If you thought the threat from China was yesterday’s problem, think again.
At the INSA 2025 Spring Symposium, a powerhouse panel of national security leaders pulled no punches as they laid out just how aggressively China is targeting U.S. innovation.
Moderated by former NCSC Director William Evanina, the panel featured:
- David Cattler, Director, Defense Counterintelligence and Security Agency (DCSA)
- Sandrea Hwang, Senior Executive, National Counterintelligence and Security Center (NCSC)
- Roman Rozhavsky, Assistant Director, Counterintelligence Division, FBI
Their message? The threat is evolving fast. And if we don’t get smarter, faster, and more integrated in our defenses—China’s going to beat us at our own game.
A Countdown We Can’t Ignore
Cattler didn’t mince words. He referenced a prediction from the head of U.S. Indo-Pacific Command: a potential war with China could come as early as 2027. If that’s true, he asked bluntly—are we ready?
His agency, DCSA, leads personnel and industrial security clearance programs. And with 13,000+ cleared defense contractors in the mix, it’s a heavy lift. China’s cyber tactics are morphing. They’re not just chasing classified intel anymore—they’re going after the people who build it, the research before it becomes breakthrough, and the supply chain that makes it real.
And the tactics? They’re modern, digital, and relentless. Resume phishing, online solicitations, and infiltration into academia are all on the rise.
“It’s not just about the end product anymore,” said Cattler. “They’re embedding themselves at every stage—research, supply chain, and talent.”
Tech, Talent, and Trade Secrets: The New Battleground
Hwang from NCSC called it straight: China is not hiding what they’re doing. Their public strategy openly lists the emerging tech sectors they want to dominate—and if they don’t have the talent, they’ll buy it or steal it. That’s not conjecture—it’s strategy.
“They are clear in their intent. We have the innovation. They’re coming after it,” she said.
From AI to quantum, from startups to contractors, every corner of U.S. tech is on Beijing’s radar. That’s why NCSC is leaning hard into public education, launching unclassified bulletins and working with 5 Eyes partners to build cross-border resilience. The Secure Innovation portal (secure.ncsc.gov) is part of that mission—arming the public with tools to protect partnerships and scrutinize where funding is really coming from.
Economic Espionage: A Daily Reality
Rozhavsky of the FBI backed it all up with recent case files. Just this January, two major arrests: a former federal employee selling sensitive financial data to Chinese intelligence, and a State Department staffer caught in a “white paper” recruitment scheme.
“This isn’t just about technology anymore,” Rozhavsky warned. “They want the know-how—and they’re recruiting daily.”
One lesson from those cases? Insider threats aren’t rare—they’re recurring. And hiring the right people is just as critical as setting up the right firewalls.
Rozhavsky pushed for proactive employee training and better guardrails like conflict-of-interest disclosures. It’s not just about catching threats. It’s about raising the bar before damage is done.
Is Industry Getting Better? Yes… But Not Fast Enough.
There was some good news. Cattler says awareness is up across the defense industrial base. Security officers are more active. Inspections are more rigorous. But the sticking point?
Security is still seen as “overhead.” A cost. An inconvenience.
“If you treat security like an admin fee, it’ll always be a roadblock,” Cattler said. “But the risks of not having security in place are very real.”
He stressed that security needs to be built into organizational strategy—not just seen as necessary compliance added as an afterthought. And that waiting for the next breach before taking action is no longer acceptable.
Hiring + Security = Defense
Both Cattler and Rozhavsky agreed: protocols alone won’t cut it. You can have the best security in the world, but if you hire the wrong people, your system’s toast.
“Don’t arm your windows and lock your doors, and then invite the mob in to do your plumbing,” Cattler quipped.
North Korea’s use of remote IT workers using stolen identities was just one example Rozhavsky gave. It’s not just about China. Our adversaries are adapting, innovating, and exploiting every weak point they can find—including in our hiring practices.
Toward a More Integrated, AI-Enabled Future
The panel closed with a collective call to action: integrate our tools, update our laws, and modernize our mindset.
Cattler argued that industrial security needs legislative muscle behind it. We spend so much time doing damage assessment after the fact. Instead, we should be integrating personnel, cyber, and industrial intel now—and leveraging AI to spot connections faster.
Rozhavsky noted that combatting espionage isn’t just about catching spies. It’s about making betrayal less lucrative. That means tougher enforcement and fewer cracks in our classification processes.
And Cattler reminded everyone: disgruntled employees don’t just file complaints—they can trigger catastrophic breaches. Culture matters. So does leadership.
“Support your people,” Evanina emphasized. “Everyone with a clearance is a target—and they need to know they’re not alone.”
What the INSA panel made clear: The U.S. is in a full-court press to protect its edge. But speed, trust, and collaboration will define the outcome. The threat isn’t theoretical—it’s already here. And the only way to stay ahead of it is to integrate better, hire smarter, and treat security like the mission-critical investment it is.
Want to dive deeper? Check out:
