Seven Questions the Next President Will Need the Intelligence Community to Answer to Win the Technology Competition with China

During the Cold War, the US Intelligence Community faced the challenge of gaining insight into the activities, plans, and intentions of the Soviet Union, a peer competitor in intelligence work with a global reach, ruthless but potentially high-tech methods, and an ideological appeal that attracted allies and collaborators. Soviet intelligence had the added advantage of operating within a closed society with few restrictions on domestic security operations, while the West remained largely, even defiantly, open and free. Security services operating within democracies, such as the FBI, knew that due to a combination of skilled tradecraft, devotion to their cause, and this unlevel playing field, that we could not count on always catching or stopping Soviet intelligence activities within our own sphere or even here at home. No matter how many resources we poured into the effort, the KGB still might succeed in its various aims. In the end though, the weight of these different systems—free and fettered—along with the work of generations of Cold Warriors pulled down Communism; while the CIA was not unmarred in its competition with the KGB, it was ultimately victorious.

Today the United States and its NATO and other democratic allies face a new competition, again at least partially to be decided in the battleground of intelligence work: the rise of China and its digital authoritarianism system of governing. Beijing, however, has something more on its side that the Kremlin never has had: a leading scientific community supporting a truly international trade base, both suborned to the goals of the Chinese Communist Party, that can produce surprises not only in intelligence operations, but in the military balance, economic leadership, and society more broadly. While the Chekists of decades past might potentially recruit human assets and conduct complex technical operations undetected, China’s innovators may make gains American technologists do not even fully understand, especially in fields such as biotechnology and privacy-invasive applications of artificial intelligence where different ethical standards might at some point prevent Western researchers from being engaged at all but lead those working at Beijing’s behest to deliver big national security gains. 

Moreover, Beijing’s cyber capabilities no longer target just government secrets, but collect intelligence on and influence populations around the world in intimate ways, and on a scale that Lavrenti Beria would have never imagined—hotel stays, medical records, security clearance forms, and social media activity, all captured not only within mainland China but anywhere they control the underlying telecommunications infrastructure, software, or social media network.

So the US intelligence community finds itself at a crossroads—how to structure its teams, promote and reward its people, and invest its resources. Should NSA focus on collecting and processing signals intelligence to inform our understanding of China’s plans for a militarized new space race, despite the best efforts of China’s cybersecurity professionals to guard that information? Or should the Fort be focused on more diffuse targets, like the unproven and probably less protected but nonetheless potentially revolutionary developments at China’s universities? Should the CIA put additional headcount in its China Mission Center toward case officers recruiting spies within the Ministry of State Security’s hacking units, knowing they will face tremendous and skilled counterintelligence pressure? Or would those billets be better used when filled with analysts examining the global commercial ties of Chinese high-tech companies, and writing estimative papers about how those ties might be exploited by that same MSS one day, which may not have even made the same connection yet? 

The answer is that our nation’s spies must plan to do both. As the excellent book by Jennifer Sims, Decision Advantage, lays out in lessons from the past several centuries, intelligence is an inherently competitive process of learning, not only about one’s competitors’ but about oneself as well. To make better decisions, our nation’s leaders need to know not only what their counterparts are planning but the context into which to place those decisions, a thorough understanding of one’s own position, and well-timed insight into how to manipulate those factors for maximum relative advantage. In periods when change is being driven by technological development—be it new naval designs, as in Queen Elizabeth’s time; or the telegraph as in the U.S. Civil War; or the Internet and cyber weapons as in our own time—the most successful practitioners of intelligence are not those most adept at stealing secrets only, but those who can also effectively work with civilian and commercial partners to give the decision-makers they serve the most complete insight into the competitive landscape.

In many cases, it also means US intelligence officials will need to anticipate China’s moves rather than react to them. Particularly in fields where scientific discoveries promise the greatest change or in cyberspace where first movers and standards-setters gain decades of advantage, there will be times where there may be no secret to steal, but no time to waste in preparing for fast moving technological changes where Washington cannot afford to fall behind. The West faced a near-miss on 5G technologies, only late in the game mustering the political will, technological alliances, and recognition of the severity of the security threat to prevent Beijing’s control of a wide swath of communications networks in free countries, built by entrepreneurs but accessible by adversarial spies, including potential access to sensitive alliance systems in some cases. That experience should be a “Sputnik moment” we and our allies vow never to repeat by allowing a less-than-democratic country to control or influence such core parts of our civilizations, either through inaction of the security services or commercial interconnection. We cannot assume future technology fields will have implications that are as reversible.

To prevail in the competition with China, and especially to keep that competition “cold” on terms that ensure the liberty of the American people and assurance of human dignity globally, the United States cannot rely upon the same systems and approaches it used to prevent a second 9/11, since those strategies were built for suppressing a large number of individually outmatched non-state actors, nor repeat the blueprint of activities that led to the downfall of the USSR, since it had neither the economic nor soft power to truly displace American leadership worldwide when nations were given the choice. China is just as powerful as us, will have its own unique appeal where some countries may voluntarily adapt their technology-driven authoritarian system, and we will not win by out-spending or out-spying a modern Communist party with capitalist purse strings.

With that in mind, here are seven questions the intelligence community will need to work to improve its ability to answer, in order to best inform the decisions of the next US President concerning the cyber- and technology threats China poses to our way of life:

(1) What is the state of our cyberdefenses?

The 2022 Annual Threat Assessment of the U.S. Intelligence Community—for which I was the lead author of the cyber sections—shared with the public the coordinated assessment of 17 intelligence agencies that “China presents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private sector networks. China’s cyber pursuits and export of related technologies increase the threats of attacks against the U.S. homeland, suppression of U.S. web content that Beijing views as threatening to its control, and the expansion of technology-driven authoritarianism globally.” Years of previous assessments pointed to Russia as the leader in foreign cyber threats, presenting in tone and substance a China that was a growingworry but not yet at the forefront. Given the decades of experience the intelligence community has gaining insight into foreign technical plans, intentions, and capabilities, we should treat this subtle but consequential shift with vital seriousness.

This assessment points to several particular areas of concern—digital authoritarianism, cyber attacks, and commercial exports as a key driver of both—but mostly speaks to a hard-to-define, broad cyber power Beijing is already exerting, with warning of near-term growth in their ambition and reach. That generalization is probably appropriate for a field such as offensive cyber operations where the range of possible state uses of this nascent power are still being proven. 

The Assessment follows “China almost certainly is capable of launching cyber attacks that would disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.” China might launch cyber attacks, meaning that they are capable of credibly attempting to disrupt these kinds of targets using cyber power, but the assessment says nothing of the likely impact. There is the crux of this challenge for the intelligence community to address: we cannot say, from this assessment alone, whether or not China will do anything offensive against the U.S. in cyberspace. Certainly Russia has not used the full range of its capabilities against NATO and the U.S. in the early stages of its conflict in Ukraine, and has emphasized using its extensive cyber accesses there for intelligence collection and tactical military disruption within Ukraine over more strategic attacks targeting civilian infrastructure. But if China’s hackers do decide to target the United States, what would they find? How well would their operations work? What weaknesses, in America’s defenses, will they find once they start probing in earnest?

Recall that when Colonial Pipeline was compromised by criminal actors, the end result was a disruption of gas flows to the pump for weeks for an entire region of the United States—all from an operation where the criminals did not even intend to directly damage production. The fragility of U.S. critical infrastructure, in this case, actually led to disproportionate impacts from what the attackers expected. 

Likewise when Russia’s military intelligence (GRU) hacked the Democratic National Committee in 2016, setting off a series of cyber-enabled election-influence operations, the impact of their work was far greater than what they had accomplished in years of similar efforts in the former Soviet Union and Europe. Ironically, the further west they went when conducting these operations against ostensibly more robust and mature democracies, the better their operations worked. We may live to find that operations targeting critical infrastructure similarly do better against the federated, profit-driven, interconnected web of critical infrastructure systems in the United States than they have in less developed more centrally managed or less cyber-vulnerable networks elsewhere in the world. 

The IC assessment mentions oil and gas and rail systems, but when thinking about likely vulnerabilities, water systems should be top of mind for threats from any actor. Thousands of individual, mostly municipal, water systems now run on digital infrastructure to varying degrees, most of them badly mismatched in terms of security resources if they are expected to defend themselves against foreign military and intelligence services. Yet so much other critical infrastructure, from healthcare to nuclear energy, relies upon a reliable source of local water for their own operations. 

Likewise, modern civilian telecommunications systems undergird not only our daily, Internet-connected lives, but connect other critical infrastructure systems to one another and carry much of the US Government and military’s critical traffic—a deliberate outage would not only take out your TikTok, but Uncle Sam’s eyes and ears to at least a moderate degree as well. Returning to the annual IC Assessment, we find that they assess “China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations.”

One can imagine a future cyber equivalent of the Cuban missile crisis, where foreign access or intent are suddenly discovered during a period of rising tensions and when bargaining—or perhaps military response—come into play. But unlike missiles, which by their nature are hard to defend against and, when nuclear-armed, have clear catastrophic consequences, cyber operations are so bespoke and beholden to the particular circumstances, defenses, and connections of their targets that playing out a deterrence and diplomacy scenario will require just as much understanding of one’s own targeted systems’ health and security as it will analysis of the secrets stolen by spies about adversary capabilities. The lack of insight into our own country’s defensive position and resilience, and consequent inability to predict what adversaries such as China would discover when they went on offense, positions the IC to fail in its duty to warn and inform the next President during a state-sponsored cyber-crisis, because it will be unable to estimate the likely damage or chance of success of adversary operations regardless of its insight into their capabilities and intentions.

Current IC efforts focus on sharing intelligence with the private sector—an overdue recognition that the US Government is and should remain the biggest single player in cybersecurity, but not the central or only player in a domain where the front line is in the private sector. These efforts have an important role in reducing the scale of damage from newly discovered attack vectors like the log4j exploit that affected millions of computers in 2021. But often this intelligence sharing is too slow to be effective, or covers territory already well worn by private sector experts. In any event, the success of these public-private sharing relationships—one of the main metrics of success self-touted by the government—affect only the giving of intelligence, not the intake of context on private sector readiness necessary to produce a good net assessment. 

There are good reasons the US intelligence community has a hard time doing this—we don’t want our spies or police to also be in charge of civil defense or private sector policy, for reasons of both liberty and practicality. Luckily there is a way to untie this particular Gordian knot: most cybersecurity is driven by engineering and policy decisions, not intelligence-driven tactical countering. Ideally even tactical intelligence, like the discovery of new adversary infrastructure or tools, would inform both short-term remediation and long-term planning. But in the end, smarter standards around the design of secure software, regular patching, incident reporting and related compliance requirements, and other industry standards and regulations as proposed in the new National Cyber Strategy are likely to lead to more secure products and systems with a greater benefit to national security than any information-sharing program. 

The intelligence community of today is made up of 18 agencies: 2 independent agencies (ODNI and CIA), 9 Department of Defense agencies, and 7 from other departments. Those “other” agencies, including the Departments of Energy, Homeland Security, Treasury, and State, will be key to addressing this shortfall by bringing into the IC the broader context around how well regulated industries like finance and energy are doing in terms of cybersecurity, and how our friends and allies around the world are faring as well. Only by fusing the perspective these agencies bring to the table—and empowering and resourcing them to collect this information from their private sector partners and foreign interlocutors—will the spying focused intelligence agencies be positioned to answer the important and inevitable question the next President might ask: how bad is this cyberattack going to get?

(2) Who is in the lead in the race on key technologies?

This question is a corollary to the one above, and with similar solutions, but is worth briefly exploring on its own. The intelligence community has long experience pursuing insight into foreign technology developments of interest, from Soviet missile and space programs that led to the infamous exaggerated “missile gap” analysis to coverage of Japanese high-tech consumer technologies through the 1980s that posed a threat to American economic dominance. It tends to do better against well-defined problems, particularly with developments where America is already ahead and knows the likely path of scientific and technical progress. Nuclear weapons proliferation is a good example, where the path to progress is well-trod and analysts know what part of the story is being explained when new intelligence comes in.

Scientific and technical analysis is more difficult, though, in nascent fields where the future is uncertain—here, analysts will be stuck describing China’s progress by comparing observations to expectation, or official progress to official plans. By some measures China is already in the lead globally for citations of its scientific papers. But scientific discovery by its very nature, and complicated engineering developments in most cases, can have off-ramps of slowed progress or novel insight that go down different, unpredictable paths. 

In the Cold War, this meant keeping tabs on the Soviet Union and perhaps, in a distant second, scientific developments in the rest of the world. But, judging from the diversification of patents and scientific publication by country-of-origin, the World Intellectual Property Organization reports that “innovative activity has grown increasingly collaborative and transnational… Before 2000, Japan, the U.S. and Western European economies accounted for 90 percent of patenting and more than 70 percent of scientific publishing activity worldwide. These shares have fallen to 70 percent and 50 percent, respectively, for the 2015-2017 period amid increased activity in China, India, Israel, Singapore, the Republic of Korea, among others.”

Keeping tabs on all this activity means, at a minimum, recruiting and retaining a critical mass of some science-trained experts working not as researchers but as analysts to understand foreign developments, while also having commercial-, open-source, and secret sources of reporting on those activities, including an understanding of what allies are developing that could be of use to adversaries down the road. It’s a staggering task, even before one considers that cyber-power and software development more generally, including the potential military and economic implications of more powerful AI operating more closely in our daily lives, will be fed not only by original human-directed research but automatically generated and collected data, done by no human hand, obscuring another potential variable whose implications will be hard to predict and harder to collect.

It's also an area of competition in which China will have numerous natural advantages: fewer concerns about privacy, fueling data-hungry development initiatives; a command-economy’s control over both industry and spying, to get synergies from each; and vast pools of engineers and scientists, graduating from increasingly strong domestic programs, and operating with different ethical constraints in biotechnology and other areas of key concern to the U.S. We shouldn’t overstate China’s likely success—all bureaucracies have their own hidden impediments, after all—but at a minimum Beijing will have means of combining their development efforts in the private-sector and for military application with the gathering of information about their competitors’ private- and government-funded research, in ways the U.S. intelligence community currently lacks authority to even attempt to do robustly. In the next arms-, space-, or civilian technology race, China’s decisionmakers will start with a decided intelligence advantage.

That does not mean the U.S. and other democracies are at an inevitable disadvantage overall. Our very openness, both to new ideas and to the creative destruction of innovation-driven capitalism, could provide larger economic and battlefield advantages, particularly during periods of most intense technology-driven change, than the advantages conferred in intelligence by China’s relatively controlled and less free system. But to the greatest degree possible, the U.S. intelligence community will need to do its part by leaning more heavily into non-espionage intelligence gathering by those “other” intelligence community members to gain better insight not into foreign developments, but the relative progress of our own country’s research efforts.

Ideally, scientists and technologists from America’s leading government research institutions would be seconded from time to time to ODNI or CIA to bring their substantive expertise in-house when needed for net assessments. Importantly, those experts need to be free to offer their assessments without guidance from home agencies who might otherwise pressure them, informally or outright, to codify into intelligence assessments an optimistic picture of their own progress—a kind of reversal of the tendency during the Cold War to overstate Soviet capabilities, particularly at budget time.

(3) What are our Allies and neutral countries doing?

National Security Advisor Jake Sullivan’s recent comments about the importance of the U.S. working with “middle powers” and even authoritarian or competitor regimes on areas of mutual concern rather than driving foreign policy strategy solely through blocs of formal allies reflects the reality of an increasingly multipolar world, the growing economic clout and hard power relevance of friendly neutral countries like India, and hopefully, the strength of US strategy as driven by our values, technological leadership, and worldwide military reach. It also means the U.S. intelligence community will be entering an era of complexity in analysis and collection unparalleled in its history, even when focusing on singular issues like tech competition with China.

CIA case officers in the foreign field know well how to navigate the demanding terrain of working with frenemies under ambiguous circumstances. But for those at headquarters making tough choices about how to deploy and develop the IC’s personnel and financial resources, or for top operational decision-makers weighing the opportunity cost of how to use unique assets, this geopolitical shift poses a tough bureaucratic challenge. 

How many economic analysts do you assign to monitor countries other than China? What are appropriate risks to take operationally in friendly countries in order to collect on transnational developments of interest, such as joint research projects? How do we collect information on private or academic research that has national security implications, without undermining the international norms against hacking and stealing intellectual property we otherwise advocate?

The answer will be familiar to many IC veterans: it depends. I won’t even attempt to play out here all the permutations of the above questions. But I will suggest that there are always incentives distorting the distribution of intelligence resources so that the community is encouraged to follow the most recent and largest threats, even out of proportion to what is needed. Certainly at the level of the individual officer, most analysts and operators will want to cover the highest priority issues, both for personal fulfillment and out of ambition. But someone always needs to watch for fires being kindled elsewhere, and in this case we will need not only adequate but robust “rest of world” analytic coverage not in spite of the competition with China, but in order to win it. 

Put another way, we can’t provide the President and other senior leaders with adequate context on Chinese military and technological developments of interest just by pouring greater and greater resources into marginally improving our understanding within that country—we need to understand China’s place in the world, its partners, the unexpected opportunities it will encounter based on developments elsewhere, the transnational and corporate and secret programs already running we don’t even know we need to cover. So whatever the current or planned mix of resources is, while China should no doubt be the IC’s top priority far and away, it would probably be wise to actually put a thumb on the scale the other way and purposefully distribute some percentage of personnel and assets for global coverage regardless of perceived current priority.

(4) What are they doing to influence the way our citizens vote, speak, and think?

Since the June 2016 hack of the Democratic National Committee by the Russian GRU and subsequent willful release of the stolen information to influence the U.S. voting public, the security community—U.S. intelligence agencies, but also private sector, think tank, and academic experts and the social media companies themselves—has built an increasingly powerful and responsive system for detecting and disabling government-backed online propaganda, particularly those campaigns meant to influence the outcome of elections in other countries. 

This happened slowly at first. The senior U.S. intelligence community cyber analyst told the Washington Post in September 2016 “just releasing DNC emails? Welcome to the new world. I would say that’s a law enforcement matter. The ‘doxing’ of a private entity is not a national security event,” reflecting the Obama-era consensus at a time when election infrastructure was still not considered critical infrastructure.

The US Government response at the time was predictable and echoed the shortcomings of Washington’s grasp of cyber intelligence then and now: attribution was only made public months after the fact, once Kremlin narratives had already taken root, done their damage, and created a fissure in the US public not only over how to respond to this campaign, but how to relate to intelligence releases on this topic at all. Even technical intelligence shared by DHS and others at the time was troublingly inaccurate, undercutting public messaging around what should have been a clear-cut case identifying the Russian culprits.

The Russian campaign ultimately probably had little effect on voters,[1] according to a recent academic study focused on Twitter activity at the time consistent with 538’s back-of-the-envelope math. Worse, when the US Government security apparatus did get involved, as when FBI Director Comey repeatedly took to the stage to revisit Hillary’s emails, they more directly affected the election outcome than anything Russia cooked up. In the end, the intelligence agency that had the most damaging effect on the outcome in 2016 was the FBI, not the GRU, a fact that—especially in light of their kingmaking potential as criminal investigators of leading candidates—suggest a need for greater caution in the FBI’s public election-defense role going forward.

Still, in the years that followed, numerous influence campaigns worldwide sponsored by Moscow were tracked, exposed, and disabled with improving rapidity and confidence, especially in the private sector. By 2020, the U.S. intelligence community found that “Russian President Putin authorized, and a range of Russian government organizations conducted, influence operations aimed at denigrating President Biden’s candidacy and the Democratic Party, supporting former President Trump, undermining public confidence in the electoral process, and exacerbating sociopolitical divisions in the US.” Thanks to significant pushback to the Kremlin on the targeting of the integrity of actual US voting mechanisms during both the Obama and Trump administrations, “we did not see persistent Russian cyber efforts to gain access to election infrastructure.”

The essence of the challenge the US intelligence community in particular faces adapting these analytic and collection tools to the China influence challenge is that the muscle-memory Langley, Fort Meade, and their sister agencies learned over the past six or more years was entirely around how to detect and defeat covertonline influence campaigns—spies countering the work of other spies. That approach works well for stopping the designs of relatively isolated countries like Russia or Iran, with little economic, cultural, or diplomatic sway around the world, leaving their head of state has few options short of actual conflict other than to task that nation’s spies to affect a political outcome in another country. That those spies may be competent, brave, patriotic, well-resourced raises the challenge of detecting and defeating those activities but still leaves them bound in one, limited domain with generally indirect influence.

China, though, has a broad toolkit its leaders may tap to change election outcomes around the world. Yes, they have elite cyber tools and could conduct operations at least as covert and successful as the GRU’s hack-and-leak approach to elections in Europe and the U.S. Their online covert propaganda, though generally still ham-handed in the West and with often poor English translations, is nonetheless technically competent—the campaigns that have were uncovered targeting, in part, U.S. elections in 2020 were small and gained no traction, but some also went undetected for months or more. Probably these operations could improve in impact very quickly with the addition of better translation and more Western-savvy social media, since all the other pieces are already in place. This raises the risk of a Russia-style surprise wherein Beijing suddenly has impact on an election disproportionate to expectations, with some indications their propaganda efforts are already having greater success in-between elections reaching external audiences.

More challenging for the U.S. intelligence community will be Beijing’s ability to tap into business, diplomatic, and media ties around the world to bring more direct, but deniable, pressure to bear that favors or disfavors their preferred candidates. 

Given the importance of economic health to the reelection of US presidents, might not supply chain disruptions with a China-nexus get resolved more slowly to harm public perceptions of that candidate? What about the signing of favorable trade deals in politically rich sectors, like agriculture, and the speed of implementation of those agreements not help or harm one candidate or another? In as government with centralized power as in Beijing, this can be done directly with orders to relevant subordinate officials or more discreetly signaled by simply letting one’s country’s entrepreneurs know that the election of one candidate or another in Washington would strengthen or strain trade relations.

China, too, has diplomatic reach not seen outside the United States since the dissolution of the Soviet Union. Today, Taiwan bears the brunt of that force during election season: coordinated moves to cut off foreign recognition of Taiwan or otherwise undermine their international status, while fitting long-term goals, can be timed as part of multi-faceted covert, business, state-controlled media, and cyber-influence campaigns. 

Likewise, Beijing has proven willing, if not yet terribly adept, at having its “wolf warrior” diplomats amplify more covert campaigns, as they did starting around September 2020 to draw attention to the Spamouflage Dragon campaign detected by private sector experts. That campaign expanded China’s cyber-influence for what the authors of the report say was the first time when it included external audiences, being amplified by a senior figure at Huawei Europe and the Venezuelan Foreign Minister, among others, thus giving some sense of how China’s MFA officials might play in a future influence campaign by drawing in international allies and media to cover their leadership’s preferred narrative. 

That campaign “frequently attacked the United States. In the summer of 2020, many of those attacks were aimed at then-President Donald Trump” before turning its sights on Mike Pompeo. These findings directly support the public dissent I took on the Intelligence Community’s election-threat analysis for 2020, in which I noted that “China took at least some steps to undermine former President Trump’s reelection chances, primarily through social media and official public statements and media…and that Beijing implemented some—and later increased—its election influence efforts, especially over the summer of 2020.”

It should be noted that the authors of the private sector report note that they do not have evidence connecting the covert campaign to government sponsorship, even in light of the seemingly coordinated actions with Chinese diplomats. Instead, they say that “rather than being a vehicle for election interference, Spamouflage is a cheerleader for Chinese state narratives of China’s rise and America’s fall.” This is a similar logical error to one made by the U.S. Intelligence Community, which generally classified even directly anti-Trump narratives as focused on administration policy rather than the President’s reelection, even when mentioning his reelection directly.

It would be meaningless to classify every foreign behavior during U.S. election season as election-influence, since elections are a natural fulcrum for influencing other countries’ policies, most especially that of a democratic hegemon. But it is equally obtuse to dismiss actions clearly targeting U.S. elections as a process, or elected officials as candidates, simply because the malign narrative being employed also criticizes policy. Domestic political campaigns routinely criticize candidate policies as a means of attacking their political base; why should we expect foreign influence campaigns targeting those same elections to be any different?

For example, Russian covert influence campaigns have for years made criticism of the West’s Ukraine policy a cornerstone of their messaging and targeting, in U.S. Presidential elections and in more targeted campaigns against Poland, Germany, and NATO as a whole. Especially since Moscow’s invasion it is easy to see, from their point of view, how countering America’s Ukraine support as a policy matter and engaging in election-influence go hand-in-hand. Indeed, in the IC’s assessment of 2020 election influence for which I served as lead author, there is an entire subsection describing the Ukraine links to their 2020 efforts, which describes that facet of the campaign by assessing that “that the goals of this effort went beyond the US presidential campaign to include reducing the Trump administration’s support for Ukraine. As the US presidential election neared, Moscow placed increasing emphasis on undermining the candidate it saw as most detrimental to its global interests.” 

This is a clear and nonsensical double-standard from how similar, dual-themed covert messaging from China was handled in the same timeframe, precipitating my dissent in my own paper. If anything, China’s online influence teams have a history of mixing multiple threads: targeting southeast Asian elections while also promoting China’s domestic industrial champions, compromising election infrastructure while also stealing industrial secrets. 

Only by dealing honestly with this misjudgment, calling Beijing out for it, and taking a broad approach to countering China’s influence across their entire toolkit—collecting on, analyzing, and stopping influence that is not only covert, corrupt, or coercive, as we do now, but also otherwise legal but foreign-government coordinated—can we fully defend the health and independence of our open democratic system from digital authoritarian encroachment and abuse.

(5) What can I do about it?

When we think of the intelligence community we usually think of the collection of foreign information of interest and subsequent all-source analysis: the solving of riddles, revealing of protected secrets, predicting of geopolitical events, and catching of terrorists. But the IC in general and CIA in particular also wear a separate hat: the conduct of covert action, which in Title 50 of the U.S. Code is defined as “an activity or activities of the United States Government to influence political, economic, or military conditions abroad, where it is intended that the role of the United States Government will not be apparent or acknowledged publicly...”

In other words, in addition to its role standing back and looking to understand developments around the world objectively and communicate them to policymakers, the IC in general and CIA in particular also, in circumstances dictated by the President, seek to cause those global developments to occur in a way directed to good outcomes for US national security and prosperity. Other IC elements may wear action-oriented dual-hats of their own wherein strategic intelligence work is secondary, such as the FBI’s law enforcement focus and the warfighting mission of the DOD intelligence elements.

As these agencies are presenting intelligence-driven threats and opportunities, the next President will no doubt ask them what to do about it. When asked, they must think outside their own agencies or even their own intelligence community. The temptation will be to highlight what their own agency is doing about the problem, and to tout both successes and the need for greater resources for those efforts. But given the scale and multi-faceted nature of the threat China poses, the most effective policy answers will probably come from “big,” overt, and interagency solutions, be it in regards to economic or trade policy, large military force projection and preparation, or diplomacy. If the IC wants a place as a trusted advisor on the intelligence analysis side, it cannot be seen as pushing its own policy agenda when it comes time to discuss solutions to these problems, as is so often the case today. 

Covert action can be very powerful—giving history a kick in the right direction—but only on the margins and, especially against near-peers, only in concert with larger US Government policy. The ineffectiveness of single-agency intelligence-driven tools, such as the failure of criminal indictments of China’s state-sponsored hackers to deter further cyber activity, shows the limited benefit to national security of this approach. Likewise, skilled intelligence work did not prevent defeat to the Taliban over the past two decades, nor is it yet certain to ensure Ukraine’s survival as an independent, integral country.

Intelligence agencies should also continue the more aggressive approach to declassification the Biden administration adopted to warn allies and the general public about the threat of a Russian invasion of Ukraine. Many of the key issues of the day involve covert Chinese corruption of legitimate commercial applications, telecommunications and computing technologies, and digital services that people around the world enjoy or that are made available at a greatly reduced price relative to non-subsidized Western competitors. In addition to producing classified intelligence assessments on the nuance of these threats, the best of the IC’s thinking should be available, rapidly—and when possible, with sourcing—to win over public opinion and reduce the demand for these products. Otherwise, particularly smaller democracies will face difficulty mustering the political will to confront China over these issues when even their own populations are demanding they do not.

Just as important as presenting the President with the full range of options without self-aggrandizement, the IC and broader national security community should be clear about what it will not do. As I mentioned above, the competition with China is primarily one about competing systems of governance: what kind of relationship between a government and the people is, at a practical level, the most effective and likely to thrive in a globally networked but increasingly nationalist multipolar world order. In that competition, China’s digital authoritarian system of transnational governance makes use of a suite of security tools, both for themselves and to export to other nations as a means of gaining influence, that America’s defenders must be sure to avoid.

Few would argue that the United States and its allies should use commercial spyware to target journalists who write unfavorable stories for cyber-exploitation, as China, Russia, and other less-than-democracies embracing Beijing’s governing system increasingly do. Yet the desire to have these tools available for other security or law enforcement purposes, even in countries with rule-of-law and strong oversight such as the U.S., means their technical viability for use by other countries as well. Likewise, the imposition of backdoors in software products is not merely a loss in terms of the domestic balance between liberty and security, but due to this larger competition between systems means it is a net negative for long-term national security as well, whatever the short-term benefits. Many more examples abound; in short, our technology-driven security choices must also reflect and advance our values at every step; we cannot try to defeat an ideological adversary by adopting its methods, when those methods are antithetical to our own values and so naturally congruent with theirs.

(6) What do they think we are doing?

China will be asking its own tough questions and they, like us, will remain prone to imagine their enemies as 10 feet tall. That includes seeing coordination when Western media, governments, and industrialists come to the same conclusion about this or that international issue. Certainly, such thinking pervades Russian paranoia and alleged information operations seeking to undercut Kremlin rule, which in turn justified and incentivized their own covert influence and destabilization campaigns against the West in recent decades. 

In an era when scientific discovery and international ties are driven by an ever-growing list of nation-states, and with a greater tilt toward academic- and transnational corporate influence, than the world has seen in nearly a century, there will be more opportunities than ever for Beijing to imagine themselves the victim of an orchestrated Western plot based on actions taken entirely by private individuals and organizations or independently by other countries. China’s response to those perceived threats could be even more dangerous than Russia’s has been, given the broader toolkit and greater economic and technological heft Beijing will have behind it, making it more important than ever for the intelligence community to understand not only what they are planning to do but how they are thinking about responding to their perception of our plans and activities.

Nations preparing defenses for biological weapons attacks naturally develop the skills, personnel, technologies, and infrastructure for conducting such attacks themselves. Ironically, that technology-driven security dilemma could then inspire hostile nations to develop the very bioweapons one was hoping to defend against. Likewise, cyber-expertise, advanced missile defense, space technologies, and a raft of genetics-based biotechnology will pique the interest of intelligence officers not just in the United States but in Russia, China, India, and other countries—all reading into these activities some combination of the facts and their own biased mistrust of one another’s motivations.

As with several of the questions above, the medicine for this ailment is greater awareness by intelligence community analysts of what its own side is doing. As mentioned above, this means, in part, greater connections and openness with the private sector and academic researchers so vital to successful cyber- and scientific-threat analysis. This will be doubly important when that research or those technical activities are undertaken with US Government sponsorship, where the mental leap by nation-state competitors to malicious interpretations of our scientific and technical progress in dual-use fields ranging from quantum cryptography to nanomaterials to bioengineering to advanced batteries and energy sources will be shorter.

Perhaps the greatest barrier to broken down will be in ensuring analysts have an understanding of what their own agencies, departments, and militaries are doing in terms of covert and clandestine operations. It is not impossible to imagine that at least some parts of CIA and DOD operations will be detected by their targets, and to the extent that those targets are in technologically advanced rivals, especially China, one has to assume that both the capabilities observed and fact-of the operation will spur a response. At a minimum the effects of those operations might be detected and assumed to have US sponsorship, much as Iran assumes that most cyber- and covert-action incidents it suffers involve Israeli sponsorship in some way. Without a clear understanding of what one’s own side is doing, there is a risk of misinterpreting new programs, operations, and changes in strategy on the Chinese side as being active rather than reactive on their part, and for example overstating their aggressiveness or desire to escalate.

(7) What questions should I be asking?

Among the post-9/11 intelligence community changes has been an increased emphasis on ensuring interagency coordination of major intelligence analyses, such as the short articles that appear in the President’s Daily Brief (PDB) or the longer-form National Intelligence Estimates that can take months to years to publish. No longer a CIA-only product and nominally overseen by ODNI, though still de facto under CIA leadership, the PDB has done a better job in the past two decades of including the best reporting and thinking from a range of intelligence agencies and intelligence units within other agencies, such as the excellent work from the State Department’s Bureau of Intelligence and Research.

In theory, this means that the President and his designees with access to the PDB every day should be getting the relevant raw reports and agency perspectives on the major issues of the day in a more transparent way. At the working level, it also means analysts at CIA and elsewhere have more reason to know about the most secret collection and activities happening at other agencies relevant to their topic—writing PDBs produces natural discovery, during coordination of these articles, of important pieces of information analysts might not otherwise have had access to or been made aware. So far, a win-win all the way around.

This process is superior when the target is known and well understood—tracking the status of terrorist plotting being the most relevant, but including military capability analysis, nuclear proliferation, and other issues where the “what” national security decision-makers would want to know about is already well known and usually has been followed for years or decades. It is, in a word, an industrial intelligence process of producing and coordinating work at scale.

This process works less well for controversial, suddenly changing, or entirely novel substantive issues. The dissent I mentioned above in a declassified long-paper began as an attempt to take a minor, one-sentence dissent on a PDB article. But because the topic—election influence—was both important and controversial, the senior analysts throughout the IC who agreed with me were not able to have our views represented, even though as National Intelligence Officer I was normally entitled to coordinate on PDB articles. I complained to the Intelligence Community’s analytic ombudsman, who later found that I had been targeted for “politicization from above and from below” over the issue, starting with this PDB article.

Nor is this an isolated incident. Failures to make dissenting views known to the President over the resurgence of ISIS, the likelihood of failure in Afghanistan, and the spread and origins of COVID have all made front-page news in recent years, in part as a result of a process designed primarily to protect institutions from risk rather than to foster analytic debate and insight.  A process designed to ensure that all agency views are represented has a way of overshadowing the input of individual experts in the name of bureaucratic cohesion, particularly on issues of life, death, and agency budgets. The pre-9/11 PDB space given to the FBI’s investigative efforts to discover al-Qaida plotters is a stark example of how a focus on what individual agencies are doing that they want to highlight for the President, while omitting objective outside analysis of potential failure points, can take over this process.

The short format of PDB articles, usually one and rarely more than two pages, leaves little room for nuanced discussion. But make articles too long, and the audience that will actually sift through them shrinks, reducing the IC’s ability to communicate bluntly with policymakers. Bringing together the official position of 17 intelligence agencies, in a few paragraphs, on issues of strategic importance might be an expedient way of making the best thinking available to the President. It usually works, but when it doesn’t, as in areas of rapid change or when political pressures have created non-analytic pressure, our elected leaders are too often failed by the IC—not because of a failure of imagination or collection or analytic tradecraft, but because of a failure to communicate the fruits of those efforts in a policy context. Too often, after endless rounds of interagency coordination, the best insights never leave the top-secret water cooler.

While those examples may be explosive and important they are, thankfully, relatively uncommon. What is more common is that the emphasis on coordinating intelligence articles as broadly as possible results in milquetoast, mushy analysis—everything becomes a moderate threat with a medium chance of happening. If extra lines must be used, they are to provide caveats and shift the blame for failure rather than elucidate. What is needed now is not only coordination but humility—an acknowledgement that no one has a crystal ball, and that even the best experts, working in concert, will at best narrow their likely predictions and understanding to a range of outcomes. Capturing the range of possibilities, and their likely probabilities, is a standard way businesses and individuals make decisions, but despite tradecraft admonitions to the contrary, is largely anathema to intelligence writing at the highest levels where the emphasis at present is on presenting a single probabilistic judgment. As a starting point, the IC should consider on major analytic calls making clear to the President the distribution of the opinion of its experts on likely outcomes and probabilities that went into determining a single coordinated answer. Such an approach could have improved analysis in nascent fields where the IC lacks expertise and coordinated products tend to groupthink among career public servants often without substantive grounding, as is the case with cyber analyses. Looking a little deeper into history, it could also have prevented gatekeeping by senior CIA analysts of the “analytic line” of the Soviet Union’s continued strength in the face of Berlin Wall protests and economic decline, which some analysts at the time found more convincing as signs of likely overall political shakiness than those indicating continued stability. Admiral Stansfield Turner, who was Director of Central Intelligence from 1977 to 1981, noted that "On this one, the corporate view missed by a mile."

Luckily, these issues are not without precedent or solution. Military officers and diplomats have formal dissent channels where they can remain pledged as good team-players to the decisions made from above while still registering their individual concerns in a transparent way. Intelligence analysts need something similar—a formal way where they can sign their name to dissents, with individual responsibility and wide transparency for their colleagues and policymakers alike.

Ironically, it is when the stakes are most high, the change most rapid, and the threats most new that these channels will be most important—certainly criteria that the tech- and cyber-competition with China meets. In all likelihood these channels would be important for more direct potential military confrontation as well—though I’m only moderately confident it will come up.

Christopher Porter was the National Intelligence Officer for Cyber from 2019 to 2022, leading the US intelligence community’s analysis of foreign cyber threats and threats to US elections as a member of the National Intelligence Council. In 2013, while an analyst at CIA, he received the National Intelligence Analysis Award for coauthoring a science- and technology-related National Intelligence Estimate as part of an interagency team. This article is the work of the author alone and does not represent the position of the US Government or of any current or former employer.

[1] Though probably within the margin-of-victory, along with many other factors in an ultra-close election.