companies such as Boeing, Lockheed Martin, and General Dynamics. On the surface one could see very little issue with these connections, yet upon greater analysis concerns become clearer.[iv] For example, from 2018-2019 there were approximately 370,000 Chinese students studying in the U.S.[v] and almost half of these students studied in Science Technology Engineering and Math (STEM) fields.[vi] In 2018, 28.3 million Chinese students enrolled in domestic universities throughout China and approximately 1 percent of China’s college-age students studied abroad in the U.S.[vii] This creates an IP loss concern for the U.S. Furthermore, during this same period, China sent over 120,000 students to study in the United Kingdom (UK) and over 260,000 to study in Australia.[viii] [ix] These respective countries do not provide a breakdown on which subjects the Chinese students were studying; however, it could be assumed that a large fraction were enrolled in STEM fields. This creates an additional IP concern for the U.S., as both the UK and Australia are close allies with the U.S. and share special agreements on an array of research and issues.
Researchers from Saint John’s University in New York did a study to determine why Chinese students flock to the U.S. for studies. Surprisingly, the study highlighted that in 2013-2014, 26 percent of Chinese students studied business management, yet there was no mention in their research on the number of students studying in STEM fields.[x] The omission of these statistical figures left major gaps in their analysis regarding STEM fields but the piece did highlight that Chinese students came to the U.S. for better education, cultural reasons, and to break away from a Chinese system of learning. Interestingly, the study pointed out that students didn’t seek malevolence but it’s unclear why students would bring that to light if that was their intent.
The vulnerabilities created by a large Chinese student population studying abroad have been noted by the U.S. and allied partners. For example, in October 2019, the UK Times reported that Australia has taken measures to thwart the Chinese penetration of Australian universities, mainly to prevent China’s theft of their defense sector’s IP. Furthermore, the U.S. Federal Bureau of Investigation (FBI) formally warned the Association of American Universities, which is a group of 62 research universities, of the IP loss threats posed by some Chinese students who may be working on behalf of the Chinese Communist Party (CCP). The threats and concerns of IP loss could be possibly grave to the U.S. In March 2020, FBI Deputy Director David Bowdich briefed an academic security and counter-exploitation seminar to buttress these concerns and began by quoting Chinese Premier Li Keqiang’s statement on utilizing all means to accomplish China’s objectives. Premier Li stated, “Our capacity for innovation is not strong, and our weakness in terms of core technology for fields remains a salient problem.”[xi] China has also pursued other initiatives to penetrate and even influence U.S. academia.
The Chinese have established Confucius Institutes (CI) in universities across the U.S. with the intended purpose of spreading the Chinese culture, language, and educational exchanges. The institutes are sponsored by the Hanban, an organization under the Ministry of Education in Beijing, but also have ties to the External Propaganda Leading Group of the CCP Central Committee.[xii] The Chinese also established multiple Chinese Student Scholar Associations (CSSA) in campuses across the U.S. According to the National Association of Scholars, there are 81 CIs operating in various universities in the U.S., 480 worldwide, and almost 32 percent of the CIs are located in the Five Eyes alliance.[xiii] While Chinese proponents insist that these programs are purely cultural and educational, researchers identified that they are an extension of the CCP. Some U.S. universities are breakings ties with CIs as they interfere with academic freedom, a hallmark of the U.S. educational system.[xiv] In addition, the CIs and CSSAs often influence universities and suppress negative publicity on many issues that could bring unflattering coverage on Beijing. A testament of this was Beijing’s reaction to the Dali Lama’s appearance at the University of California, San Diego.[xv] The CSSA contested the Dali Lama’s commencement speech at the university in 2017. The CSSA in tandem with the Chinese consulate lobbied school officials to bar the Dali Lama, and when their efforts failed government officials restricted donations to the university and reduced scholarship offers to Chinese students the following year.[xvi] The Chinese have used similar tactics in other nations to an equivalent or greater degree. As such, these institutes and associations serve as a petri dish for Chinese officials to analyze and select the best specimen to culture for propagating their ideals. Moreover, the CCP employs student unions as well to do many of the same functions. The vulnerabilities have not gone unnoticed by the current U.S. administration and on May 30, 2020, President Trump announced more stringent rules for allowing Chinese students to study in STEM fields in American universities.
The problem of IP loss within the U.S. DIB is also caused by Chinese officials exploiting privileged relationships. Many of these relationships were formed by virtue of the aforementioned methods, targeting students in STEM fields, and/or through the CIs and CSSAs. However, the Chinese also try to influence recognized researchers who are connected directly or indirectly to STEM research fields. In fact, they implemented an initiative titled the Thousand Talents program, which some view as more damaging than the CIs, as it targets accomplished researchers. For example, in 2014 a team of FBI special agents out of the Connecticut field office arrested Dr. Long Yu, a Chinese citizen and U.S. legal permanent resident, for attempting to take hundreds of gigabytes of export-controlled, proprietary information to China. These materials included design information for the F-22 and JSF-35 military jet engines.[xvii]
Furthermore, in January 2020 the FBI arrested Dr. Charles Lieber, the head of Harvard’s chemistry department, for lying about his connection to the Chinese government, where he was secretly employed by a Chinese university to work on nanoscience.[xviii] These examples have U.S. policy makers concerned about the levels of penetration this program has had on sectors throughout the U.S.; however, they are hamstrung by academia who champion openness and by pundits who default to accusations of racism. Chinese officials use tools to gain sympathy and acceptance from onlookers not truly invested in gaining a broader understanding of the national security risk posed by CIs and CSSAs and the loss of IP within the U.S. DIB and other sectors. There are consistent echoes of racial injustices akin to the 1882 Chinese Exclusion Act, which today many would consider blatantly racist. Nevertheless, U.S. security officials appear to follow logic and facts rather than racial accusations to make decisions.
Compounding the problem of IP loss, the U.S. DIB, along with the other critical infrastructures, is faced with ever-present cybersecurity threats. In fact, a 2019 National Intelligence Strategy report produced by the Intelligence Community highlighted that cyber threats pose an increasing risk to public health, safety, and prosperity as information technologies (IT) have been integrated into critical infrastructure sectors, vital national networks, and consumer devices, which have caused vulnerabilities.[xix] Researchers at Air University, the U.S. Air Force center for professional military education, found similar trends and published an article detailing many of the IT vulnerabilities present in critical infrastructure sectors. This publication leads off with a succinct quote from Gen. George Patton, who stated, “Gentlemen, the officer who doesn’t know his communication and supply as well as his tactics is totally clueless.”[xx] The statement that General Patton made over seven decades ago underpins a central argument in protecting critical infrastructures.
Measures have been taken to protect the IP loss of the U.S. DIB from malevolent actors. In 2013 President Obama signed Executive Order (EO) 13636, which was aimed at bolstering cybersecurity, national economic security, and national public health and safety. The EO-13636 recognized cybersecurity as a nexus linking Supervisory Control Automated Data systems (SCADA) or Industrial Control Systems (ICS) within all 16 U.S. critical infrastructure sectors. Furthermore, the 2013 Presidential Policy Directive (PPD) 21 codified the 16 foundational sectors and builds on EO-13636. The 16 critical infrastructure sectors can be controlled by ICS or SCADA systems, which creates paths of vulnerability because at times it is unclear who is ultimately responsible for ensuring cybersecurity is kept up to date, and extrapolating that to the modern day is precisely what Gen. Patton was concerned about.
Despite these measures, U.S. DIB is vulnerable in two other ways. The first being the theft of IP through cyber hacking. The National Defense Industrial Association (NDIA) completed a survey to assess the readiness of DIB companies. The study found varying differences between small and large companies. It found that more than 25 percent of industry professionals work for firms that have experienced a cyber-attack, small companies use security measures such as firewalls and multi-factor authentication at a much lower rate than larger companies, and 44 percent of prime contractors have not been able to verify their subcontractors’ system security plans.[xxi] For example, a 2018 Washington Post article reported that a Chinese hacker stole highly sensitive data from a U.S. Navy contractor,[xxii] which is a major concern as many U.S. DIB companies are developing cutting-edge technology.
The second being the U.S. DIB depends on networks often connected to ICS and SCADA systems. Many ICS components (e.g. electrical relays, sensors, switches, solenoids) can be controlled remotely through SCADA systems; however, this also means that a malevolent actor could gain access to networks and create havoc akin to the damage Ukraine suffered at the hands of Russian hackers who disrupted power generation by targeting SCADA systems in 2016. Even with a well-designed network, humans must continually maintain and monitor infrastructure systems; often humans can be the greatest vulnerability in the sphere of complex automated systems.
Cybersecurity researchers identified multiple Iranian attempts to penetrate defense networks; they targeted U.S. military members transitioning to civilian U.S. DIB positions.[xxiii] These attempts underline major concerns echoed by security officials in recent history. International Business Machines (IBM) identified a 200 percent increase in destructive malware attacks against companies between the summers of 2018 and 2019. [xxiv] The attacks were primarily nation-state actors employing destructive “wiper” malware, which can delete data from a target’s computers to cause harm.[xxv] The U.S. DIB is faced with major cyber threats on multiple fronts. These threats can range from blatant IP theft or destruction of key infrastructure networks and ICS and SCADA systems through their interconnectedness.
In conclusion, the U.S. DIB encompasses over 100,000 companies dedicated to research, design, and delivery of sophisticated military equipment and materials. The DIB is under constant threat from adversaries, such as China who seeks to gain a strategic advantage over the U.S. through various means. Every year the U.S. economy loses between $225-600 billion to IP theft with the most concerning being in the DIB sector due to the national security implications. These adversaries have been successful in sending and targeting select student populations to act on behalf of their government in the collection and illegal transfer of IP. In addition, China has established programs with dual applications: one under the guise of culture and educational learning, and the other with an agenda more malevolent. Moreover, countries such as China developed programs aimed directly at poaching top scientists from STEM fields, which has led to IP theft that may be greater than previously estimated.
Lastly, the cyber threat is a clear and present danger to U.S. national security. Researchers have noted that IT vulnerabilities can allow hackers to cause catastrophic damage, both in IP theft and the disruption of services. The disruption of services has the potential of affecting every segment of the U.S., to include the DIB sector and its research and development, design, production, delivery, and maintenance at every level of military weapon systems thus impacting our long-range U.S. national security. The U.S. DIB is a vital component to America’s dominance, which makes it a target for adversaries seeking to supplant U.S. power in their desire to acquire and make significant jumps in technological knowledge and advancement with less investment.
Disclaimer: The authors are responsible for the content of this article. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.
About the Authors:
Travis M. Smalls MSIR, Senior Master Sergeant, United States Air Force is an instructor for the Joint Military Attaché School at the Defense Intelligence Agency. He teaches Operations Management, International Relations, and National Security concepts. He is currently a graduate student at the National Intelligence University in Bethesda, Maryland where he researches Homeland Security topics. SMSgt Smalls has over 22 years of military experience including civil engineering, information technology and intelligence. He holds a Bachelor of Science in Information Technology from American Intercontinental University and a Master of Science in International Relations from Troy University. He also holds a graduate certificate in Leadership and Management from the University of Maryland Global Campus. The author is responsible for the content of this article. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.
Mitchell E. Simmons Ph.D. MSA MSME, Lieutenant Colonel, United States Air Force (Retired) is the Associate Dean for Academic Affairs and Program Director in the Oettinger School of Science and Technology Intelligence at the National Intelligence University in Bethesda, Maryland. Dr. Simmons teaches courses in Intelligence Collection, National Security Policy and Intelligence, and Infrastructure Assessment Vulnerability. He has over 25 years of experience in acquisition, engineering, and infrastructure vulnerability within and supporting the Intelligence Community. His expertise includes physical and functional vulnerability of hardened and deeply buried targets and critical infrastructure from traditional and asymmetric threats. Dr. Simmons holds a Bachelor and Master of Science in Mechanical Engineering from Ohio University, a Master of Science in Administration from Central Michigan University, and a Doctorate in Engineering Management from The Union Institute and University. The author is responsible for the content of this article. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.