Countering Threats Posed by the Chinese Communist Party to U.S. National Security

Three questions framed Dr. Doshi’s remarks to the U.S. House Committee on Homeland Security.

1. First, what are Beijing’s ambitions?
2. Second, how does it threaten homeland security in the cyber domain? 
3. Third, how does it threaten homeland security through transnational crime?  

The Chinese Communist Party is a nationalist political party dedicated to the goal of national rejuvenation after what it perceives as a “century of humiliation” at the hands of imperial powers. Related to that objective, the PRC has a grand strategy to displace U.S.-led order. It seeks to “catch up and surpass” the U.S. technologically; to make the world dependent on China’s supply chains economically; and to acquire the capability to defeat U.S. forces militarily. As the world’s leading industrial power with over 30% of global manufacturing and the first U.S. competitor to surpass 70% of U.S. GDP in a century, the PRC is a formidable rival. The PRC also seeks military bases worldwide, including in the Western Hemisphere.

Beijing’s preferred global order would see it project leadership over international institutions, split, Western alliances, and advance autocratic norms. It would weaken the financial advantages that underwrite U.S. hegemony and seize the commanding heights of the “fourth industrial revolution” from artificial intelligence to quantum computing. China’s military would field a world-class force with global bases to defend China’s interests in most regions and even in new domains like space, the poles, and the deep sea. The prevalence of this vision in high-level speeches shows that China’s ambitions are not limited to Taiwan or the Indo-Pacific.

PRC cyber actors have compromised sensitive U.S. networks with four key objectives. First, the PRC seeks access to American personal data for intelligence purposes, hacking major organizations like the Office of Personnel Management, Equifax, and Marriott, compromising hundreds of millions of records. Second, the PRC seeks access to American intellectual property, infiltrating companies and stealing an estimated $1 trillion worth of IP. Third, the PRC targets U.S. government systems, recently breaching tens of thousands of emails from the State and Treasury Departments, including the accounts of high-profile officials like U.S. Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns. Fourth, and most concerning, the PRC is using cyber tools to prepare the operational environment for potential wartime scenarios.

The United States needs to shrink its attack surface while investing in offensive operations against the PRC to establish deterrence. First, Congress should prohibit software companies that sell to the U.S. government from operating in China as several of those firms have provided the PRC the source code of systems that the American government relies on. Second, Congress should prohibit cloud operators that support the U.S. government from operating in China. These companies almost certainly face conflicts given the PRC’s regulatory environment. The PRC has introduced a National Intelligence Law, Counterespionage Law, Encryption Law, Data Security Law, and updates to its definition of state secrets in recent years. This regime gives the PRC the ability to demand PRC entities and individuals comply with requests from the intelligence services, provide access to encryption keys, insert personnel on site, or outright seize equipment and data. The PRC seeks to gain leverage from these entanglements in the case of conflict with the United States. Particularly concerning is is the possibility that the PRC may be learning more about systems on which the U.S. relies while reducing its own reliance on U.S. systems. Third, to prohibit certain PRC goods that connect to networks, Congress should codify the Information Communication Technology and Services Supply Chain Executive Order and fund the office that administers it. Finally, the United States needs to go on the offensive. If the PRC has accesses on U.S. critical infrastructure, the United States reciprocally needs to maintain access on PRC critical infrastructure.

In addition to cyber intrusions, China is directly complicit in the flow of Fentanyl to the United States. The PRC gives tax rebates and grants to Chinese chemical companies for manufacturing and exporting Fentanyl precursors. The PRC not only provides state-sponsored support to these companies; the Select Committee on the CCP found that the party holds direct ownership interest in at least four companies with connections to illicit drug sales. The PRC also allows these companies to advertise their goods openly on PRC websites. Moreover, PRC underground banks help cartels launder Fentanyl profits. The PRC has taken steps to address this issue, but these actions have been inadequate. Congress needs to strengthen U.S. sanctions authorities against entities involved in the Fentanyl trade, including PRC financial institutions. Relatedly, Congress can also link progress on Fentanyl to other PRC priorities, in consultation with the administration. To combat money laundering, Congress should pass the Corporate Transparency Act so law enforcement can track the beneficial owner of PRC shell companies and crack down on money laundering. Finally, Congress should pass the HALT Fentanyl Act to place Fentanyl-related substances as a class into schedule I of the Controlled Substances Act.

The PRC poses many challenges to homeland security. The issues addressed in this testimony affect the lives of tens of millions of Americans. The China challenge is abstract, so it is important we link it to the lives of everyday Americans.