Behind the pageantry that will be on display during President Trump’s meeting with President Xi Jinping of China this week is a less pleasant reality. For at least the last decade, Beijing has been actively targeting America’s telecommunications networks, intellectual property and electrical and water utilities in a sustained campaign of intrusion.
The summit provides an opportunity to raise the issue more forcefully with Mr. Xi than American leaders have in the past. But America also has its own unpleasant reality to face: Protecting the country from bad actors in cyberspace is a job for Americans, and we haven’t been doing enough to defeat China’s efforts.
The good news is that the United States has a huge advantage in today’s cybercompetitions: the extraordinary concentration of technical capability, network reach and institutional knowledge embedded in American industry. Our cybersecurity companies monitor billions of devices globally, observing adversary activity faster and more precisely than any intelligence service. American cloud and telecommunications providers power the preponderance of global commerce. U.S. technology firms operate at a scale no government entity can replicate.
Part of the challenge has been engaging American technology companies in the fight. The tech industry can no longer accept the status quo of vulnerabilities across its networks. But the government can take steps to fix things, too, by rewriting opaque laws, helping states and municipal systems patch vulnerabilities, and investing in countermeasures to defend against the most dangerous emerging cyberthreats.
We need a system with shared responsibility for defending America in cyberspace. Voluntary information sharing between private companies and the government — the default approach to cyberdefense until now — is not enough. Here’s how industry, local, state and federal government can get serious about defending against cyberattacks.
It’s important to understand the scale of the problem. Through its hacking proxy, Volt Typhoon, China has sought to pre-position malware in hundreds of local utility systems with the intent to disrupt Americans’ critical water and electrical supplies. With Salt Typhoon, which gained access to networks nationwide, it has tapped the phones of senior American officials and the telecommunications providers serving millions of Americans. Every year, China-sponsored actors steal intellectual property from U.S.-based companies worth between $225 billion and $600 billion, according to a 2017 report from the Commission on the Theft of American Intellectual Property.
