Mike Pompeo, former CIA Director and Secretary of State, seems to be settling for that, particularly vis-à-vis the People’s Republic of China. To be sure, such a position would represent a large improvement over past administrations’ position.
US federal and state officials should demand reciprocity in the relationship with China. If US entities are barred from investing in areas China deems a national-security risk, we shouldn’t allow China to invest in areas that could pose a risk to us—such as Chinese entities buying land near our military bases. If US firms must consent to technology transfers and party oversight to do business in China, Chinese firms shouldn’t be able to do business here without more oversight. If our diplomats can’t freely and privately communicate with Chinese citizens, we shouldn’t tolerate Chinese officials doing so with US citizens. If fewer than 1,000 American students study at Chinese universities annually, we shouldn’t grant visas to nearly 300,000 students from China—especially when some of them engage in scientific espionage, intellectual-property theft and other hostile activities.
That’s insufficient, though. Tit-for-tat doesn’t work in kinetic combat, and it doesn’t work in espionage combat: in either situation, it surrenders (not merely cedes) initiative to the enemy and leaves us scrambling desperately to keep up. At the modern pace of combat, that’s not just a failing proposition, that guarantees we lose the combat, and we lose the wider war encompassing that combat. And that costs us our freedom of action, our very sovereignty.
What’s necessary is going on the offensive, and escalating faster than the PRC can adapt—leave that enemy nation scrambling and trying to keep up.
If the PRC interferes with our water, electricity, etc infrastructure by planting malware for future triggering, we should shut down significant fractions of that nation’s water, electricity, etc networks. Yes, that should include shutting off the controls for the Three Gorges Dam. If the PRC hacks into our government facilities, we should hack deeply into PRC government and CPC facilities and publish the data taken. If the PLAN or PLAAF run intimidation exercises around the Republic of China, we should blanket those forces with ECM and isolate them from their mainland command centers.
We should plant malware of our own in the PRC’s government agencies (including PLA command and control network nodes at all levels of the hierarchy) and network control nodes. We should plant malware in our own agencies and network control nodes to be stolen along with legitimate data, for our later use. We should be building into the computer chips we do allow to be sold into the PRC and its allies hardware malware for our future use.
Yes, we’d be giving away some of our capabilities, but sometimes letting our enemy know what we’re capable of—kinetically, cybernetically, and especially mentally—is contributory to deterrence.
The opportunity for offensive activity abound. It’s time to stop being timid about it. And if we don’t have those capabilities, we need to know the reasons why and get rid of the managers in our defense and intelligence facilities who’ve so badly and dangerously failed us.