Editor’s note: In concert with the Defense Entrepreneurs Forum’s Project Gutenberg, a futurist imagines a post-mortem on an artificial intelligence-aided Chinese invasion.
SECDEF on Chinese Taiwan Attack: “We Flat Out Failed to Understand Their Artificial Intelligence Capabilities”
The Department of Defense’s chief testified before Congress, revealing details of China’s efforts to deter the United States during last year’s invasion of Taiwan.
Published Aug. 28, 2024 at 8:47 p.m. ET
WASHINGTON — The Chinese People’s Liberation Army shocked the world last November when they activated nearly two million reservists, mobilized the People’s Armed Forces Maritime Militia, and executed a surprisingly successful cross-strait invasion of Taiwan.
In a marathon day of testimony before the House Armed Services Committee, Secretary of Defense Barry McDermott revealed how the PLA’s cyber branch used artificial intelligence and the “internet of things” to help Chinese conventional forces achieve strategic military aims far from the conventional battlefield in Taiwan. McDermott told committee members the artificial-intelligence capabilities China employed will force a redefinition of “the battlefield” and must change how the US military trains for future conflict.
“We’d worked for years creating and exercising joint operational plans, but at almost every phase our ops seemed to be out of sync,” McDermott said in his opening statement. “They were in our heads.”
“Our after-action reviews indicate the Chinese employed a sophisticated artificial intelligence, or AI, enabled system to identify critical human nodes within the Department of Defense’s active duty, reserve, civilian, and contractor corps. As China commenced the conventional invasion, autonomously gathered intelligence enabled its forces to create highly individualized informational threats and kinetic attacks targeting those who could most influence the outcome of the conflict.”
“Sometimes this was a unit commander, or a general officer. But more often than not, the algorithm selected targets like ordinance loaders, a mid-level ship’s navigators, or even civilian network technicians.”
McDermott noted that this system was fueled by a massive universe of personal data, which continues to grow twenty years after social media outlets began to emerge. “The Chinese leveraged the globalized ‘internet of things’ combined with hacked and open-source personal information to fundamentally change the ethical and operational conduct of war, by making civilians far from the battlefield fair game as targets. They turned our own ‘surveillance capitalism’ into a way to attack us.”
“Caught With Our Pants Down”
McDermott was challenged several times during eleven hours of testimony by prominent committee members on both sides of the aisle. Rep. Bruxton Seville (R-FL) was particularly harsh, wondering in a line of questioning why several key national-security voices were not taken seriously when they previously sounded the alarm about the complexities and imperatives of keeping up with China’s meteoric rise in the fields of quantum computing and artificial intelligence.
Seville also pointed to warnings from as early as 2019 that the US military was not sufficiently prepared for a twenty-first-century fight. “Frankly Mr. Secretary, it seems to me we should have known that something like this was coming, but it happened anyway,” Seville bristled. “Where I come from in the Panhandle, we call that getting caught with our pants down.”
McDermott acknowledged that “we flat out failed to understand their capabilities,” before explaining that “inside the Beltway we understood the need to be prepared for dramatic technological change, but in hindsight maybe there wasn’t the political will or perhaps the proper budgeting strategies to do so.”
The secretary was uncommonly direct in his critical appraisal of his department’s activities in the years leading up the Chinese invasion. “We failed to adequately train the department as a whole about the twenty-first-century threats that the ‘internet of things’ and smart devices pose to our military force and achieving our objectives. For the first time since Pearl Harbor, a state actor carried out attacks on military personnel—and their families—on American soil to further their strategic aims. But instead of aircraft they did it with AI.”
Everyday Technologies “Turned Against Us”
Among the most revealing portions of McDermott’s testimony occurred during questioning by Rep. Tanya Gutierrez (D-CA), who asked, “When you say ‘adversarial attacks on service members on United States soil,’ what exactly are you referring to?”
“Once the Chinese leadership believed American intervention in Taiwan was inevitable,” McDermott replied, “their automated system targeted approximately five hundred DoD employees worldwide—some of our most critical people—and did so by turning the everyday technologies we’ve integrated into our lives against us.”
In response to the confusion expressed by Gutierrez and other committee members, McDermott offered new details on Pentagon planning assumptions, which he admitted proved to be erroneous.
“We had believed that large scale cyberattacks on United States domestic power grids or water supplies would be inevitable. What we failed to foresee was large-scale attacks were not necessarily required. The Chinese used highly targeted ‘micro’ attacks and threats to achieve their desired battlefield effects thousands of miles from the traditional battlefield.”
McDermott also described who was targeted, information Pentagon officials had previously declined to make public. “Forward-deployed personnel in Guam and Okinawa, Air Force families at Whiteman Air Force Base in Missouri—home of our critical B-52s bombers—contract personnel in California, and active-duty planners and staffers in Washington, DC.”
Mandarin linguists and non-government experts in think tanks were also targeted by the Chinese. “The targets were exhaustive and the attacks were ruthless,” McDermott emphasized.
McDermott’s testimony made clear that this substantially more sophisticated than previous cyber attacks linked to the Chinese military. “Their modus operandi seemed to be . . . instead of going to all-out war against us in the Pacific, they studied open-source information and stolen information to figure out the critical nodes to attack, whether they were flag officers in key positions or individual satellite technicians.”
Gutierrez pointed to past US targeting of individuals with cyber tools, specifically operations against ISIS members in 2016, asking why that didn’t lead military planners to anticipate China doing the same.
“This was more than a cyber attack,” McDermott replied. “There weren’t humans picking and choosing targets. Instead their AI and machine learning identified critical human nodes and instantaneously and autonomously selected the best way to persuade, neutralize or attack them.”
McDermott promised further detail in an upcoming closed session, but told committee members that the Pentagon expected China to target communications satellites or infrastructure broad attacks, not the individual targeting of “the cell phones of some of our most important people.”
Asked what success rate these operations had, McDermott promised further detail in an upcoming closed session, only saying it was “substantial.” “We’ve come to rely heavily on these devices, particularly when time is of the essence.”
He went on to describe what he called the “psychological aspects” of the attacks. “Targeting the power grid in Missouri on a block-by-block level, turning off the lights of the houses of bomber crews or key senior leaders and sending personalized text messages threating their families in the darkened homes—we were able to make contact with the targeted individuals pretty quickly, but that’s naturally a pretty frightening thing to experience.”
“No one was sure if these were empty threats or if their families would be targeted by some sort of kinetic attacks. It sowed chaos, doubt and fear within our most important units at a critical time.”
Light Shed on the DC Self-Driving Car Mystery
The Chinese also used cyber to act “kinetically”—to attempt to kill, injure or move people against their will. “They delayed or diverted several civilian-contracted airliners that were transporting units into theater. The system identified, located, and remotely shut off personal vehicles of sixteen targeted individuals while they were driving, resulting in seven collisions and injuries to the people in hacked cars.”
“Twelve of these incidents were in the United States and four in host nations or on bases overseas. In concert with the PLA’s Cyber Hacking Unit, in the thirty-six hours before the invasion, their system took control of four self-driving taxis in the DC area and turned them into weapons,” which McDermott said turned the cars into “mini-missiles.”
His comments explained a series of incidents that neither city authorities nor the companies who own the fleets of driverless vehicles in use in the city could explain. Self-driving taxis had operated in Washington for nearly two years without any major incident, but in the span of three days, four unexplained crashes—two deadly—occurred. McDermott told the committee that the victims of were all DoD personnel, but did not provide their names or further details about their jobs.
“One victim was t-boned in an intersection during the morning commute. Another was struck while walking home from work the day before the conflict began. In suburban Alexandria a self-driving car inexplicably drove across a private home’s lawn and into the house.” McDermott did not provide details about the fourth incident.
As with the Whiteman Air Force Base cases, targeted text messages were sent to the victims’ family members after the incidents.
Several committee members focused their questions for McDermott on the text messages, asking about the reasoning for sending them instead of conducting the attacks covertly.
“In the context of a fast-moving military crisis, the fear, hesitation, and uncertainty the texts created had similar impacts as the physical taxis crashing into houses or the delayed aircraft. As an effort to disrupt our decision loop, I have to say this tactic was very effective.”
Questions Answered About Previous Hacks, Cyber Thefts
In the afternoon, McDermott addressed questions about what the Chinese were doing with information they stole in large military and private-sector cyber breaches within the past few years.
“This type of algorithm needs data to learn. DoD assesses the Chinese started with a ‘training set’ to build algorithms that eventually became the ‘feature set.’”
The training data set, McDermott explained, likely came from data stolen in multiple hacks during the 2010s from the Office of Personnel Management’s personnel and security clearance databases. “The fourteen million people involved in these thefts were then correlated with connections and family listed within the files, creating a foundation of almost a hundred million Americans.”
“This information was then paired with open-source or third-party application data from social media, along with other data breaches from credit-monitoring companies.”
“Before long, the PLA had a massive picture of who did what and where within our Department—military or civilian, contractor or reserve—details about specific units and deployments, and information about individuals’ personal contacts and family. We believe the system used this data to learn.”
The bombshell revelation in McDermott’s testimony came when he told the committee that the PLA’s system included mapping connections to military dependents. “Much as in 2016, when Cambridge Analytica had profiles on more than two hundred million Americans, the PLA’s system clearly sought to build a clear picture of the human side of the Department of Defense. The system extended beyond the employees themselves to include family members, friends, and acquaintances.”
Rep. Chris Larkin (R-OH) seemed incredulous as he asked whether the personal information was used to blackmail DoD employees.
“In some cases, yes,” McDermott told him. “The algorithm calculated who was most critical to supporting Taiwan defense and how each could be located and disrupted, blackmailed, or distracted. We assess the Chinese built this system only for when they needed it most, to deter the full force of our military, specifically in the Taiwan scenario.”
McDermott said that the Chinese had managed to “redefine” the modern battlefield. “Their system used its petabytes of data to determine how to make a psychological or kinetic impact. But unlike ‘traditional’ espionage, it was spearheaded by an AI algorithm, only supported by human refinement as necessary. The algorithms continuously updated DoD organizational charts, which changed daily based on unit deployments or crew rotations.”
Can it Happen Again?
Rep. Sandra Marlin (D-NJ) represented the general mood in the room when she asked if McDermott had any good news. “Beyond the fact the world avoided a nuclear holocaust between superpowers? No. Today the Chinese flag flies above Taiwan after a conflict that claimed hundreds of thousands of casualties in a remarkably short period. It’s an outcome that deliberately avoided facing us on the battlefield.”
In his closing statement, McDermott did not mince words. “Within the DoD we must modernize information awareness and counterintelligence programs,” he said, in reference to the annual computer-based training requirements that were widely mocked when details of them were shared earlier this year. “We must educate all employees—and their families—about the value of their own personal data. I’ve also directed the creation of a robust crisis team and response plan to assist those impacted by adversarial attacks or threats.”
“Quite simply, we have to do much, much better.”
McDermott also stressed the need to work with partners around the world, saying that until “global norms on ethical conduct” related artificial intelligence are reached like those surrounding chemical, biological, and nuclear warfare, countering actions like those of the Chinese will remain difficult.
“The United States’ main vulnerabilities last November were the democratic ideals of our society, combined with the instant and constant interconnectedness of our wired culture. We cannot retreat from our democratic ideals, so we have no choice but to better manage our wired culture to protect our military advantages.”
McDermott is scheduled for a follow-up classified session of testimony in the next several days.
Postscript: A Cautionary Tale
This speculative fiction piece was inspired by several recent futurist fiction works, like Peter W. Singer and August Cole’s Ghost Fleet: A Novel of the Next World War and Jeffrey Lewis’s The 2020 Commission Report on the North Korean Nuclear Attacks Against the United States.
For most of the past few years, national-security and tech experts have debated the integration of AI, machine learning, and “big data” into the previous generation’s methods of waging war, wondering about the battlefield applications of these powerful technologies. The opportunity already exists for a peer adversary of the United States to exploit our freedoms and surveillance capitalism.
For decades, China has made a slow but effective march toward establishing itself as both a military and economic superpower, with many around the world hoping that the effects of globalization would soften the Chinese Communist Party’s hard lines on individual freedoms and provide an opening for democracy. But as author Michael Pillsbury illustrates in his book The 100 Year Marathon, the exact opposite has happened; the internet and technology have allowed China to tighten governmental control over the Chinese people, including those studying and working abroad, as well as in disputed territories in the region. It is not far-fetched to believe that China might use new technological tools like manipulative AI to enhance this control, and also to further Chinese strategic aims like supplanting US influence. John Lanchester recently captured this reality, describing the Chinese Communist Party’s official plans in sobering detail.
But it is not just a Chinese Communist Party problem. It is clear bad actors who would maliciously use new technologies reside in many nations. The Department of Defense and its industry partners must move quickly to predict, project, develop, and harness these powerful emerging technologies, and realize that our openness and connectedness have created vulnerabilities that have only recently emerged.
Lt. Cmdr. Jared Wilhelm is a US Navy Foreign Area Officer currently stationed in Europe. He is a former Navy P-3C Orion instructor pilot and MQ-4C unmanned aerial system operator. He was a 2014 Olmsted Scholar, is a member of the Military Writers Guild, and holds degrees from the US Naval Academy, US Naval Postgraduate School, and the US Naval War College. This article was published as part of the Defense Entrepreneurs Forum’s Project Gutenberg.
The views expressed are those of the author and do not reflect the official position of the United States Military Academy, Department of the Army, Department of the Navy, or Department of Defense.
The fun thing about speculative pieces like this is you can pick your ending in advance, and engineer the storyline to make it happen. Here, of course, the point is that we aren't sinking enough effort into defending ourselves against AI agents attacking across computer networks, rendering ourselves helpless against bad actors employing these capabilities. What's lost in the message is that there's more new than just hostile AI identifying you through what groceries your refrigerator ordered and hacking your coffeepot. Embedded in the story are new tactics outside our experience, and some contrary to commonly-observed rules of warfare, such as physical and psychological attacks against non-combatants and civilian infrastructure prior to the onset of hostilities. Note, too, that for the most part, these were attacks that were better enabled through use of AI, but not impossible without it. So even before the AI aspects, we need to train people to think about their vulnerabilities, both institutionally and individually, and how they can mitigate them. Since so much data is available, and keeping it all concealed has proven impossible, we need to develop countermeasures assuming adversary AI has these data, and design processes and training accordingly. Ultimately, success also required physical aircraft, ships, and troops to cross a physical body of water and carry objectives by force of arms…so we need to return to training people to operate with degraded communications, sensors, data processing, and the like, so we're not looking at only 500 critical nodes across the millions in the DoD.
This story is very believable considering the amount of products Made in China. Even CCTV cameras Made in China are getting marked by the DoD and replaced for fear of Chinese internet spying tapping into the circuits of these cameras.
In the Chinese doctrine of "All-out war," almost anything Made in China could be sabotaged and exported, and the USA would be a target for almost any form of warfare. Americans will be used as pawns for terror tactics. What this story highlights are those methods of terrorism and targeting the general American populace to induce fear, so I do believe this story is generally accurate. After all, China is building Supercomputers that are powerful, faster, better, and have more capability than current U.S. sites, in addition to exploring Quantum Computing to endorse AI for warfare.
What isn't mentioned is the U.S. cyber counterattack and response, nor taking any American Expats hostage in China or its surrounding waters. North Korea might join in, smelling war, and assume a profitable stance to gain some political and military influence. Russia might provide some EW/cyber/ECM weapons as testing and experiments. The resources and vast skills and population of China waging cyberwarfare is a direct National Security Threat to the West.
Anti-satellite weapons launches, Chinese SSN and SSBN patrols, and closing the surrounding South China Sea using the Spratly Islands with PLAAF and PLAN patrols would create a security A2AD "territory buffer" that the West might not easily dislodge. Diversionary conflicts in Chinese-occupied African outposts might send the U.S. Forces in the other direction. Such an invasion of Taiwan could well initiate World War Three. A.I. is only the tip of the iceberg of a much larger global conflict. The U.S. would be forced to replace wires, computers, grids, infrastructure, Supercomputers, and hardware to get rid of any electronic bugs similar to the Snowden incident. This would require vast resources, funding, Rare Earths, spare parts, manpower, time, plans, and management.
Only a cyber Mutual Assured Destruction (MAD) plan might prevent "All out cyber war," but in doing so could ratchet up the tensions even further.
Great writing, excellent storyline. Will read Ghost Fleet in January. This is an excellent primer.
At the end of the article you wrote: "But it is not just a Chinese Communist Party problem. It is clear bad actors who would maliciously use new technologies reside in many nations." The sentence actually should have read: "But it is not just a Chinese Communist Party problem. It is clear bad actors who would maliciously use new technologies reside in many nations, including the United States."