Will 2019 be the year we finally stand up to China?

Like Nostradamus — the 16^th century astrologer often credited with many famous predictions, from JFK’s assassination to the attacks on 9/11 — I’m going to make a bold prediction for 2019: China will hack into more companies and government agencies, stealing more personally identifiable information and intellectual property.

Pretty safe bet, considering the number of years they’ve been at it.

More shocking, there is bipartisan agreement that something needs to be done.

The Office of Critical Technology and Security is the agency proposed by Sen. Mark Warner (D-Va.) and Sen. Marco Rubio (R-Fla.) to combat the continuing assault from China and other ‘foreign threats’, according to the announcement.{mosads}

Less shocking is what the Federal Government lacks: According to the preamble of the bill, our government lacks two major components to ward off the growing calamity. The first is “an office in the Executive Office of the President that can coordinate security policy relating to critical emerging, foundational, and dual-use technologies between the National Security Council and the National Economic Council and interface with international, Federal, State, and local entities on that policy.” The second is a strategic plan “(A) to stop the transfer of critical emerging, foundational, and dual-use technologies to countries that pose a national security risk; and (B) to maintain United States technological leadership with respect to critical emerging, foundational, and dual-use technologies and ensure supply chain integrity and security for such technologies.”

The question is why did this take so long? The United States government has known for years about these issues. As far back as 1991, the National Research Council wrote that “as computer systems become more prevalent, sophisticated, embedded in physical processes, and interconnected, society becomes more vulnerable to poor system design, accidents that disable systems, and attacks on computer systems. Without more responsible design and use, system disruptions will increase, with harmful consequences for society.”

DARPA, the Defense Advanced Research Projects Agency, weighed in on this when they stated, “Trustworthy computing (with software) cannot exist until we have trustworthy hardware to build it on.” It wasn’t this year, or last year, or even the year before that when DARPA issued that warning. It was based on a report from 2005 entitled “Defense Science Board Task Force on High Performance Microchip Supply.” Even then, the Department of Defense was worried about the supply chain.

But this isn’t 1991 or 2005. The landscape of the threat has changed, along with the tools.

Investment is just as potent a tool as a precision-guided munition, with much greater reach and impact. To blunt this, the Committee on Foreign Investment in the United States (CFIUS) was reformed by the Foreign Investment Risk Review Modernization Act (FIRRMA) passed in August of 2018 and signed by President Trump. Although China is not explicitly called out in the regulations, there is little doubt who the target of this legislation was.

With CFIUS, the issue was about “covered transactions” that could result in foreign “control” of a U.S. business via mergers, acquisitions or takeovers. CFIUS defined control as “the power… to determine, direct, or decide important matters affecting an entity.” With the passage of FIRRMA, the definition of control has been broadened, giving the United States much greater latitude in accepting or preventing foreign investment.{mossecondads}

A key change, and more realistic, is what FIRRMA identifies as factors that Congress wants CFIUS to consider when analyzing the risk to national security posed by foreign investment. Specifically, CFIUS is to consider “Whether a transaction involves a country of special concern that has a strategic goal of acquiring technologies that would affect U.S. technological leadership in that area.”

In March 2018, I wrote about the threat of quantum computing from China. We’re losing the battle of investment. China is spending $10 billion dollars to build a 4 million square foot facility and create the next Bletchley Park in Hefei, Anhui Province.

While it may not yet have the same ring or storied history, make no mistake: It puts in jeopardy our entire military and national ability to keep our secrets, well, secret. Today’s strongest encryption could be broken in a matter of seconds.

Another major area of concern is artificial intelligence, or AI. President Xi of China has left no doubt as to his country’s intentions. In June 2017, China released an aggressive plan that seeks to grow their AI development to $59 billion by 2025. Their aim is clear, as well as their targets: The United States, Google and Microsoft.

Last year President Vladimir Putin predicted “whoever becomes the leader in the [artificial intelligence] sphere will become ruler of the world.” It doesn’t take a tremendous leap of logic to figure out Russia and China would gladly claim that mantle.

According the Center for a New American Security, “AI is a high-level priority within China’s national agenda for military-civil fusion, and this strategic approach could enable the PLA to take full advantage of private sector progress in AI to enhance its military capabilities.”

It doesn’t take a Nostradamus to predict what China is going to do.

It just takes some political will to stop them.

Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. He previously worked as a senior advisor in the U.S. State Department Antiterrorism Assistance Program and as senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.