China ‘Actively’ Working to Disrupt U.S. Defense Industry

China and other adversaries are actively seeking to disrupt the U.S. defense industrial base, the head of U.S. Cyber Command warned June 25. 

Air Force Gen. Timothy D. Haugh said the People’s Republic of China is “engaging thousands of intelligence, military, and commercial personnel” to steal U.S. intellectual property and disrupt defense firms business processes. Speaking at the 2024 AFCEA TechNet Cyber conference, Haugh cited Volt Typhoon, a Chinese hacking enterprise, for moves to infiltrate critical industries. 

The Department of Defense released its first-ever National Defense Industrial Strategy in January, and followed up with a Defense Industrial Base Cybersecurity Strategy in March. That strategy noted that China is “conducting a focused campaign to undermine the nation’s operational effectiveness and obtain information on sensitive DIB acquisition programs in technology.” 

China has long sought to harvest U.S. defense companies’ expertise. In 2019, then-Defense Secretary Mark Esper accused China of “perpetrating the greatest intellectual property theft in human histor,” while other experts have long suggested that the People’s Liberation Army Air Force’s premier J-20 fighter jet incorporates numerous stolen design secrets.  

Today, however, “adversaries are operating with greater scope, scale and sophistication,” Haugh said, and the threat is not limited to intellectual property theft, but now encompasses efforts to disrupt supply chains and critical infrastructure.  

“The PRC is engaged in deliberate and sustained campaign to challenge the United States and our allies technologically, while holding our critical systems and national infrastructure at risk, posing a threat to our defense industrial base,” he said. 

Asked to describe what kinds of increased cyber activity aimed at the U.S. he has seen, Haugh cited Volt Typhoon as “the most concerning area.” 

“Our concern has been that these targeted operations have gone at critical infrastructure and have been viewed as holding that critical infrastructure at risk,” Haugh said. “So that’s a serious concern, not just to the United States, but also to our allies.” 

U.S. Air Force Gen. Timothy D. Haugh, U.S. Cyber Command commander and director of the National Security Agency/chief, Central Security Service said China seeks to exploit vulnerabilities in the U.S. defense industrical base, June 25, 2024. Photo by David Marin/Defense Information Systems Agency

For the most part, concern around Volt Typhoon has centered on how the group has penetrated civilian infrastructure networks like energy, water, and communications. Other officials have said hackers penetrate military networks and regularly target areas around U.S. military bases and nearby industrial base facilities

“Cybersecurity is not the top priority for many of the companies within the defense industrial base,” Haugh lamented. “It’s just not their primary focus. These companies and entities focus on manufacturing, innovating and developing the tools that win this country’s wars.”  

Closer partnerships between the industrial base and CYBERCOM and NSA could ease the risk, he suggested.

“U.S. Cyber Command has been delegated the authority to enter into arrangements with private sector entities to share threat information,” Haugh noted. “One such industry collaboration occurs through an effort called ‘Under Advisement.’ With Under Advisement. U.S. Cyber Command maintains ongoing relationships with cybersecurity firms, researchers, and individuals across the cyber ecosystem and the defense industrial base by exchanging information and working collaboratively.” 

NSA, meanwhile, has started providing cybersecurity support to industry through its Cyber Collaboration Center, which Haugh called “a pretty radical change” from past practice. Still, cyberattacks and intrusions will continue. It will take a dynamic, responsive defense—built on the industry- and growing defense standard known as “zero trust,” an approach that demands networks continually verify users and devices to ensure appropriate access and to protect vital data. The defense industrial base will have to follow those same best practices, he said, in order to ensure a robust and resilient defense.