“Cyber Warfare: The Enemy inside the Gates. All Hands on Deck. We Are at War.” The first three headings in the table of contents tell the reader where Michael G McLaughlin and William J Holstein stand in the debate over what the US should do in response to challenges posed by China and Russia.
Their new book, “Battlefield Cyber” (Prometheus Books, 2023), is a maximum threat treatise and a detailed exposition of risks they believe are not fully appreciated by the American people.
McLaughlin is an attorney based in Washington, DC, who concentrates on cybersecurity, government contracting and national security law. A US Navy intelligence officer for more than a decade, he served as senior counterintelligence adviser for the US Cyber Command until 2022.
Holstein is a veteran journalist with decades of experience covering China, technology and multinational business. He has written nine other books, including “The New Art of War: China’s Deep Strategy Inside the United States” (2019) and “A Grand Strategy: Countering China, Taming Technology, and Restoring the Media” (2021).
The subtitle of Battlefield Cyber is “How China and Russia Are Undermining Our Democracy and National Security,” but it might as well be “Only the Paranoid Survive.”
That, you may recall, is the title of former Intel CEO Andy Grove’s book about how to recognize and exploit strategic inflection points – which “can mean an opportunity to rise to new heights,” but “may just as likely signal the beginning of the end.”
The book addresses several key issues, including cyber threats to critical infrastructure, the defense industry supply chain and the semiconductor industry, vulnerabilities in software, cloud computing and high-tech company management, the differences between the Chinese and Russian approaches to cyber warfare, the exacerbation of political and ethnic tension and the difficulty of dealing with propaganda in an open society.
In addition to being a polemic, it is – with some qualification – a handy reference work.
The “no limits” partnership between Xi Jinping and Vladimir Putin is at the root of the problem, in the eyes of McLaughlin and Holstein:
As Americans, we thought we had created the technology of the internet and therefore would dominate and control it. But these adversaries have learned how to penetrate American systems for espionage, data and intellectual property theft, and criminal gains, and how to position themselves for future cyberattacks against our critical infrastructure. Unlike Western democracies, which closely adhere to international norms in cyberspace, these adversaries understand cyberspace for what it truly is: a battlefield.
Our opponents have also mastered the use of our own social media platforms to deepen the dangerous illusion that different sets of Americans are fighting among ourselves in to-the-death struggles for ideological supremacy…. [They] have studied how democracies work and have found their true vulnerability—their very openness. Americans fundamentally believe in pluralism and checks and balances among different interest groups. The private sector is different from government and does not expect to stand on the front line in a battle to protect America’s national security. Business leaders genuinely feel they bear no responsibility for national security.
This naivete must be overcome by recognizing the problem and devising ways to deal with it that do not undermine basic democratic freedoms. Because, as the authors write, “Although our adversaries opt for illicit cyber activities, their strategies have been carefully calibrated to prevent a forceful US military response or cyber onslaught on their own computer systems or critical infrastructure.”
It is a sophisticated long-term challenge, not an invitation to a fistfight. Of the key issues addressed in separate chapters of the book, perhaps the most readily understood and alarming concerns cyber threats to the US defense supply – more than 300,000 companies that are all targets or potential targets of cyber-attack.
In 2022, the National Defense Industrial Association found that it could not give the US defense industry a passing grade. “Data breaches, intellectual property theft, and state-sponsored industrial espionage in both private companies and university labs,” it noted, “are on an unrelenting rise.”
Not only that, but the Chinese military can acquire weapons “five to six times” faster than the US Department of Defense. Major General Cameron Holt, deputy assistant secretary of the Air Force for Acquisition, is quoted as saying, “In purchasing power parity, they spend about one dollar to our 20 dollars to get to the same capability.” Or superior capability.
The chapters about the vulnerabilities of software, cloud computing and corporate IT systems are technical and detailed, but also illustrated by vivid stories. Those include the report on the hacking and diversion of US defense industry files to Shanghai that was researched and written by Holstein in 2016. The overall conclusion is that corporate cyber security has been and is seriously inadequate.
Unfortunately, the section on the semiconductor industry is already out of date – one of the hazards of book publishing in an era of rapid change in both technology and government policy. The authors do make a good point about the CHIPS Act, which subsidizes the expansion of semiconductor production capacity in the US, including the massive new factories now being built by Intel and TSMC in Arizona:
And where will all these chips be used? If the American goal is to create a vibrant semiconductor industry on US soil, then at least some of the customers for those chips ought to also be in the United States, which suggests that the consumer electronics, computer, and smartphone industries could start to be re-established here. The United States allowed all that type of manufacturing to go offshore, much of it to China. As long as those products are made in China, the Chinese will be able to penetrate them.
They also ask the obligatory question: Is Apple “held hostage” by China? – and raise the alarm about TikTok, which some US soldiers use to send videos of their barracks home to their families – and, unwittingly, to Chinese intelligence. Has the DoD really not been able to stop this?
McLaughlin and Holstein recommend banning TikTok and Zoom, which may act as personal data siphons to China. But TikTok, according to market research organization DemandSage, has nearly 1.7 billion users globally, including about 1.1 billion active users and 150 million users in the US.
Banning it in the US would lock a high percentage of young Americans out of the new global internet culture the same way that Chinese internet users are locked out of Facebook. Banning Zoom would be inconvenient for lots of people, including me, who are not terribly concerned about eavesdropping most of the time.
Other recommendations are more practical, among them encouraging social media operators to authenticate users and hold them accountable for cyberstalking, targeted harassment and discrimination; clarifying the regulations governing the management of tech company platforms; and persuading or – as in the case of technology export restrictions – compelling corporate management to pay more attention to national security.
Even so, “It will probably take a full decade for America to secure its computing systems. The pattern of penetration is so deep because of the malware and backdoors that have already been inserted into thousands of US systems. The private sector could take some steps in the right direction. But ultimately the private sector does not presently have the right set of incentives to fully clean up its act. Government will have to use a mix of sticks and carrots to change the cost-benefit calculus that takes place at the top of the corporate world.”
As for the US government, “a Department of Digital Services must be established at the cabinet level. Just as the 9/11 attacks spurred the creation of the Department of Homeland Security, the development of the internet and associated systems is an epochal event that demands a similar response.”
And if this is not done? “Let there be no doubt,” McLaughlin and Holstein warn, “without a significant change of course and a whole-of-nation effort to secure our critical technologies, China will win the next war before we ever fire a shot.”
Follow this writer on Twitter: @ScottFo83517667