What will it take for the US to win against China in cyberspace?

What will it take for the US to win against China in cyberspace?
© Getty Images

Over the past few decades, China has recreated itself as a force to be reckoned with on the world’s stage. China’s economy is now the second strongest in the world, following the United States and its military sits at #3, following the United States and Russia. China’s tech is also on the rise: it sits as #22 on the Global Innovation Index released earlier this year. The swift rise to prominence has had many Americans worrying about the looming threat of being overtaken by the Chinese competition.

China’s established practice of intellectual property (IP) theft has contributed significantly to the acceleration of the country’s technical competitiveness, making China one of the US's major cyber threats today. China’s IP theft has occurred across every sector of the U.S. market, and most impactfully against our military defense contractors. The latest Chinese stealth fighter looks like an F-35; it that a coincidence? I don’t think so. Silicon Valley companies, in particular, keep getting seduced into offering more investment in Chinese firms. These firms seek to gain insight into American innovation and steal U.S. tech secrets. The U.S. is also at growing risk of cyber attack; we saw a foreboding omen play out in the Bangladesh Bank heist (in which we suspect China played a role supporting North Korea). Cyber attacks are evolving and nation states aren't limiting their attacks to other nation states; they're coming after commercial companies as well.

So, the big question is, how do we stop China?


Think like a state-sponsored hacker

American organizations should make sure to test their systems against a variety of potential attacks, including those that are more likely to come from the Chinese. Hackers are creative, persistent, and constantly evolving. To set up a strong line of defense against hackers, we need to be aware of the continuous changes within our IT environments. Then, we need to really know our enemy. It’s important to know what types of targets hackers hone in on, their tradecraft, techniques, procedures and how they respond to certain situations. When it comes to cybersecurity, the best defense is a good offense. By proactively and continuously testing our digital systems with attack attempts that mimic a determined and well-resourced hacker, we can protect ourselves from continued threats.

Build a long-term cyber strategy

In contrast to China, the U.S. political system isn’t conducive to forming long-term strategic efforts; our four year political cycles and annual budget cycles make it difficult to commit to a plan and fund the plan throughout. We are at the mercy of rapidly transitioning politicians and their often self-serving proposals. As a result, we operate in periods of growth and deficit, leaving us with a sense of long-term aimlessness. We need to figure out a way for initiatives to outlast their political champions. We need lawmakers to commit to strategic long-term plans in order to grow our economy and positioning in national defense especially. As a nation, we should insist Congress embark on more strategic planning for the U.S. that we want to see in 30-40 years, and allocate an untouchable portion of the annual budget to the strategic plan. (A key element to that plan should be our STEM programs.)

Invest in STEM, technology, and cybersecurity education

We need to train more American professionals in engineering and STEM fields in order to continue innovating and to protect our technology. According to the World Economic Forum, China topped the list for the number of STEM graduates at 4.7 million in 2016. The U.S. produced only 568,000, a mere 12 percent of China’s number. If innovation and digital and cyber strength are important to the United States, we have to find a way to encourage and train more of our students in STEM fields. It’s a tech race to the top; we must enable our people to keep creating, and to build with cyber security in mind.

Technology and cyberspace is never static, and so securing our digital environment against nation states such as China should be of utmost importance. Our growing talent gap in the cybersecurity industry, lack of adequate and adaptive defenses, and the lack of a coherent strategy to improve don’t bode well for our future. We need to take an offensive approach to securing our critical systems, and learn from our adversary to take a strategic view with the necessary budgets and planning cycles to keep up with our adversaries.

Mark Kuhr is the CTO and co-founder of Synack, a cybersecurity company that harnesses the power of crowdsourced hackers and a data-driven platform to secure digital assets.