[Senate Hearing 116-564]
[From the U.S. Government Publishing Office]







                                                        S. Hrg. 116-564

                  CHINA: CHALLENGES FOR U.S. COMMERCE

=======================================================================

                                HEARING

                               before the

                        SUBCOMMITTEE ON SECURITY

                                 of the

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             MARCH 7, 2019

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




                Available online: http://www.govinfo.gov 
                
                             _________
                              
                 U.S. GOVERNMENT PUBLISHING OFFICE
                 
52-567 PDF               WASHINGTON : 2023
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                  ROGER WICKER, Mississippi, Chairman
JOHN THUNE, South Dakota             MARIA CANTWELL, Washington, 
ROY BLUNT, Missouri                      Ranking
TED CRUZ, Texas                      AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska                RICHARD BLUMENTHAL, Connecticut
JERRY MORAN, Kansas                  BRIAN SCHATZ, Hawaii
DAN SULLIVAN, Alaska                 EDWARD MARKEY, Massachusetts
CORY GARDNER, Colorado               TOM UDALL, New Mexico
MARSHA BLACKBURN, Tennessee          GARY PETERS, Michigan
SHELLEY MOORE CAPITO, West Virginia  TAMMY BALDWIN, Wisconsin
MIKE LEE, Utah                       TAMMY DUCKWORTH, Illinois
RON JOHNSON, Wisconsin               JON TESTER, Montana
TODD YOUNG, Indiana                  KYRSTEN SINEMA, Arizona
RICK SCOTT, Florida                  JACKY ROSEN, Nevada
                       John Keast, Staff Director
                  Crystal Tully, Deputy Staff Director
                      Steven Wall, General Counsel
                 Kim Lipsky, Democratic Staff Director
              Chris Day, Democratic Deputy Staff Director
                      Renae Black, Senior Counsel
                                 ------                                

                        SUBCOMMITTEE ON SECURITY

DAN SULLIVAN, Alaska, Chairman       EDWARD MARKEY, Massachusetts, 
ROY BLUNT, Missouri                      Ranking
TED CRUZ, Texas,                     AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska                RICHARD BLUMENTHAL, Connecticut
MARSHA BLACKBURN, Tennessee          BRIAN SCHATZ, Hawaii
MIKE LEE, Utah                       TOM UDALL, New Mexico
RON JOHNSON, Wisconsin               TAMMY DUCKWORTH, Illinois
TODD YOUNG, Indiana                  KYRSTEN SINEMA, Arizona
RICK SCOTT, Florida                  JACKY ROSEN, Nevada  


























                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on March 7, 2019....................................     1
Statement of Senator Sullivan....................................     1
    Article from the Wall Street Journal dated January 7, 2019 
      entitled ``WSJ Investigation: China Offered to Bail Out 
      Troubled Malaysian Fund in Return for Deals--The Secret 
      discussions show how China uses its political and financial 
      clout to bolster its position overseas'' by Tom Wright and 
      Bradley Hope...............................................    48
Statement of Senator Markey......................................     3
Statement of Senator Wicker......................................    29
Statement of Senator Fischer.....................................    34
Statement of Senator Blackburn...................................    36
Statement of Senator Klobuchar...................................    37
Statement of Senator Blunt.......................................    39
Statement of Senator Rosen.......................................    43
Statement of Senator Blumenthal..................................    57

                               Witnesses

Daniel H. Rosen, Partner, Rhodium Group..........................     5
    Prepared statement...........................................     7
Josh Kallmer, Executive Vice President of Policy, Information 
  Technology Industry Council (ITI)..............................    10
    Prepared statement...........................................    12
Samm Sacks, Cybersecurity Policy and China Digital Economy 
  Fellow, New America............................................    17
    Prepared statement...........................................    18
Hon. Eric Rosenbach, Co-Director, Belfer Center for Science and 
  International Affairs, Harvard Kennedy School, Former DoD Chief 
  of Staff; former Assistant Secretary of Defense for Homeland 
  Defense and Global Security....................................    23
    Prepared statement...........................................    25

                                Appendix

Letter dated March 6, 2019 to Hon. Dan Sullivan from Erik Robert 
  Olson, Vice President, Rail Security Alliance..................    63
Response to written question submitted to Daniel H. Rosen by:
    Hon. Marsha Blackburn........................................   114
Response to written questions to Josh Kallmer submitted by:
    Hon. Todd Young..............................................   115
Response to written question submitted to Samm Sacks by:
    Hon. Marsha Blackburn........................................   115
    Hon. Todd Young..............................................   116
Response to written questions submitted to Hon. Eric Rosenbach 
  by:
    Hon. Marsha Blackburn........................................   117
    Hon. Todd Young..............................................   117

 
                  CHINA: CHALLENGES FOR U.S. COMMERCE

                              ----------                              


                        THURSDAY, MARCH 7, 2019

                               U.S. Senate,
                          Subcommittee on Security,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10:02 a.m. in 
room SD-562, Dirksen Senate Office Building, Hon. Dan Sullivan, 
Chairman of the Subcommittee, presiding.
    Present: Senators Sullivan [presiding], Markey, Blunt, 
Fischer, Blackburn, Wicker, Klobuchar, Blumenthal, and Rosen.

            OPENING STATEMENT OF HON. DAN SULLIVAN, 
                    U.S. SENATOR FROM ALASKA

    Senator Sullivan. Good morning. The Subcommittee on 
Economics and Security of the Commerce Committee will now come 
to order.
    This is our inaugural meeting of the newly created 
Subcommittee on Economics and Security, and I want to commend 
Chairman Wicker on his leadership in creating this subcommittee 
to provide a venue in Congress to focus on the nexus between 
commerce, economic issues, and security, and his constant focus 
to bolster national security and the economic competitiveness 
of the United States.
    I'm very honored to be named as the Subcommittee Chair and 
I am excited to be serving with my good friend, Senator Markey, 
as the Subcommittee's Ranking Member.
    Senator Markey has a long and accomplished career and 
history of public service, including his work in the House on 
homeland security, to close gaps in our Nation's defenses, and 
I look forward to working with you, Senator Markey, and the 
members of this Subcommittee on these important issues.
    Be forewarned, we will be a very active subcommittee. There 
is a lot of territory and ground to cover and the Ranking 
Member and I have already had a number of good discussions on 
where we want to begin.
    So where are we beginning? Well, there's no more relevant 
issue today in terms of the effect on our economy and our 
security than the strategic challenge posed by the rise of 
China and its subsequent retrenchment into authoritarianism and 
rejection of international norms and standards, which in many 
ways has helped so much with their own rise and lifting 
millions and millions of their citizens out of poverty.
    The stakes are high. China is now the largest U.S. 
merchandise trading partner, biggest source of imports, and 
largest destination market for U.S. exports, outside of North 
America.
    The bilateral relationship supports approximately one 
million jobs in the United States. Even in places like my great 
state, the great state of Alaska, China has quickly eclipsed 
other long-established trading partners to become our largest 
trading partner.
    China remains a critical market for American companies and 
our economic and commercial ties have long been the 
underpinning of the relationship between our two nations. If 
steps are not taken by China and soon to address some of the 
concerns we are going to raise today, this relationship could 
be needlessly at risk.
    While it has been suggested during the Trump 
Administration's ongoing trade discussions with the Chinese 
that they are receptive to offsetting the trade imbalance by 
increasing purchases of American goods, like farm products or 
LNG, it is imperative that the Chinese also commit to 
structural changes in their economy.
    Those changes would include the curbing of industrial 
subsidies, state-owned enterprises, the bolstering of 
intellectual property protection, and an end to forced 
technology transfers, which the Chinese deny they do but we all 
know they do do. Also, the issue of officially sanctioned 
corruption globally is another issue that they need to address.
    Additionally, when the United States supported China's 
entry into the World Trade Organization in late 2001, the 
expectations were that China would lower its trade barriers and 
follow WTO trade practices, including respecting intellectual 
property rights, promoting basic safety standards for exports, 
and not subjecting imports to illegal non-tariff barriers. 
China has not kept these commitments.
    I saw this up close many, many years ago when I was a 
staffer on the National Security Council staff working for 
Condoleeza Rice and President George W. Bush. In a meeting I 
attended in the Oval Office in 2003, then Vice Premier Madam Wu 
Yi told the President of the United States that it was in 
China's interest to address the intellectual property theft 
that often occurs between our two countries and she would 
personally take steps to make sure this happened. That meeting 
was over 16 years ago and the IPR theft problem between the 
United States and China is actually worse.
    President Obama also tried to stem these blatantly unfair 
trade practices but Beijing has not honored the ``common 
understanding'' reached between President Obama and Xi Jinping 
on curbing cyber hacking of government and corporate data for 
economic gain.
    The U.S. Trade Representative estimates that Chinese theft 
of American intellectual property costs the U.S. economy as 
much as $600 billion per year, not to mention thousands of 
American jobs.
    From foreign equity restrictions with joint venture 
requirements to intellectual property theft, China is pursuing 
its narrow economic interests in ways that contradict and 
undermine the global trading system, practices and a system 
that has fostered decades of global growth and stability and 
allowed China its own strong economic rise.
    The Trump Administration should be commended for its 
reorientation of the U.S.-China relationship under its current 
trade negotiations. The United States must insist that the 
bilateral trade relationship with China be defined by something 
understood by every American citizen: reciprocity and fairness, 
reciprocity and fairness.
    For too long, the U.S. has accepted unfulfilled Chinese 
promises of greater market access even as we open our economy 
to Chinese companies. A demand for fairness and reciprocity 
should not undermine China's success as market principles would 
work toward long-term stabilization and state-directed economic 
growth can produce massive over-capacity and mountains of debt.
    To put it bluntly, the United States is suffering from a 
decades-long promise fatigue with China. We get commitments 
from China, they make promises, and then they don't keep them. 
In order to move forward, great countries need to keep their 
words.
    It is my hope that this hearing will inform us on some of 
the challenges to U.S. commerce and our current relationship 
with China as it relates to China's harmful practices stemming 
from industrial policy, intellectual property theft, forced 
technology transfer, cyber espionage, and many other practices.
    With that, I want to thank all of our witnesses for being 
here today, and I now recognize the Ranking Member for any 
opening statement that he may have.
    Senator Markey.

               STATEMENT OF HON. EDWARD MARKEY, 
                U.S. SENATOR FROM MASSACHUSETTS

    Senator Markey. Thank you, Mr. Chairman, very much, and 
thank you for your role in helping to create this very 
important subcommittee, the Security Subcommittee.
    I think that it's time for us to have this special focus 
and I thank you for your leadership on this issue and I'm 
looking forward to partnering with you----
    Senator Sullivan. Me, too.
    Senator Markey.--and I, like you, want to thank Senator 
Wicker and Senator Cantwell for their conversations in creating 
this subcommittee. I think it gives us a focus that is going to 
be very important on issues that loom large in the 21st Century 
but need this specific attention because for over a century, 
America has enjoyed the largest, most dynamic economy in the 
world, consistently dominating global markets and leading the 
world economic order.
    Our unrivaled economic production and innovation economy 
has made us the most prosperous nation on earth. The economic 
dominance has also enabled the United States to be the world's 
lone remaining super power. It helped us build and lead a 
rules-based international order that creates a level playing 
field for all and broadly encourages countries to aspire to 
America's ideals of democracy and individual liberties.
    Regrettably, there are unprecedented challenges to our 
commercial might and to this rules-based international order, 
as Senator Sullivan and I are going to be focusing upon those 
issues.
    Through a series of coordinated and concerted actions, 
China has launched a comprehensive and well-executed plan to 
dominate key high-tech industries, like 5G, telecommunications 
networks, artificial intelligence, and advanced manufacturing.
    China's goal is to dominate these high-tech fields within 
the next 30 years so that they may gain a massive economic, 
military, and intelligence edge for decades to come, and here 
is the Chinese game plan.
    One, direct subsidies, hundreds of billions of dollars of 
direct subsidies, low-interest loans, and tax breaks to Chinese 
industries, two, foreign investments and acquisitions, 
investing and acquiring foreign companies to gain access to 
advanced technologies, and three, forced transfer agreements 
forcing foreign companies wishing to invest or conduct business 
in China to share intellectual property and technology secrets 
with the Chinese Government.
    These efforts pose a threat to our country's economic 
welfare and our national security.
    In 2018, U.S. intelligence agencies stated that the 
Pentagon is facing an unprecedented threat to its technological 
and industrial base as a result of Chinese recruitment of 
foreign scientists, intellectual property theft, and targeted 
acquisitions of American companies.
    The Office of U.S. Trade Representative recently issued a 
report highlighting China's unfair trade practices, noting not 
only the country's opaque regulatory system but also its poor 
record of adhering to its transparency obligations as a World 
Trade Organization member.
    If we are to retain our role as a global leader committed 
to international norms, we have to confront this challenge head 
on and that's why I am so excited to explore what policy tools 
are at our disposal to combat these threats. Tools such as 
leveraging the World Trade Organization to challenge unfair 
Chinese industrial policies, restricting Chinese firms' ability 
to conduct business in the United States if they pose a threat 
to commerce and security, applying tailored trade restrictions 
to protect domestic industries threatened by unfair Chinese 
trade practices.
    But to be clear, tariffs and tweets alone are not 
sufficient to address these threats to commerce nor is any 
bilateral deal that does not address the underlying structural 
problems in our economic relationship. We must be willing to 
make the domestic investments needed to ensure our workers, our 
manufacturers, and our innovators have the tools and resources 
they need to compete in this globalized economy.
    Closing the trillion dollar backlog in infrastructure 
investments, investing in education and human capital 
development, building an intellectual bridge that transitions 
the workforce to the 21st Century economy and providing robust 
funding for science and research and development programs to 
help ensure America remains the world's preeminent innovation 
incubator.
    So I'm excited to learn more from this all-star group of 
witnesses which have assembled here today, Mr. Chairman, and I 
thank you for holding this hearing. This is an incredible kick-
off to a new era in this committee's history, but I think it's 
much needed, and again I congratulate you on this first day.
    Senator Sullivan. Great. Thank you, Senator Markey, and as 
hopefully you can see, this is going to be a very strong 
bipartisan endeavor. I think this is an area on so many of 
these issues where there is a lot of bipartisan interest and 
bipartisan support. So we're excited about that.
    Well, I want to welcome our witnesses and some of whom I've 
had the opportunity to work with previously. Let me begin from 
left to right.
    We have Mr. Daniel Rosen, who is a Partner at the Rhodium 
Group; Mr. Jonathan Kallmer, Executive Vice President of Policy 
Information Technology of the Information Technology Industry 
Council; Ms. Samm Sacks, Cybersecurity Policy Fellow and China 
Digital Economy Fellow, New America; and the Honorable Eric 
Rosenbach, Co-Director, Belfer Center for Science and 
International Affairs, at Harvard Kennedy School or, as Senator 
Markey would say, Hahvid Kennedy School.
    Mr. Rosen,----
    Senator Markey. By the way, that's coming from a Harvard 
graduate.
    [Laughter.]
    Senator Sullivan. That's where I learned this.
    Mr. Rosen, you have five minutes to deliver an oral 
statement. A longer written statement will be included in the 
record. The floor is yours.

            STATEMENT OF DANIEL H. ROSEN, PARTNER, 
                         RHODIUM GROUP

    Mr. Rosen. Thank you, Chairman Sullivan, Ranking Member 
Markey, and Members of the Subcommittee. I appreciate the 
opportunity to offer my views.
    I approach the question based on 26 years evaluating 
China's economy, the prospects for U.S.-China relations, and 
the interests of American firms since starting my career after 
finishing the MSF Program at Georgetown with somebody else in 
the room in 1992.
    I'll offer a high-level picture of China's economic 
practices leading to the present concerns we're talking about 
and I can elaborate all that in the discussion.
    After starting reform and opening in 1978, China generally 
converged with the liberal economic practices champion by the 
United States, not due to pressure but because market economics 
simply worked better. This was in the U.S. strategic and 
commercial interests.
    More recently, this convergence has slowed and in some 
cases reversed and given China's size and global footprint, 
that is a challenge for U.S. welfare and for other market 
economies, regardless of why it's happening.
    While the right American policy response to these trends is 
not yet clear, there is now a consensus that status quo 
approaches must evolve. Not all challenges to the United States 
are maligned and the United States should in principle welcome 
those that accompany the betterment of one-fifth of humanity.
    Our concern arises therefore not from competition per se 
but from the implications if a $13 trillion China today uses 
non-market solutions to its problems and because China is 
around the world now as a trader, investor, and development 
financier, the non-market choices it makes at home will affect 
conditions globally.
    American engagement never rested on China becoming a market 
economy overnight but on China endeavoring to liberalize for 
its own reasons and Beijing did do that after 1978.
    Concern today is not that China never tried to converge 
with our way of doing things but that their progress has 
stalled. From 2012 to 2018, the Xi era, Beijing attempted to 
deleverage its interbank credit markets twice, open the equity 
markets, empower independent boards of directors at state 
enterprises, achieve currency internationalization, and open 
the capital account. All of these economic reform moves led to 
many crises and were reversed.
    The shadow over U.S.-China economic engagement therefore 
comes not because China refused to reform but because it 
couldn't manage to do so.
    China's non-convergence with market approaches has 
consequences for others. We depend for our vitality on things 
that China's current policy choices will disrupt. I mentioned 
three: the financial system, rules-based pro-competitive 
regimes, and the sanctity of private intellectual property 
rights protection.
    Nations that do not share the same fealty to these elements 
simply cannot be as engaged or interoperable with us as nations 
that do. This is a simple reality.
    First, while Chinese authorities say they can be neutral in 
regulating capital access for state and non-state firms alike, 
the reality is that separate but equal is inherently unequal in 
Chinese capital markets today.
    This insulates many Chinese firms from the diligence 
demanded of their private foreign competitors, giving them an 
advantage. Local government fiscal outlays and national and 
sub-national subsidies, as the Ranking Member noted, also 
distort conditions profoundly.
    Second, for market systems, even-handed Rule of Law is 
essential, including competition policy. China today is trying 
to mix political guidance with commercial logic in ways that 
simply distort markets.
    I can point to the Rhodium Group ASPI China Dashboard 
showing that foreign firms seeking merger review in China are 
six times more likely to get hauled in for review than purely 
Chinese parties trying to do a tie-up.
    Third, and the rest of the panel is going to deal with this 
extensively, innovation drives modern economies, especially 
higher-income levels, and China's previous promises in the 2003 
era and also more recently to marketize innovation have not 
matched up with action.
    It's hard to project what the total costs of China choosing 
to pursue non-market models are will be for the United States, 
let alone to try to predict the costs for things that are hard 
to quantify, like our national security and our resilience.
    I can talk to you more about the efforts we make as 
economists to try to do a better job evaluating that, but I 
want to just finish in 10 seconds and maybe 30 more if I can 
weigh on the schedule to point to three principles that I'm 
going to suggest for how we respond rather than absolutely 
specific policies. I think principle at this point is most 
important.
    First of all, our responses for now should be provisional. 
They should be reversible, depending on whether China takes 
note of the dangers of its non-market policies right now and 
reverts back to a market course.
    Second, our responses should be selective. Where there are 
national security risks or risks to our system, we must address 
them, but, by and large, the United States can still say yes to 
most Chinese manufacturing and direct investment in the United 
States without having to forego the benefits of that 
interaction in the name of our security.
    And third, even to the extent we do disengage with China to 
some extent, should we reach that conclusion, there's a way in 
which we can do that peacefully with peaceful disengagement 
being the keyword. That is to say, without malice, with the 
hope that China finds its way back to the kinds of liberal 
ideas, small ``l,'' that have worked so well in the advanced 
economies over the past century.
    A final point I'll make, of course, is that openness is the 
wellspring of our national security and we must never forget 
that. Our dynamism, our exposure to ideas and practices around 
the world ultimately make us stronger, and there will be a 
large cost to us economically and otherwise to the extent we 
need to close doors and so we need to be very mindful about how 
we do that.
    Thank you very much, and I look forward to the 
conversation.
    [The prepared statement of Mr. Rosen follows:]

     Prepared Statement of Daniel H. Rosen, Partner, Rhodium Group
    Chairman Sullivan, Ranking Member Markey and Members of the 
Subcommittee, I appreciate the opportunity to offer my views at this 
hearing on challenges for U.S. commerce presented by China's 
marketplace practices. I approach this question based on 26 years of 
professional work evaluating the nature of China's economy, the 
prospects for US-China economic relations, and the interests of 
American firms pursuing commercial opportunities. Following eight years 
in the think tank sector and time in government, I established what is 
today Rhodium Group--a private research partnership--to conduct this 
analysis, where 16 researchers are presently involved in the effort.
    Today I wish to offer a high-level picture of the arc of China's 
economic practices and priorities leading up to the present concerns. 
Each of the broad characterizations I offer is underpinned by a body of 
research which I would be pleased to elaborate in discussion, or in 
follow-up with you or your staff.
Background
    After the start of its self-described ``reform and opening'' era in 
1978, China generally converged--though with fits, starts and 
exceptions--with the liberal economic approaches championed by the 
United States. It did so not due to foreign pressure, but because 
market economics was more productive. Support for this evolution was in 
the United States' strategic and commercial interest. In recent years, 
however, this convergence has slowed and in some areas reversed. With 
its size and global footprint, a China pursuing a non-market oriented 
path--regardless of motive--will be a concern for U.S. economic 
welfare, and for other market economies. While the right American 
policy response to these trends is not yet clear, there is a consensus 
that status-quo approaches must evolve.
Structural Divergence
    As China recovered from a state of epic impoverishment in 1978 to a 
normal level of development, it was bound to present a trial to the 
United States and the world. Since Nixon went to China the Nation's 
population has risen by 60 percent to 1.4 billion, and per capita 
incomes rose 75-fold in nominal terms: accommodating the demand and 
supply consequences of that was naturally a challenge. Not all 
challenges are malign, and the United States should welcome those that 
accompany the betterment of one-fifth of humanity, and the related 
commercial competition that was bound to bring. The real concern arises 
not from competition per se, but from the implications if a $13 
trillion China decides to revert to non-market solutions to managing 
its economy. And because China now seeks to project economic presence 
around the world as a trader, financial investor, commercial director 
investor and development finance purveyor, the non-market incentives 
China uses to shape its economy at home will spill over and affect 
economic conditions around the world.
    The American bet on engagement with China never rested on China 
becoming a market economy overnight, but on evidence that China 
believed its interests were served by marketization in the long-term, 
and, thus, that with patience (and transitional mechanisms) we would 
naturally converge. This depended on China endeavoring to liberalize 
its economy, not on pressure from American trade negotiators. Two 
hundred years of American foreign policy experience had taught that 
only China would change China. Twenty years of observation from the 
start of rapprochement to Deng Xiaoping's recommitment to market reform 
in 1992 made clear that China, and the Communist Party, was serious 
about change.
    Concern for U.S. economic interests today stems from indications 
that China's drive to converge with the liberal international economic 
order has stalled. Xi Jinping began his tenure with a broad economic 
reform plan--the Sixty Decisions--and he endorsed a series of reform 
initiatives in his first term. From 2012 to 2018 Beijing attempted to 
deleverage the interbank credit markets (twice), open the equity 
markets, empower independent boards of directors at state enterprises, 
achieve currency internationalization, and open the capital account. 
All of these economic reform moves led to mini-crises and were reversed 
(arguably the second credit deleveraging is still underway). The shadow 
over US-China economic engagement comes not so much because China 
refused to reform but because it couldn't manage it.
    Regardless of etiology, China's non-convergence with market 
approaches to resource allocation and regulating competition (see 
Figure 1) has consequences for others, including the United States. We 
depend for our vitality on structural conditions that China's current 
policy choices will disrupt. There are myriad pieces of a liberal 
market foundation, but three that are paramount are the financial 
system, rules-based pro-competitive regimes, and the sanctity of 
private intellectual property protection. Nations that do not share the 
same fealty to these elements cannot be as engaged or interoperable as 
nations that do.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    First, China's financial system serves the interests of borrowing 
firms with favored access to credit more than consumers or savers. 
While Chinese authorities assert that they can be neutral in regulating 
capital market access for state and non-state firms alike, the reality 
so far is that this separate but equal approach is inherently unequal. 
The mushrooming volume and cost of capital have insulated many Chinese 
firms from the same diligence demanded of their private foreign 
competitors, giving them an advantage. This is true even when Chinese 
rates for credit are higher than foreign rates, as debt service ratios 
don't matter if new money to pay off old loans is always made 
available. In addition to capital market conditions, local government 
fiscal outlays and abundant national and sub-national subsidies also 
distort capital allocation conditions.
    Second, for a market-oriented system to function, even-handed rule 
of law is essential. For commercial interests competition policy is a 
crucial aspect of this. China is today mixing political guidance with 
commercial considerations in corporate governance, in ways prone to 
change market outcomes at home and abroad. The Rhodium Group-Asia 
Society China Dashboard shows, for instance, that foreign firms 
pursuing a merger in China are about five times as likely to face 
Chinese government review than solely Chinese merger are. Asymmetries 
in trade and investment market access for foreign firms in China 
relative to Chinese firms abroad are an important part of uneven legal 
conditions. This distorts market outcomes and generally serves the 
interests of firms in China at the expense of Chinese consumers and 
foreign producers including those from the United States. China is not 
the only nation with border barriers to commerce higher than those 
maintained by the United States, and American consumers benefit from 
imports regardless of trade barrier differences. But at China's scale 
and weight in marginal global growth these distortions, like financial 
subsidies, can quickly put firms in other nations out of business, and 
thus present predatory outcomes or otherwise harm efficiency. China's 
international initiatives including the Belt and Road program are 
extending the consequences of the Chinese model worldwide.
    Third, innovation drives modern economies, especially at higher 
income levels. In their 2013 reform program, China's leaders pledged to 
improve the innovation environment in China through greater emphasis on 
market forces. They called for ``market-based technology innovation 
mechanisms'' and said ``the market is to play a key part in determining 
innovation programs and allocation of funds and assessing results, and 
administrative dominance is to be abolished.'' But eighteen months 
later Made in China 2025 was launched, a 10-year strategic plan for 
achieving new levels of innovation in emerging sectors. The plan 
emphasized central planning, setting performance targets for domestic 
content and domestic control of intellectual property in critical 
industries. A related implementation plan set benchmarks for global 
market share for Chinese firms. This industrial policy approach to 
innovation, infused with hundreds of billions of dollars in support, 
will distort conditions in the innovation ecosystems of other nations, 
including the United States, and precipitated the aggressive 2018 U.S. 
Section 301 Investigation, which concluded that China's technology push 
was unreasonable, discriminatory and a burden on U.S. commerce.
Impacts and Options
    It is impossible to confidently project the economic cost of China 
choosing to pursue a non-market model for the United States or U.S. 
manufacturing, let alone for qualitative variables such as national 
security or resilience. This is turn impedes cost-benefit assessment of 
policy options for our response. Do tariffs work? In some ways, but by 
depriving us of cost-efficient intermediate inputs they also diminish 
our export competitiveness. What is the price of disengagement? It 
depends on how much erosion in the value of American intellectual 
property if we do not respond to technology policies abroad, not on a 
steady-state projection of U.S. conditions. And meanwhile, if China 
continues to put political guidance above efficiency in the economy a 
financial crisis is almost inevitable, changing our China concerns from 
those associated with a strengthening competitor to those wrapped up in 
a flailing one.
    The concerning features of the Chinese system described above would 
be present and require our attention even if China were staying the 
course on reform. If that were the case, the questions would be what 
degree of statism would China keep, what would it slough off, and how 
long would it take. Most nations, including the United States, employ 
some state involvement in the economy, including in the allocation of 
finance (Fannie Mae), tipping the competitive playing field in some 
industries (electric power--Tennessee Valley Authority) and promoting 
innovation (Sematech). The question of degree and ground rules--whether 
there is an overarching commitment to the primacy of market and 
consumer orientation--is key. And the mix is not eternal, as present 
debates over the role of industrial policy in the United States and 
other advanced economies shows. But if instead of convergence with 
advanced economy norms where the state plays a limited economic role 
Beijing claims to have an alternative, state-guided model that requires 
other nations to accommodate its non-market preferences, then past 
assumptions about the course of engagement with China will be outdated. 
China has the sovereign right to choose the system it thinks best for 
itself, but to draw on an old saying, its freedom to swing its fist 
stops where our nose begins.
What to Do: Provisional, Partial, Peaceful
    We are at the beginning of a national conversation--better still, 
an international conversation among like-minded liberal colleagues--
about policy responses to new directions in China's evolution, not at 
the end. There are not yet refined answers. However principles to guide 
policy thinking are emerging.
    First, our responses should be provisional. Unless everything we 
think we know about the relative efficiency and dynamism of free 
markets over state-controlled markets is wrong, the present Chinese 
policy turn will be a dead-end, and we will see either a diminishing 
threat or a reversion to market orientation in the future. Indeed, one 
can argue that China is already showing signs of an economic stall. 
Anticipating this, American policy should be built for adaptability. 
Any disengagement we pursue should be reversible, and our ability to 
reengage should be protected.
    Second, our response should be partial and selective, whether in 
the short-term or the long-term. Where there are national security 
risks from commerce, or interaction threatens to disrupt the healthy 
functioning of our market ecosystem, we must be prepared to stand 
apart; but in much of our economic exchange these concerns are not 
present or can be mitigated. The United States can say yes to Chinese 
manufactured goods and direct investment most of the time. Blocking 
these flows would be gratuitous and serve no strategic purpose. Rather 
than plan only for all or nothing scenarios, we should build a sliding 
scale of engagement that fits with the likely mixed-bag that China will 
present--a nation somewhere in the middle between advanced economy 
norms and statism.
    A third normative principle is for our stance on commercial 
interaction with China, even if emphasizing disengagement, to be 
peaceful, not just on liberal moral grounds, but for realpolitik 
reasons. Putting politics above economic efficiency will not work in 
China today, just as it failed to work in the past. When a reckoning 
occurs, the Chinese people will either blame bad ideas at home or 
hostile foreign forces abroad. It is the American interest that they 
correctly make the domestic diagnosis, and that when the time comes to 
engage in convergence again there is a foundation of goodwill between 
us not a sour recollection of bellicosity. If China chooses to pursue a 
non-market solution to its problems we can be self-protective and 
counsel caution to others, while at the same time avoiding malice.
Concluding Thought: Danger of Overprotection
    Openness is a wellspring of American national security. In 
responding to concerns about China it is imperative that we preserve 
that asset as much as possible. Our welfare will take a hit from 
sliding our engagement scale in the direction of caution, at least in 
the short-term. Our ability to offset that cost is uncertain. We will 
need to enact domestic policies to replace inputs from China, adjust 
our trade to embrace replacement imports from other nations, and write-
off many investments made in the past. There are real centers of 
innovation leadership in China too, and disengagement will deprive us 
of those. The quicker and more extensively we choose to part ways with 
China in areas of high-tech concern, the more urgently we need to 
return to responsible leadership of the advanced economy caucus. 
Economic protectionism has often been disguised as national security 
through history, and when firms reduce competition with fear-mongering 
our security is diminished. As we consider strategies to mitigate 
consequences of China's economy for our interests, we must take care to 
do no harm to what makes us strong in the first place.

    Senator Sullivan. Thank you, Mr. Rosen.
    Mr. Kallmer.

                   STATEMENT OF JOSH KALLMER,

              EXECUTIVE VICE PRESIDENT OF POLICY,

         INFORMATION TECHNOLOGY INDUSTRY COUNCIL (ITI)

    Mr. Kallmer. Chairman Sullivan, Ranking Member Markey, 
Members of the Subcommittee, thank you for inviting me to 
discuss this critically important topic.
    My name is Josh Kallmer, and I'm the Executive Vice 
President for Policy at the Information Technology Industry 
Council or ITI.
    ITI is a collection of 64 of the world's most innovative 
companies, representing the entire spectrum of the technology 
sector. Every one of our companies operates globally with the 
vast majority doing business in China.
    We have a keen interest in this subject and we commend the 
Administration in working to close the deal with China that 
could address many of the challenges of doing business there.
    I also have a personal perspective on this matter. Several 
years ago, I served as Deputy Assistant U.S. Trade 
Representative for Investment, where I was responsible for 
negotiating treaties to secure additional market access for 
U.S. companies and for representing USTR on the Committee on 
Foreign Investment in the United States or CFIUS and that was 
the context in which I had the privilege to work with you, Mr. 
Chairman.
    As you can imagine, China was a frequent topic of my work. 
Let me say at the outset that our organization and the 
companies we represent recognize and respect the national 
security considerations at play here. The U.S. Government has 
no more solemn and important responsibility than to protect the 
Nation's security and we're committed to working with Congress, 
the executive branch, and the entire stakeholder community to 
address these challenges consistent with that imperative.
    So I'd like to make three broad points today. The first is 
that tech companies face significant challenges doing business 
in China. For years, China has abused the privilege of being a 
member of the international trading system, pursuing a tapestry 
of policies and practices that favor Chinese companies and 
support the Chinese state.
    China's conduct has been particularly egregious in the 
technology sector where it coerces foreign companies into 
disclosing proprietary technology, subsidizes the domestic 
manufacturing of many products, enacts unique domestic 
standards without meaningful participation from foreign 
companies, and restricts cross-border data flows.
    My second point is that it's nevertheless important that 
companies continue to do business in China. Despite the 
challenges, U.S. business engagement in China strengthens 
America economically and technologically and thereby 
contributes to its security and its leadership.
    China is an important and growing market for U.S. 
technology exports. Being able to sell products and services to 
a fifth of the world's population allows U.S. tech companies to 
create jobs and expand R&D investment in the U.S., which allows 
the United States to retain its technological edge.
    Doing business in China also helps U.S. firms avoid ceding 
global markets to their Chinese competitors. Customers of 
services, such as cloud computing, whether they're Chinese, 
German, Brazilian, or otherwise, want services that are 
available globally.
    If U.S. companies cannot provide cloud services to 
multinational customers who do business in China and around the 
world, Chinese firms will and furthermore, while China 
frequently violates its trade commitments, continued business 
engagement helps prevent it from flouting international norms 
much more substantially.
    By pressing for increased market access, participation in 
standard-setting, and fairer treatment overall, U.S. companies 
help keep a spotlight on Chinese practices that preclude it 
from rewriting the rules of trade.
    Finally, to address these challenges, we need to have a 
strong multidimensional partnership between companies and 
policymakers. Government and industry must work together to 
address China's conduct. Neither alone can address the 
challenges.
    Companies understand how data moves and therefore how to 
mitigate risks to networks and operations. Policymakers 
understand how to assess security risks and how to seek changes 
in other countries' behavior, and we see three specific ways of 
doing so that I suspect we'll discuss today.
    First, the tech industry welcomes the Administration's 
efforts to redefine the bilateral economic relationship with 
China and we're eager to see an agreement that meaningfully 
addresses its policies and practices and in that regard, Mr. 
Chairman, Mr. Ranking Member, I couldn't agree more with the 
idea that the agreement has to address the structural problems 
in China's market.
    We look forward to supporting the Administration in working 
to ensure that once an agreement is reached, China abides by 
every single commitment that it makes.
    Second, we need to ensure that the U.S. Government has the 
tools to address security risks effectively without impeding 
the innovation that supports U.S. technological leadership.
    We strongly supported the development of last year's FIRRMA 
legislation to improve the CFIUS process and we're working 
actively with the Administration to modernize the export 
control system under the Export Control Reform Act.
    We also work closely with the U.S. Government through our 
leadership position in the Department of Homeland Security's 
ICT Supply Chain Risk Management Task Force.
    Finally, we need to invest in America's future to ensure 
that its companies and workers are as competitive as possible. 
That means investing in research and development in areas such 
as AI, 5G, enhancing STEM education, improving physical and 
digital infrastructure, and pursuing economic policies that 
allow the United States' world-class companies, entrepreneurs, 
and workers to compete with anyone in the world.
    So I'll wrap up my opening remarks there, but let me thank 
you again for having me, and I'd be happy to take your 
questions.
    [The prepared statement of Mr. Kallmer follows:]

Prepared Statement of Josh Kallmer, Executive Vice President of Policy, 
             Information Technology Industry Council (ITI)
Introduction
    Members of the Committee, thank you for inviting me to testify 
today.
    The Information Technology Industry Council (ITI) represents 64 of 
the world's leading information and communications technology (ICT) 
companies. We are the global voice of the tech sector and the premier 
advocate and thought leader in the United States and around the world 
for the ICT industry. ITI's member companies are comprised of leading 
technology and innovation companies from all corners of the ICT sector, 
including hardware, software, digital services, semiconductor, network 
equipment, Internet companies, and companies using technology to 
fundamentally evolve their businesses. Trade issues are critical to our 
members, and China is always a subject of much concern and interest.
    Today's hearing is particularly timely, as China, trade, and 
security issues garner significant attention from the administration 
and Congress. Media attention and the potential for conflating these 
issues make it even more important to clarify and address these complex 
subjects. China's blatant disregard for international norms governing 
free trade and market access has been well-established and must be 
addressed. China's role and impact on the global economy is as complex 
as it is important, however, and its relationship with the United 
States is by nature both competitive and cooperative.
    China has a well-established record of shifting the playing field 
in its favor--whether it is creating conditions for technology transfer 
through forced partnerships with Chinese companies; establishing 
ambiguous and intrusive security review regimes; or circumventing U.S. 
export controls laws, these unfair practices not only create an unfair 
economic advantage but may also, in some cases, pose a national 
security risk. Numerous policymakers have voiced concern regarding the 
security implications of China's practices. ITI members take security 
very seriously, including taking measures to ensure protection of their 
networks, customer data, IP, and threats to national security. ITI has 
demonstrated this commitment through our active engagement with 
policymakers on a number of issues, including the Committee on Foreign 
Investment in the U.S. (CFIUS) and export controls reform, and we 
welcome the opportunity to work with policymakers on the issues before 
us today.
    While we must address China's problematic policies and practices, 
that is only half of the equation. The U.S. Government must also 
rebalance its approach to strengthening the U.S. economy and the 
capacity for innovation in the United States. To that end, we encourage 
the U.S. Government to invest in education and skills training and 
basic research and development, and to foster the growth of emerging 
technologies in the United States.
    Regardless of whether China plays by the rules or not, it will 
continue to improve in technological development, innovation, and 
growth. We are no longer in a situation in which China makes 
technological gains simply by virtue of stealing U.S. technology. 
Therefore, efforts to wall the U.S. off from competition with China 
will not solve the problem. The United States must be prepared to 
compete.
    In my testimony, I will outline some of the challenges that our 
companies face as well as what we can do about it, why the Chinese 
market is so important, and how we can ensure that the United States 
continues to foster an environment that gives the best and brightest 
individuals the necessary tools to develop tomorrow's most innovative 
technology.
Key Problems Foreign Tech Companies Face from China
    Our companies face real and persistent challenges in the Chinese 
market, including data localization requirements, cloud services 
restrictions, and intrusive and undefined security review regimes that 
may lead to exposure of source code and other intellectual property.
    Over the last decade, China has made a concerted effort not only to 
address legitimate cybersecurity and privacy concerns of Chinese 
citizens and companies but also to foster a protected space for 
domestic companies to gain an unfair market advantage. As the Office of 
the United States Trade Representative (USTR) laid out in its 
comprehensive Section 301 investigation findings report, China has 
created a tapestry of laws, regulations, standards, and practices that 
collectively advantage Chinese companies and create conditions for 
direct and indirect tech transfer.
    Despite this clearly strategic approach to boost Chinese innovation 
and indigenous technology, the Chinese government is not a monolith. 
Infighting, discord, and pressure from Chinese leadership for agencies 
to issue regulations and demonstrate enforcement has added another 
layer of uncertainty and unpredictability to the Chinese market. 
Following passage of China's 2016 Cybersecurity Law, the tech sector 
has seen an unprecedented onslaught of implementing regulations, 
notices, measures, and standards drafted by numerous agencies within 
the Chinese bureaucracy, often contradicting one another. For example, 
the information technology standards body known as TC 260 released 110 
standards for comment between November 2016 and December 2017 alone, 
followed by another 53 standards in 2018--accounting for two-thirds of 
all standards that TC 260 has released for public comment. While these 
standards are often classified as voluntary, they may become de facto 
mandatory standards, making the short comment windows even more 
critical. These hastily enacted regulations also allow enforcement 
agencies to both interpret obligations unevenly and, potentially, 
target foreign companies.
Broad and Ambiguous Security Review Regimes
    While the Chinese government has for the most part been careful not 
to explicitly outline requirements for transfers of technology, source 
code, or other IP, the ambiguity and uncertainty surrounding China's 
numerous ``security review regimes'' create conditions ripe for 
coercion of companies to expose valuable intellectual property. For 
example, the Cybersecurity Law requires that companies subject 
themselves to intrusive security reviews for products and 
infrastructure to qualify as ``secure and controllable.'' While the 
meaning of this term is ambiguous, the provision favors domestic 
companies and products as inherently more secure and is, in effect, a 
thinly-veiled attempt to encourage consumers to ``buy domestic.'' 
Specifically, the Cross-Border Data Transfer Measures outline highly 
intrusive procedures, including background investigations of network 
suppliers and inspections of corporate offices.
Implicit and Explicit Technology Transfer Requirements
    Chinese requirements outlined in various laws and regulations--
including those that require firms to locate production or facilities 
in China and establish a joint venture (JV) with a Chinese partner in 
order to operate in China--can put their valuable technology and other 
intellectual property at risk. Disclosure of sensitive information can 
be forced through a contract (e.g., JV, partnership), direct pressure 
from local or central governments, or governmental review or 
certification mechanisms. While there is nothing inherently wrong with 
voluntary JVs and partnerships, they become problematic when they are 
forced on foreign parties and when regulations stipulate either that 
the Chinese partner must maintain majority control of the JV or that 
only a Chinese company may obtain required product licenses.\1\
---------------------------------------------------------------------------
    \1\ See Law of the People's Republic of China on Chinese-Foreign 
Joint Ventures; Provisions on Administration of Foreign-Invested 
Telecommunications Enterprises; The People's Republic of China Foreign 
Investment Catalogue 2017
---------------------------------------------------------------------------
    China has made its technology transfer objectives clear through its 
national strategy to promote indigenous innovation, Made in China 2025. 
The strategy explicitly promotes the transfer of technology as a means 
of advancing technological capability, competitiveness, and strategic 
emerging industries. Further, it outlines a wide-ranging effort to 
employ funding and the investment of significant government resources 
in support of key industries. While the Chinese government intended 
Made in China 2025 as a means of setting aspirational goals for a 
domestic audience, it has nonetheless fostered an environment that 
makes forced technology transfer more likely and may yield overcapacity 
in targeted sectors. These factors create real competitiveness risks 
for companies and can significantly distort market supply and demand.
Restrictions on Foreign Cloud Service Providers
    China's restrictions on U.S. cloud services providers (CSPs) 
exemplify the lack of fairness in the U.S.-China trade relationship. 
Foreign companies face written and unwritten requirements that do not 
allow foreign companies to obtain licenses to operate without a Chinese 
partner; force U.S. CSPs to surrender use of their brand names; and 
require companies to hand over operation and control of their 
businesses to Chinese companies in order to do business in the Chinese 
market. Chinese cloud services providers operating in the United States 
are subject to none of these restrictions.
Data Localization Requirements
    Cross-border data flows are essential to digital trade. In 2016, 
over 53 percent of total U.S. service exports relied on cross-border 
data flows.\2\ Data flows are also important for purposes of network 
protection, as companies rely on real-time exchanges of information 
across borders to identify and ``patch'' vulnerabilities and receive 
timely system and software updates. Despite numerous efforts by the 
U.S. tech sector to explain that data localization does not enhance--
and may diminish--data security, China continues to publish new and 
troubling laws, regulations, and standards that require the storage of 
data in China. For example, China's Cybersecurity Law and other 
regulations seriously harm many U.S. exporters by restricting cross-
border data flows and requiring firms to store and process data in 
China. Draft regulations--including the Cross-Border Data Transfer 
Measures and the Critical Information Infrastructure Protection 
Regulation (both implementing regulations of the Cybersecurity Law) 
contain numerous provisions that would force companies to localize 
certain data in China and create undue and expensive impediments to 
transferring business information out of China in a timely manner.
---------------------------------------------------------------------------
    \2\ ``Cross-Border Data Flows, the Internet and What is Means for 
U.S. and EU Trade and Investment'' (Brookings, https://
www.brookings.edu/blog/up-front/2014/10/21/cross-border-data
-flows-the-internet-and-what-it-means-for-u-s-and-eu-trade-and-
investment/).
---------------------------------------------------------------------------
China's Standards Development
    Chinese standards work and implementation of the 2017 revision of 
the Standardization Law presents a unique set of challenges, as China 
aims to codify the standards-development process in China.
    The Law includes problematic elements such as unclear public 
disclosure requirements that may reveal business-sensitive information. 
Implementing policies of the Law, such as the Pioneer Standards 
Program, incentivize public disclosure of standards that companies use 
in their products. Disclosure is not mandatory, yet companies that do 
not disclose standards will not be recognized as standards 
``pioneers,'' which may influence consumer purchasing preferences and 
also renders the product ineligible to compete for government 
procurement contracts.
    ITI supports industry-led, consensus-based international standards 
development, which fosters an environment in which standards are 
market-driven and only adopted if they benefit current technology and 
consumers. However, China and other nations have utilized ``country-
unique'' standards as a policy tool to establish market access barriers 
and give domestic companies a competitive advantage. Given the size and 
influence of China's market, these national standards may influence 
regional trends and product development. China's exclusion or strict 
limitations on the participation of foreign companies in standards 
development bodies means that Chinese standards are developed in way 
that weakens interoperability and the global standards system. ITI 
urges Congress and the Administration to promote and strengthen the 
standards development process worldwide to ensure that development is 
fully consistent with international norms and the World Trade 
Organization (WTO).
    China's reliance on a top-down model to promote its standards does 
not mean that the U.S. Government should take a similar approach. While 
China may propose many more standards in international standards 
organizations, the market should ultimately choose the most appropriate 
standard for consumers and the current technology. Regardless of 
quantity, a robust industry-led international standards development 
process leads to adoption of the most appropriate standard. In this 
regard, there is no ``first mover advantage'' that would give China an 
advantage in the development of 5G or technologies related to AI. The 
best way to counter China's growing influence in international 
standards bodies is to work within and support the international 
standards system. The U.S. Government can assist by promoting reliance 
on international standards and by investing in research and 
development, which will allow U.S.-based companies to continue to 
innovate and lead in the market.
Why Do Companies Stay in the Chinese Market?
    While the Chinese market presents clear risks and impediments for 
foreign companies, its size and impact on the global supply chain 
cannot be ignored. In 2018 alone, the U.S. exported nearly $21 billion 
worth of ICT goods to China.\3\ China is the third largest market for 
U.S. services exports in Asia and accounts for nearly a quarter of the 
global consumer market. These customers operate not only in China but 
also globally--and they demand products and services that operate 
globally. If U.S. companies leave the Chinese market, they effectively 
forfeit much more than the Chinese market to Chinese companies. 
Customers--particularly those that depend on enterprise services such 
as cloud computing--will seek companies that provide services in all 
markets in which they operate.
---------------------------------------------------------------------------
    \3\ ``U.S. GDP was $20.89 trillion in the fourth quarter of 2018'' 
(Bureau of Economic Analysis, https://www.bea.gov/news/2019/initial-
gross-domestic-product-4th-quarter-and-annual-2018).
---------------------------------------------------------------------------
    From both an economic and technological advantage perspective, it 
is not in the interest of U.S. companies, consumers, or the government 
to cede market share to Chinese companies. Put simply, if companies 
want to compete for global consumers and continue to be at the 
forefront of emerging technology development they must compete with 
Chinese companies in China and abroad.
What the U.S. Government Can Do
    ITI appreciates that the U.S. Government recognizes China has 
instituted problematic tech policies and practices and that the 
administration has taken steps to address it, including USTR's Section 
301 investigation and subsequent report. We routinely hear from 
policymakers regarding both economic and security concerns related to 
China, including current and future American economic competitiveness. 
The tools that the U.S. Government uses to address these issues, 
however, must be tailored and strategic to avoid causing unnecessary 
harm to U.S. competitiveness and innovation--which are key to the 
Uniteds States' economic and national security. I'd like to outline a 
few basic tenets below.
Assess Potential Security Problems from Both a Private and Public 
        Sector Perspective
    ITI respects and acknowledges national security concerns. We 
advocate for and work with policymakers to develop thoughtful and 
tailored policy approaches that consider: the problem or threat from 
both a public sector and private sector perspective; whether and to 
what extent a threat can be mitigated; and how to limit adverse or 
unintended effects on companies' ability to operate, compete, and 
innovate. It is important to recognize that the public sector often has 
information and political insights that the private sector does not and 
vice versa. While the U.S. Government has visibility into many security 
threats, it relies on the private sector to tell it what is happening 
on its networks and the steps that should be taken to mitigate risks.
    While policymakers are rightly concerned about safeguarding 
American companies' innovations in emerging technology fields such as 
artificial intelligence (AI) and 5G, it is important to ensure that 
such safeguards do not hamstring companies' ability to develop the very 
technologies that the U.S. Government values for purposes of economic 
growth and national security. The tech sector can help in this 
assessment of future impacts.
    The consequences of security policy to tech companies will have 
significant ripple effects. ITI encourages Congress and the 
administration to engage with the private sector on these important 
issues and work together to develop a strategic and coordinated 
approach to the potential threats and challenges posed by China and 
others.
Compete with China and Invest in America's Future
    Preventing China from stealing technology alone will not help us 
achieve our goals. The U.S. Government must invest in America's future. 
This means investing in research and development, education, science 
and technology, artificial intelligence (AI), and digital 
infrastructure. Strengthening the business environment, the Nation's 
human resources, and incentivizing innovation are all key to generating 
sustainable economic prosperity.
    If the U.S. is to preserve its technological edge, it must be 
prepared to step up and compete with China. Regardless of whether China 
plays by the rules or not, Chinese inventors, entrepreneurs, and 
businesses will continue innovating and will close the technological 
gap between the U.S. and China. While a level playing field is of 
course important, it is vital that the U.S. Government continue to 
commit to serious investments in technology to ensure American 
competitiveness and economic growth. China is making a concerted, 
strategic effort to invest and plan for its economic and technological 
future. The clock is running out for the U.S. Government to take 
action. Where the private sector in the U.S. is making significant 
progress in advancing the next generation of technologies and investing 
heavily in cutting-edge research, the U.S. Government can and should do 
more to support innovation.
    With the world's largest and increasingly educated population, 
China had 4.7 million STEM graduates in 2016. To put that in 
perspective, that means half of China's nearly 8 million graduates are 
focusing on STEM, while in the U.S. less than a third--roughly 568,000 
of America's 2 million graduates--major in STEM. The U.S. has invested 
less and less in R&D spending, where in 2016 R&D constituted about 2.7 
percent of GDP.\4\ China is catching up quickly with an expenditure of 
2 percent of its GDP going to R&D.\5\ In 2017, China accounted for 48 
percent of the total global investment in artificial intelligence 
startup funding, while the U.S. accounted for 38 percent. In monetary 
terms, China invested $7.3 billion in artificial intelligence while the 
U.S. invested $5.77 billion.
---------------------------------------------------------------------------
    \4\ ``How much does your country invest in R&D'' (UNESCO Institute 
for Statistics, http://uis.unesco.org/apps/visualisations/research-and-
development-spending/).
    \5\ Ibid.
---------------------------------------------------------------------------
    China is also on track to outpace the United States in other areas. 
For example, according to a 2018 International Data Corporation report, 
the U.S. will spend $22 billion on smart city development this year. 
China is close behind with projected spending at $21 billion. As of 
2015, there were 1,000 smart city pilot plans in the works worldwide, 
500 of which were located in China. While 66 percent of U.S. cities are 
adopting smart city technologies, China's test bed for smart cities is 
the largest in the world.
    These are just a few examples. The bottom line is that the United 
States is failing itself by not seriously investing in our country's 
technological and economic future.
Conclusion
    China poses serious challenges to the tech sector. We must address 
these challenges aggressively yet strategically and with an eye to 
future ramifications for the economy and technological competitiveness. 
We also can neither ignore nor deny the significant role China plays in 
the global economy as a key piece of the global supply chain, supplier 
of products and components, an innovative competitor, and a vital 
market for U.S. goods and services, and it would be a disservice to 
downplay the need to invest in U.S. companies' ability to compete with 
an increasingly innovative and technologically advanced China. With the 
right approach, we can address these serious challenges in a way that 
benefits the United States' economic and national security.
    On behalf of all ITI members, I thank you for having me before the 
Committee today and commend you for your interest in examining the 
various challenges that China poses to the tech sector. We stand ready 
to work with you to address these challenges. I look forward to 
answering your questions.

    Senator Sullivan. Thank you, Mr. Kallmer.
    Ms. Sacks, the floor is yours.

STATEMENT OF SAMM SACKS, CYBERSECURITY POLICY AND CHINA DIGITAL 
                  ECONOMY FELLOW, NEW AMERICA

    Ms. Sacks. Chairman Sullivan, Ranking Member Markey, and 
Members of the Subcommittee, thank you for the opportunity to 
testify today, and I, too, am very excited to talk about the 
tools we have at our disposal.
    My research focuses on information and communication 
technology policies in China. I have worked on Chinese tech 
policy issues for over a decade, both with the national 
security community as well as the private sector and now in a 
research capacity.
    The United States and China are now locked in a growing 
conflict with technology and cybersecurity at the center. The 
decisions made by U.S. policymakers now will have consequences 
for years to come.
    While much attention is paid to the role played by joint 
ventures and China's industrial policy in tech transfer and IP 
theft, I will focus on three related issues but issues that 
have gotten less attention where I think there is an 
opportunity right now for action.
    I will discuss the challenges posed by standards, data 
transfer, and emerging technology norms. First, standards. 
Since 2015, China has issued over 300 cybersecurity standards. 
I've translated and analyzed these standards in a report from 
last year and will be happy to discuss that in more detail in 
follow-on questions.
    These standards pose three main issues to U.S. commerce. 
First, the Chinese Government can use standards to pressure 
companies to undergo invasive product reviews where sensitive 
information and source code may be exposed as part of 
verification and testing.
    Second, they may create a competitive advantage for Chinese 
companies if regulators deem Chinese companies to be superior, 
and third, to comply with some standards, foreign firms may 
need to redesign products for the China market in ways that are 
fundamentally incompatible with the global standard system.
    Another major issue for U.S. companies in China, as my 
colleague, Mr. Kallmer, has mentioned, is cross-border data 
transfers. Depending on how China's cybersecurity law is 
implemented, the government could require certain kinds of data 
to be stored within Mainland China and require security 
approvals for cross-border data transfer.
    A third challenge is the Chinese Government's efforts to 
shape the norms for the use of emerging technologies. The 
Chinese leadership was not at the table in shaping the rules 
for the global Internet and now they want to ensure that that 
does not happen in transformative technologies.
    When it comes to issues, like AI ethics, safety, and 
privacy, the rules do not yet exist in China or in the rest of 
the world. There are some troubling indications when it comes 
to the Community Party's vision for the use of technology.
    For example, reports say that in Xinjian, the government is 
detaining large numbers, upwards of hundreds of thousands to 
one million Muslims, and using a range of technologies in that 
process.
    So on all of these fronts, right now, the U.S. has a window 
for achieving meaningful change that should not be squandered.
    I have five recommendations. First, adopt a small yard/high 
fence approach. This is a phrase used by the former Secretary 
of Defense Robert Gates and it essentially means be selective 
about what technologies are vital to national security but be 
aggressive in protecting them. Overreach in the form of blanket 
bans, unwinding global supply chains, and discrimination 
against individuals is not the answer.
    Second, make targeted demands of China in trade talks. As 
China's standards regime is still taking shape, the Chinese 
Government should commit to revise those standards that 
pressure U.S. companies to disclose source code, encryption 
keys, and sensitive information. On data, Beijing should commit 
to allow more commercial data to exit the country.
    Third, work with China on setting norms for emerging 
technologies. The U.S. benefits from exchange and cooperation 
with Chinese practitioners and scholars. There are grave risks 
to losing visibility and insight into China's approach on these 
matters.
    In parallel, the U.S. should coordinate with allies and 
partners to create international pressure on Beijing. 
Multilateral pressure has been effective in the past.
    Last, we cannot just play defense. We must play offense. 
The United States must invest in its own R&D, its 
infrastructure, its STEM education, because China will not 
abandon its technological aspirations. We must be able to 
compete in our own right.
    Thank you very much, and I look forward to your questions.
    [The prepared statement of Ms. Sacks follows:]

   Prepared Statement of Samm Sacks, Cybersecurity Policy and China 
                  Digital Economy Fellow, New America
    Chairman Sullivan, Ranking Member Markey, and Members of the 
Subcommittee, I appreciate the opportunity to testify on the challenges 
China presents to U.S. commerce.
    I am a Cybersecurity Policy and China Digital Economy Fellow at New 
America. New America is a nonpartisan think tank dedicated to the 
mission of realizing our Nation's highest ideals through confronting 
challenges caused by rapid technological and social change.
    My research focuses on information and communication technology 
(ICT) policies in China and the U.S.-China technology relationship. I 
have worked on Chinese technology and cyber issues for over a decade, 
not only with the U.S. government, where I focused on the national 
security implications of technology transfer and dual-use technology, 
but also with the private sector, looking at China's complex and 
rapidly evolving regulatory environment.
    This hearing could not come at a more critical moment. The United 
States and China are locked in a deepening conflict with technology and 
cybersecurity at the center. It is arguably the most significant period 
in the bilateral trade and investment relationship in the last four 
decades. The decisions made by U.S. policymakers during this window 
will have consequences for U.S. national security, competitiveness, 
innovation, technological leadership, and norms for years to come.
China's Technology Challenge
    In his testimony last week before the House Ways and Means 
Committee, Ambassador Lighthizer testified that technology transfer, 
failure to protect intellectual property (IP), large subsidies, and 
cyber theft of commercial secrets present major problems for the U.S. 
economy.\1\ While much attention is paid to the role played by joint 
ventures (JVs) and China's industrial policy, I will focus here on 
three related issues that get less attention than they deserve and 
where there is an opportunity right now for action: standards, data 
flows, and emerging technology norms and governance.
---------------------------------------------------------------------------
    \1\ Robert Lighthizer, ``Opening Statement of USTR Robert 
Lighthizer to the House Ways and Means Committee,'' February 27, 2019, 
https://ustr.gov/about-us/policy-offices/press-office/press-releases/
2019/february/opening-statement-ustr-robert.
---------------------------------------------------------------------------
    While I will focus my comments on the ICT space, these challenges 
are not limited to companies in the technology industry. They also 
matter for all sectors that rely on ICT infrastructure, data, and 
digital platforms--including manufacturing, finance, energy, retail, 
healthcare, etc.
1. Market Access, IP, and Technology Transfer
    The administration of President Xi Jinping is doubling down on 
plans to reduce reliance on foreign suppliers in what are deemed ``core 
technologies.'' \2\ These efforts coincide with Beijing's rapid build-
out of the most comprehensive cybersecurity legal and regulatory regime 
of any government in the world. An interlocking system of laws, 
regulations, and standards create a maze of rules spanning data, online 
content, and critical infrastructure. While the Cybersecurity Law is 
the centerpiece of this system, far less understood are the hundreds of 
cybersecurity standards accompanying it, which in practice are vital 
for actually doing business on the ground.
---------------------------------------------------------------------------
    \2\ Paul Triolo, Graham Webster, Lorand Laskai, and Katharin Tai, 
``Xi Jinping Puts `Indigenous Innovation' and `Core Technologies' at 
the Center of Development Priorities,'' DigiChina, New America, May 2, 
2018, https://www.newamerica.org/cybersecurity-initiative/digichina/
blog/xi-jinping-puts-indigenous-innovation-and-core-technologies-
center-development-priorities/.
---------------------------------------------------------------------------
    These standards contribute to making China an increasingly 
difficult market for foreign firms to operate in. There are three main 
challenges posed by the standards regime:\3\
---------------------------------------------------------------------------
    \3\ Samm Sacks and Manyi Kathy Li, ``How Chinese Cybersecurity 
Standards Impact Doing Business in China,'' CSIS Briefs, Center for 
Strategic & International Studies, August 2 2018, https://www.csis.org/
analysis/how-chinese-cybersecurity-standards-impact-doing-business-
china.

   First, the Chinese government can use standards to pressure 
        companies to undergo invasive product reviews where sensitive 
        information and source code (even if not explicitly required) 
        may be exposed as part of verification and testing. This 
        includes, for example, the security assessment process for 
        products such as central processing units, operating systems, 
        and office software suites. As part of the assessment, 
        suppliers need to submit verification materials including 
        product IP, source code, and design and development documents. 
        China's Standardization Law (which took effect in January 2018) 
        may require public disclosure of what are called ``enterprise 
        standards,'' referring to a company's proprietary product and 
        service specifications, according to BSA's Special 301 
        Submission.\4\
---------------------------------------------------------------------------
    \4\ BSA / The Software Alliance, ``Special 301 Submission,'' 
February 8, 2018, https://www.bsa.org//media/Files/Policy/Trade/
BSA2018Special301.pdf.

   Second, Chinese standards also create a competitive 
        advantage for Chinese companies. Chinese companies may not have 
        the same concerns foreign companies do about providing 
        sensitive information to the government as a condition of 
        meeting the standards. Chinese regulators may also deem Chinese 
        companies as being more secure under the vague criteria 
        contained in the standards simply because they are local and 
        therefore perceived to be more ``secure and controllable'' and 
---------------------------------------------------------------------------
        without influence from foreign governments.

   Third, to comply with some standards, foreign firms may need 
        to redesign products for the China market where they are not 
        compatible with international standards. This is not only 
        costly, but also creates interoperability issues with global 
        markets.

    Beijing uses vague language in standards, like in many Chinese laws 
and regulations, to avoid issues, such as World Trade Organization 
(WTO) challenges, while allowing the government maximum flexibility and 
discretion to apply onerous provisions when it sees fit. 
Internationally Beijing must disclose required standards to the WTO. 
However, in 2017 the government downgraded over 1,000 Chinese standards 
submitted to the WTO from required national standards to 
recommendations.\5\
---------------------------------------------------------------------------
    \5\ ``396-xiang Qiangzhixing Guojia Biaozhun Feizhi 1077-xiang 
Qiangzhixing Guojia Biaozhun Zhuanhua'' [396 Mandatory National 
Standards Abolished, 1077 National Standards Transformed], Ministry of 
Commerce of the People's Republic of China, April 1, 2017, http://
chinawto.mofcom.gov.cn/article/i/ac/201704/20170402545384.shtml.
---------------------------------------------------------------------------
    Although officially most standards are deemed ``recommended,'' in 
practice many may often be required to do business in China. This is 
the case when standards are listed as procurement requirements for 
government or state-owned enterprises. Beyond government customers, 
some Chinese customers may not buy from vendors who lack a 
certification associated with certain standards. There have been cases 
in which customer deals do not go through because a product lacks a 
certain certification.
    Many more standards are likely to come, as Beijing is still only in 
the early stages of a national effort to build out its cybersecurity 
standards regime. Many existing standards are still only in draft form.
    For more details on China's cybersecurity standards regime, please 
see the report I wrote in my previous position at the Center for 
Strategic & International Studies.\6\ The report includes our 
translation and analysis of more than 300 standards dating back to 
2015, when the Cybersecurity Law drafting process began.
---------------------------------------------------------------------------
    \6\ Sacks and Li, ``How Chinese Cybersecurity Standards Impact 
Doing Business in China.''
---------------------------------------------------------------------------
2. Data Localization
    Restrictions on cross-border data flows represent one of the top 
problems for U.S. companies in China. According to Article 37 of 
China's Cybersecurity Law: ``Critical information infrastructure 
operators that gather or produce personal information or important data 
during operations within the mainland territory of the People's 
Republic of China, shall store it within mainland China.'' \7\ 
Depending on how it is implemented, this provision could require 
certain kinds of data to be stored within mainland China and require 
security approvals for cross-border data transfer.
---------------------------------------------------------------------------
    \7\ A translation of China's Cybersecurity Law is available at: 
https://www.newamerica.org/cybersecurity-initiative/digichina/blog/
translation-cybersecurity-law-peoples-republic-china/.
---------------------------------------------------------------------------
    The Chinese government is still defining ``personal information'' 
and ``important data,'' as well as what sectors fall under ``critical 
information infrastructure'' (CII), under separate measures still in 
draft form,\8\ but there are concerns that the scope could be vast and 
ambiguous.\9\
---------------------------------------------------------------------------
    \8\ ``Measures on Security Assessment of Cross-border Transfer of 
Personal Information & Important Data (Draft for comment)'' and 
separate standard Information Security Technology--Guidelines for Data 
Cross-Border Transfer Security Assessment (draft for comment) together 
are meant to flesh out technical guidelines assessing cross-border data 
transfers. LINK See also Samm Sacks, Paul Triolo, and Graham Webster, 
``Beyond the Worst-Case Assumptions on China's Cybersecurity Law,'' 
DigiChina, New America, October 13, 2017, https://www.newame
rica.org/cybersecurity-initiative/blog/beyond-worst-case-assumptions-
chinas-cybersecurity-law/
    \9\ According to the latest publicly available draft, all ``network 
operators'' will be subject to assessments before exporting data out of 
China. In practice, this could mean anyone who owns and operates an IT 
network. Industry sources report the government may have walked this 
back recently to focus just on CII operators, but there is still 
tremendous regulatory uncertainty given that the definition of CII 
itself is up in the air. The May 27, 2017, version gives a sweeping 
definition of ``important data,'' spanning that which can ``influence 
or harm the government, state, military, economy, culture, society, 
technology, information . . . and other national security matters.''
---------------------------------------------------------------------------
    As the government finalizes these draft requirements amid much 
internal debate, it is important to keep in mind that there are also 
competing voices in China advocating for more alignment with 
international practices. Key players in China's private sector have 
argued that cutting off cross-border data flows will hurt the country's 
global economic goals; in fact, one of the main reasons why Beijing has 
yet to finalize the cross-border data flow measures is that there has 
been so much pushback from Chinese industry seeking global markets.
3. Leadership in Technology Norms and Governance
    Artificial intelligence (AI), the Internet of Things (IoT), and the 
collection and use of the data involved present new challenges when it 
comes to technology norms and governance. The rules do not yet exist 
when it comes to complex questions related to ethics, safety, privacy, 
and discrimination.
    Chinese scholars, practitioners, and the government are beginning 
to grapple with these challenges in often positive ways. There is a 
growing field of public conversations and legal scholarship in China 
devoted to topics ranging from the right to contest algorithmic 
decisions to bias and discrimination in AI--similar questions under 
discussion among leading AI thinkers in the United States.\10\
---------------------------------------------------------------------------
    \10\ I recently participated in a Track 2 dialogue on privacy with 
Berkeley Law and Peking University Law. The link to the public portion 
of the conference is available here: https://www.law.berkeley.edu/
research/bclt/bcltevents/2019-privacy-and-cybersecurity-law-
developments/agenda/.
---------------------------------------------------------------------------
    Last year, China took a major step in asserting leadership in AI 
governance by hosting a major international AI standards meeting in 
Beijing and publishing an AI standards white paper that underlined the 
need for rules of the road when it comes to AI ethics, privacy, and 
safety.\11\ Chinese authorities see this as a way to take a leading 
role in international governance, reflecting long-standing concerns 
that Chinese representatives were not at the table to help set the 
rules of the game for the global Internet. The Chinese government wants 
to make sure that this does not happen with the next generation of 
transformative technology, now that China has become a technology power 
with a sizeable market and leading technology companies.
---------------------------------------------------------------------------
    \11\ Jeff Ding, Paul Triolo, and Samm Sacks, ``Chinese Interests 
Take a Big Seat at the AI Governance Table,'' DigiChina, New America, 
June 20, 2018, https://www.newamerica.org/cybersecurity-initiative/
digichina/blog/chinese-interests-take-big-seat-ai-governance-table/.
---------------------------------------------------------------------------
    With AI governance still in its early stages, it is too early to 
know what approach China will take; however, in some areas there are 
very troubling indications when it comes to the Communist Party's 
vision for the use of technology.
    Reputable reports say that in Xinjiang, the government is detaining 
large numbers of Muslims and using a range of technologies in the 
process. Biometric scans, facial recognition, devices that scan 
smartphones for encrypted chats, and high-tech big data monitoring 
systems are enabling the mass surveillance and incarceration of Uighurs 
and other citizens, with estimates ranging from hundreds of thousands 
to as many as one million people affected.\12\
---------------------------------------------------------------------------
    \12\ Josh Chin and Clemente Burge, ``Twelve Days in Xinjiang: How 
China's Surveillance State Overwhelms Daily Life,'' The Wall Street 
Journal, December 19, 2018, https://www.wsj.com/articles/twelve-days-
in-xinjiang-how-chinas-surveillance-state-overwhelms-daily-life-
1513700355.
---------------------------------------------------------------------------
    It is not clear whether the Chinese government plans to expand the 
model for how technology is being used by security services in Xinjiang 
to other parts of China, but we cannot ignore that possibility that it 
could in the future.
    There is tremendous uncertainty in China and the rest of the world 
about how to shape rules and norms around new technologies in ways that 
will bring benefits to humanity. China aspires to play a leading role 
in this conversation in ways that will have ramifications for U.S. 
companies doing business in China, and, more broadly, for the formation 
of global governance frameworks for the use of technology.
Recommendations for U.S. Policy Toward China
    As Ambassador Lighthizer testified last week, the U.S. government 
is engaged in ``very intense, extremely serious, and very specific 
negotiation with China on crucial structural issues.'' \13\ This 
presents a window for achieving meaningful change that should not be 
squandered.
---------------------------------------------------------------------------
    \13\ Lighthizer, ``Opening Statement of USTR Robert Lighthizer to 
the House Ways and Means Committee.''
---------------------------------------------------------------------------
    I have five recommendations:

  1.  Adopt a ``small yard, high fence'' approach. The question is how 
        to address the challenges posed by China in a way that does not 
        undermine ourselves in the process. In a recent article for 
        Foreign Affairs, my colleague Lorand Laskai and I argue for an 
        approach based on what the former Secretary of Defense Robert 
        Gates called ``small yard, high fence.'' This means being 
        selective about what technologies are vital to U.S. national 
        security, but being aggressive in protecting them.\14\
---------------------------------------------------------------------------
    \14\ Lorand Laskai and Samm Sacks, ``The Right Way to Protect 
America's Innovation Advantage,'' Foreign Affairs, October 23, 2018, 
https://www.foreignaffairs.com/articles/2018-10-23/right-way-protect-
americas-innovation-advantage.

     Overreach in the form of blanket bans, unwinding global supply 
        chains, and discrimination based on national origin is not the 
        answer. Tools like the Committee on Foreign Investment in the 
        United States (CFIUS), export controls, and law enforcement are 
---------------------------------------------------------------------------
        designed to be used as scalpels, not blunt instruments.

     Overreach has costs for U.S. security, competitiveness, and 
        innovation. As my New America colleague Graham Webster writes 
        for MIT Technology Review, there may be greater harm to U.S. 
        interests in viewing China's technological ambitions as an 
        existential struggle between two competing blocs.\15\ That is 
        because the United States and China belong to an interconnected 
        system when it comes to research, development, and 
        manufacturing. Innovation by American companies is fueled by 
        access to the Chinese market. The leading semiconductor 
        manufacturers make substantial profits in China. They then plow 
        a major portion of those profits back into R&D in order to stay 
        competitive in emerging technologies like 5G.
---------------------------------------------------------------------------
    \15\ Graham Webster, ``The U.S. and China Aren't in a Cold War, So 
Stop Calling it That,'' MIT Technology Review, December 19, 2018, 
https://www.technologyreview.com/s/612602/the-us-and-china-arent-in-a-
cold-war-so-stop-calling-it-that/.

     Unlike the Cold War space race with the Soviet Union, the line 
        between U.S. and Chinese technological development is not as 
        clear as the political border between the two countries. Today, 
        government scientists have been replaced by international 
        corporations and diffuse global networks of entrepreneurs, 
        researchers, and venture capitalists.\16\
---------------------------------------------------------------------------
    \16\ Laskai and Sacks, ``The Right Way to Protect America's 
Innovation Advantage.''

     Innovation flows both ways across the Pacific. China is emerging 
        as an AI powerhouse, with Chinese start-ups excelling in 
        several areas, including computer vision, speech recognition, 
        and machine translation. If U.S. companies are to have any 
        chance of keeping up, they will need access to Chinese 
---------------------------------------------------------------------------
        research, talent, and expertise.

  2.  Targeted demands in China trade talks. As U.S. and Chinese 
        negotiators work to complete a trade deal, the U.S. side should 
        structure its demands of Beijing to focus on the following 
        issues which will have significant effect on the ability of 
        U.S. companies to do business in China. By prioritizing the 
        following three issues, the U.S. side may have a shot at 
        achieving more than just a cosmetic deal with Beijing. These do 
        not require that Beijing dismantle state capitalism or abandon 
        its technological ambitions, but they could result in 
        meaningful changes for doing business in China:

    a.  Standards: Since China's standards regime is still taking 
            shape, this is an area upon which the United States should 
            press Beijing. The Chinese government should commit to 
            revise regulations and standards that pressure U.S. 
            companies to disclose source code, encryption keys, and 
            other sensitive information such as proprietary product 
            specifications in exchange for market access. Any 
            government reviews should be conducted in a non-arbitrary 
            and transparent manner, and include international third-
            party accredited bodies.\17\
---------------------------------------------------------------------------
    \17\ BSA / The Software Alliance, ``Special 301 Submission.''

    b.  Data Flows: Beijing has yet to finalize the scope of what kind 
            of data must be stored locally under the pending definition 
            of critical information infrastructure. Beijing should 
            commit to allow more commercial data to exit the country 
            without undergoing opaque and arbitrary security audits. 
            The final version of the relevant regulations on the issue 
            should spell this scope out in clear terms. Beijing should 
            also sign onto the Asia-Pacific Economic Cooperation's 
            (APEC's) Cross Border Privacy Rules System (CBPRs)\18\ to 
            facilitate cross-border data transfers with the United 
            States. Since Beijing is concerned with new U.S. 
            restrictions on U.S. citizen data under the expanded CFIUS 
            regime, the U.S. side should agree to its own security 
            reviews involving access to U.S. citizen data in a narrow 
            fashion.
---------------------------------------------------------------------------
    \18\ See: http://cbprs.org/.

    c.  IP Theft: On IP theft, Beijing should commit to impose criminal 
            penalties, including jail time (not just fines) against 
            individuals as a deterrent against IP theft. It also should 
            agree to put in place measures that protect confidential 
            business information during government review processes, 
            including a dispute channel to address conflicts of 
            interest and the types of information requested, according 
            to the U.S. China Business Council.\19\
---------------------------------------------------------------------------
    \19\ US-China Business Council, ``US-China Business Council 
Statement on Section 301 Report,'' March 22, 2018, https://
www.uschina.org/media/press/us-china-business-council-statement-
section-301-report.

        Robust verification measures should be put in place to backstop 
            commitments made by Beijing. China did not live up to its 
            commitments not to conduct cyber industrial espionage under 
            the 2015 Xi-Obama cyber agreement. A compliance monitoring 
            system focused specifically on IP and tech transfer should 
            be used to scrutinize practices, procedures, and systems of 
---------------------------------------------------------------------------
            violators.

  3.  Work with China on setting norms for emerging technologies. As 
        governments around the world grapple with how to set norms and 
        shape governance for emerging technologies, the United States 
        benefits from cooperation and exchange with Chinese officials, 
        companies, and policy thinkers. There are risks to losing 
        visibility and insight into what China is doing on this front. 
        It is in the U.S. interest to work with China to set rules on 
        AI ethics and safety. Joint research and other partnerships 
        provide this lens and channel.

  4.  Coordinate with allies and partners to create international 
        pressure on Beijing. Multilateral pressure has proven 
        successful in the past. For example, in 2009 a coalition 
        including the United States, Japan, and Europe combined efforts 
        to pressure the Chinese government to suspend a requirement 
        that screening software (``Green Dam Youth Escort'') with 
        surveillance capabilities be installed on computers sold in 
        China. The United States should build upon the alliance 
        structures that have been successful since the end of World War 
        II. Unilateral action will not only compel China to retaliate 
        against U.S. companies; it will make Beijing double down on the 
        very structural problems we want to address, feeding Beijing's 
        own narrative about cybersecurity governance.

  5.  The United States must play offense by investing in its own R&D, 
        infrastructure, STEM education, and a capital market that 
        rewards investment. China will continue to invest in closing 
        the technology gap with the United States regardless of our 
        actions, so the United States must be able to compete through 
        its own technological and economic leadership.

    Senator Sullivan. Thank you, Ms. Sacks.
    And next we have the Honorable Eric Rosenbach.

         STATEMENT OF HON. ERIC ROSENBACH, CO-DIRECTOR,

          BELFER CENTER FOR SCIENCE AND INTERNATIONAL

          AFFAIRS, HARVARD KENNEDY SCHOOL, FORMER DOD

   CHIEF OF STAFF; FORMER ASSISTANT SECRETARY OF DEFENSE FOR 
              HOMELAND DEFENSE AND GLOBAL SECURITY

    Mr. Rosenbach. Thank you, Mr. Chairman, Ranking Member. A 
pleasure to see you, Mr. Chairman, after working with you to 
get the brigade in Alaska, and Ranking Member, Senator Markey, 
thank you for everything you do for Massachusetts and your 
recent visit to the Kennedy School.
    This is the Information Age and information is now the 
world's most consequential and contested geopolitical resource. 
The world's most profitable businesses have understood for 
years that data is the new oil.
    Political operatives and, unfortunately, foreign 
intelligence operatives, as well, have shown that data-driven 
social media is the key to influencing public opinion.
    Leading researchers in the area of artificial intelligence 
know that good data, not just algorithms, will allow companies 
and nations to gain a competitive edge.
    In the 1990s, America's supremacy in information 
technologies and the Internet seemed unassailable. 
Unfortunately, as the importance of information as a 
geopolitical resource has waxed, U.S. dominance has waned. 
That's why this hearing is so important.
    China is moving very quickly into the Information Age with 
a strategic approach that bolsters their national interests. 
The United States, on the other hand, seems to be standing by, 
beholden by large tech companies focused primarily on 
connecting more people to generate more data to ensure more 
clicks on advertising links.
    In the absence of a national strategy to protect Americans' 
data, promote competitiveness of American firms, and secure our 
information and technology infrastructure, the U.S. risks 
ceding its leadership role in the Information Age.
    As you heard over the past decade, China's pursued a 
national strategy to challenge U.S. global leadership in the 
Information Age. There are two things in particular that I'd 
like to hit on.
    First, one of the best-known Chinese national champions is 
Huawei, now the largest telecom producer in the world. The 
significant resources that Huawei derives from the backing of 
the Chinese Government puts American and European telecom firms 
at a clear disadvantage and this comes in particular when it 
comes to developing and deploying some of the technology 
necessary for the next generation of broadband networks. 
Clearly, allowing Huawei equipment into the U.S. 5G backbone 
would be a grave national security concern.
    The Chinese Government has also devoted significant 
military intelligence capabilities to stealing the data and 
intellectual property needed to fulfill the ambitious goals 
established by President Xi's Made in China 2025 Plan.
    The PLA was responsible for the hacks and theft of hundreds 
of millions of Americans' data from the Office of Personnel 
Management, Marriott, Anthem Health, and Equifax. Although the 
PLA undoubtedly used this information for intelligence 
purposes, it's also highly likely that this high-quality data 
has been used to help the government-sponsored development of 
Chinese AI capabilities.
    The Committee's well versed in this issue, but I'd be happy 
to discuss more about my experience based in the Pentagon 
negotiating with the Chinese on issues of intellectual property 
theft.
    So that leads us to what should we do. Clearly, many of 
China's actions are unfair in a modern global economy, but the 
United States and Congress in particular also need to 
internalize an important point. This is not about China. This 
is about America. This is not a partisan issue. We control our 
own destiny and we can outcompete any nation in the world if we 
unite and focus on a few key areas of policy and law.
    Here are some that I recommend. First, we need to promote 
the competitiveness of American firms and the most important 
place to start is by passing a national data security and 
privacy law.
    As you heard, information is and will be the Nation's most 
important strategic resource in the next century, yet American 
companies are left to deal with competing and often 
contradictory requirements. In particular this impacts early 
young innovative firms trying to figure out how to navigate the 
Information Age.
    We should ensure regulation supports the competitiveness of 
American firms and critical sectors and Broadband 5G in 
particular. The U.S. Government and the FTC in particular 
should be sure that regulations designed to protect consumers 
and competition don't inadvertently undermine the 
competitiveness of American firms and promote the success of 
national champions, like Huawei.
    The U.S. needs to win the race for talent. The U.S. has 
excelled by prizing and nurturing openness, creativity, and 
innovation. Simply put, we will not out-compete the Chinese 
unless we ensure that more highly skilled workers are able to 
obtain H1B visas.
    We need to continue to limit foreign ownership of key 
information sectors and provide CFIASs with additional human 
resources. Congress should be encouraging action of reforming 
CFIAS now and needs to ensure that CFIAS has the human 
resources to make this law implementable.
    Finally, I believe very strongly the U.S. needs to deter 
actions to steal our national resources by defending America's 
interests in cyberspace. This starts with publicly attributing 
attacks that raise the cost to adversaries. This has proven 
effective in the past. We should continue to do this regularly.
    Furthermore, we need to develop precise and legal offensive 
cyber operations that change the current dynamic of America 
simply sitting back and absorbing the blows of China's actions. 
Good defenses are important but defense alone will not mitigate 
the threat of these attacks.
    At this time, I would like to submit the rest of my 
statement for the record and look forward to your questions.
    Senator Sullivan. Without objection.
    [The prepared statement of Mr. Rosenbach follows:]

 Prepared Statement of Hon. Eric Rosenbach, Co-Director, Belfer Center 
 for Science and International Affairs, Harvard Kennedy School, Former 
DoD Chief of Staff; former Assistant Secretary of Defense for Homeland 
                      Defense and Global Security
    Chairman Sullivan, Ranking Member Markey, other distinguished 
members of the Subcommittee on security, thank you for calling this 
important hearing on ``China's Challenges to U.S. Commerce'' and for 
the invitation to testify today.
    This hearing is important: China is moving very quickly into the 
Information Age with a strategic approach that bolsters their national 
interests. The United States, on the other hand, seems to be standing 
by, beholden to large technology companies focused primarily on 
connecting more people to generate more data to further bolster their 
profits. In the absence of a national strategy to protect Americans' 
data, promote the competitiveness of American firms, and secure our 
information and technology infrastructure assets, the U.S. risks ceding 
its leadership role in the future economic, military, and political 
landscapes.
The Information Age
    This is the Information Age. And information is now the world's 
most consequential and contested geopolitical resource. The world's 
most profitable businesses have understood for years that data is the 
``new oil.'' Political operatives--and, unfortunately, foreign 
intelligence operatives as well--have shown over the past two 
presidential elections that data-driven social media is the key to 
influencing public opinion. Leading researchers in the area of 
artificial intelligence know that good data, not just algorithms, will 
allow companies, and nations, to gain a competitive edge.
    Data-driven innovation is not only disrupting economies and 
societies; it is reshaping relations between nations, and there is no 
better example than the US-China relationship. The pursuit of 
information power--involving states' ability to acquire, refine, 
protect, and use information to advance their interests--is changing 
strategic priorities. In the current US-China trade negotiations, for 
example, IP theft and state-support for tech companies is on the table 
next to soybean and automobile tariffs. American policymakers are 
questioning a long-standing tenet of the U.S. economic system: openness 
to foreign investment. In short, the pursuit of information power is 
altering strategic and economic relations between nations.
    In the 1990s, America's supremacy in information technologies and 
the Internet seemed unassailable. Unfortunately, as the importance of 
information as a geopolitical resource has waxed, U.S. dominance has 
waned. States with authoritarian forms of government--and China in 
particular--first recognized the strategic importance of information, 
and have adapted their national laws and policies accordingly. 
America's economic competitors believe they are locked in a zero-sum 
competition to create, collect, buy or steal data, and to develop the 
talent and technology to convert it into strategic advantage.
    Data held by both corporate and government entities has more 
strategic value than ever before because of its importance in 
developing artificial intelligence. A technical wunderkind is no longer 
as critical to writing a good AI learning algorithm; instead, what 
developers most require are troves of high-quality data to train and 
optimize algorithms over time. As a result, states have a strong 
interest in developing, accessing or stealing commercial, private and 
government data necessary to train and optimize AI algorithms.
    Indian Prime Minister Narendra Modi, for example, believes that 
``whoever acquires and controls'' data will attain ``hegemony.'' In his 
recent book AI Superpowers, venture capitalist Kai-Fu Lee predicts that 
China's widening lead in artificial intelligence will not only ensure 
the ``economic balance of power tilts in China's favor,'' but will tilt 
``political influence and `soft power,' towards China,'' and cement its 
``cultural and ideological footprint around the globe.'' Most developed 
economies now have national ``artificial intelligence''strategies. None 
are more mercantilist than China's ``Development Plan for a New 
Generation of Artificial Intelligence,'' which aims through a 
combination of government subsidies and incentives to push China into 
leading the world in AI by 2030.
The Competitive Threat from China
    Over the past decade, China has pursued a national strategy to 
challenge the United States' global leadership in the Information Age 
through a conscious strategy of state-backed investment, loose consumer 
data privacy protections, a centralized AI and technology deployment 
strategy, and intelligence operations to steal crucial data and 
intellectual property.
    The Chinese government has invested heavily in the research and 
development of technology that underpins supercomputing, artificial 
intelligence, broadband networks and big data. Those investments have 
resulted in genuine achievements. In 2016, for example, China unveiled 
the world's fastest supercomputer--and announced that it owned more of 
the top 500 supercomputers than any other nation in the world. Chinese 
firms and research institutions, nearly always supported with state 
funds, have made advances in artificial intelligence that some 
corporate leaders believe will make China the world leader in hardware-
based AI.
    President Xi has also advanced his nation's strategic plans by 
developing and supporting firms in key areas of economic power with 
state-sponsored loans, contracts and research and development. One of 
the best known of these Chinese ``national champions'' is Huawei, now 
the largest telecommunications equipment maker in the world. The 
significant resources Huawei derives from the backing of the Chinese 
government puts American and European telecommunications equipment 
providers at a clear disadvantage, particularly when it comes to 
developing and deploying some of the technology necessary for next 
generation broadband networks.
    The Chinese government has also devoted significant military 
intelligence capabilities to steal the data and intellectual property 
needed to fulfill the ambitious goals established for President Xi's 
``Made in China 2025 Plan.'' Over the past decade, Chinese intelligence 
officers from the People's Liberation Army (PLA) have conducted 
thousands of cyberattacks against both private sector and government 
targets. The Chinese, for example, were almost certainly responsible 
for the hacks and the theft of hundreds of millions of Americans' data 
from the Office of Personnel Management, Marriot, Anthem Health and 
Equifax. Although the PLA undoubtedly used this for intelligence 
purposes, it's highly likely that this high-quality data was also used 
to help the government-sponsored development of AI capabilities.
    Over the past decade, Chinese intelligence operatives have been 
equally aggressive in systematically stealing intellectual property and 
trade secrets from American organizations essential to national 
competitiveness. ``More than 90 percent of the department's cases 
alleging economic espionage over the past seven years involve China,'' 
deputy attorney general Rod Rosenstein said after an indictment 
unsealed in December 2018.
    The Obama Administration's response to these attacks was slow and 
initially weak, but by 2015 the Administration finally recognized the 
need to confront Chinese leadership with explicit attribution, 
sanctions and improved cyber defenses. These actions resulted in a 
short-term drop in Chinese cyberattacks against the US. Over the past 
18 months, however, Chinese cyber operations have resumed. In the most 
recent annual national threat assessment, for example, Director of 
National Intelligence Daniel Coats said that, ``China will continue to 
use cyber-espionage and bolster cyberattack capabilities to support 
[its] national security priorities.'' This past December, the FBI's top 
counterintelligence official asserted that, ``Our prosperity and place 
in the world are at risk.''
What Congress Must Do
    As the Information Age advances, the United States needs to 
recognize that data collection and technology deployment are critical 
both from the perspective of economic competitiveness and national 
security. Looking over the horizon, adversaries will greatly increase 
operations to steal sensitive and valuable information in order to 
advance their strategic and economic advantage over the United States. 
Given the richness of data held by the largest companies and research 
centers in the tech, financial and healthcare sectors, it is highly 
likely that adversary intelligence services will expand their 
traditional targets to include corporate datasets that could be used to 
train AI systems and to hone information operations.
    U.S. policy responses to these threats should be centered around a 
few guiding principles:

  1.  The Information Age demands a data-centric security and economic 
        strategy: America needs to develop a data-focused strategy for 
        competitiveness. From a security perspective, a network-centric 
        approach to national security is failing. Focus on the threat 
        of a low probability catastrophic attack on critical 
        infrastructure networks, for example, has distracted leaders 
        from the reality that we are not defending the Nation's most 
        precious resource: information. Likewise, the government has 
        done very little to prioritize the centers of gravity for an 
        economy powered for the Information Age.

  2.  The privacy of personal information is a national security and 
        economic priority. Policies aimed at bolstering U.S. national 
        security and promoting U.S. economic competitiveness must go 
        hand-in-hand with consumer protection. Authoritarian 
        governments may ignore consumer rights in pursuit of acquiring 
        information power, but democracies cannot. Bolstering the 
        global competitiveness of American companies should remain a 
        top priority, but not at the expense of allowing these 
        companies to collect, use, and sell information without user 
        consent or under-invest in cybersecurity measures.

  3.  America needs a whole-of-government strategy to improve national 
        competitiveness in the Information Age. Information geopolitics 
        cuts across all aspects of the economy, society and state 
        security apparatus. Authoritarian governments have adopted a 
        highly centralized, mercantilist approach to protecting, 
        acquiring and using information. Centralization will not be the 
        answer for democracies, but coordination must be. Unprecedented 
        cooperation is required, across economic, social, defense, 
        intelligence, state department and homeland security 
        portfolios. For example, the American government can no silo 
        regulatory decisions about information-related companies 
        separate from foreign policy decisions on cyberspace.

  4.  Even further, America needs a whole-of-nation strategy that 
        includes coordination with the private sector. The U.S. 
        intelligence community needs to share threat information about 
        foreign intelligence organizations with the social media 
        platforms that so directly influence Americans' economic and 
        political decision. Policymakers must be willing to work with 
        private actors to ensure regulatory red tape does not stand in 
        the way of innovation, and that public-private partnerships 
        continue to create incentives to accelerate technology 
        development. At the same time, American technology firms need 
        to understand, and be held accountable for, their role in 
        protecting national security interests.

    These principles should be combined with forward-leaning policy 
action. Specifically:

   Pass national data security and privacy legislation. 
        Information is and will be the Nation's most import strategic 
        resource for the next century. Yet, even in the face of 
        inadequate data protection practices and damaging data 
        breaches, the U.S. continues to muddle along with a complex web 
        of state-based and industry-specific requirements. American 
        consumers are worse off because their data is unprotected and, 
        in the event of a personally costly data breach, their rights 
        and access to legal recourse are unclear. American companies 
        are left to deal with competing and possibly contradictory 
        requirements, in particular impacting early innovators and 
        small businesses without the resources to navigate this complex 
        environment.

    U.S. policymakers urgently need to pass a national law that will 
        protect user data, reduce regulatory complexity, and spur 
        innovation by reconciling differences in state and Federal 
        requirements. While Europe's General Data Protection Regulation 
        (GDPR) is by no means a perfect model and in some respects is 
        inconsistent with other U.S. values, it has been effective at 
        driving corporate investment in data protection. Data 
        protection legislation passed in California in June 2018 will 
        need fine-tuning before taking effect in 2020, but it 
        establishes important principles that could serve as the 
        foundation for national legislation.

   Promote competitiveness of American firms: China undeniably 
        has an advantage in data collection, by virtue of its large 
        population and weak data privacy protection policies. While 
        data is an important input, it is not the only determinant of 
        competitiveness in the information age. China's authoritarian 
        system also gives it a deployment advantage, but the U.S. can 
        do a lot more to reduce regulatory red tape, attract top 
        talent, and create other incentives to spur innovation.

     Ensure regulation supports competitiveness of American 
            firms in critical sectors. A key driver of the information 
            age has been the exponential growth of high-speed wireless 
            broadband infrastructure around the world. American firms 
            are currently locked in a tight competition with Chinese 
            powerhouses to determine who will dominate this important 
            area. The U.S. government--and the FTC in particular--
            should make sure that regulations designed to protect 
            consumers and competition don't inadvertently undermine the 
            competitiveness of American firms relative to Chinese 
            national champions like Huawei.

     Reduce regulatory red tape to expedite deployment of 
            next-generation broadband infrastructure. Nationwide 5G 
            deployment is a massive effort requiring equipment 
            installation and associated permits and approval processes 
            across thousands of localities. Yet without this 
            foundation, the U.S. risks falling behind in the next 
            generation of wireless-enabled technologies. Policymakers 
            must drive toward regulation that standardizes and fast-
            tracks local approvals, while giving local authorities the 
            opportunity to provide implementation guidance.

     Continue public-private partnerships that support 
            advanced technology development. Within the framework of 
            robust national data privacy and security laws, the U.S. 
            government should promote more partnerships with civilian 
            companies and academic institutions to make progress on 
            high-priority AI initiatives. For example, the Defense 
            Innovation Unit--Experimental (DIUx), established by DoD 
            for this purpose, provides a model for incentivizing the 
            private sector to develop technologies with direct national 
            security applications.

     Win the race for talent. The U.S. has a history of 
            prizing and nurturing openness, creativity, and innovation. 
            Our university system is a springboard for raw talent; our 
            legal and government institutions allow new businesses to 
            thrive; and our sophisticated financial system enable the 
            best ideas to be successful. To maintain a competitive 
            edge, the U.S. needs a foundation of policies and practices 
            that continue to attract top talent, like the heads of AI 
            at Apple, Facebook, Microsoft, and Google's cloud computing 
            division, who were all born outside the US. The visa 
            program is a good place to start--at minimum, Congress 
            should ensure that more highly skilled workers are able to 
            obtain H-1B visas. Policymakers should further consider 
            special programs for students and experts in the AI and 
            broader set of STEM fields.

   Protect American information and infrastructure assets: Good 
        offense that promotes U.S. economic competitiveness must be 
        coupled with good defense that bolsters the U.S. system against 
        foreign attacks and takeovers.

     Incentivize use of strong encryption. Making America 
            the world leader in encryption technology could advance 
            both economic and national security interests. Protecting 
            the Nation's most important resource will require a 
            significant expansion in the use of encryption. The 
            nation's defense and security agencies have relied on 
            encryption to protect its most precious secrets for many 
            decades--DoD, in fact, is the largest user of encryption in 
            the world. The U.S. must both clarify the legal questions 
            around encryption and develop real incentives to promote 
            the use and growth of encryption products and platforms 
            that allow individuals and organizations to protect their 
            data.

     Limit foreign ownership and provide resources to 
            support firms in key information sectors. Over the past 
            decade China has systematically targeted investment in and 
            ownership of firms developing technology, such as AI, that 
            will drive strategic advantage in the Information Age. 
            Congress took encouraging action by reforming and passing 
            legislation that increased limitations and oversight of 
            foreign ownership and involvement in data-rich sectors. 
            This was important, but should be supplemented with new 
            sources of incentives to sustain American tech firms whose 
            technology does not have an immediate commercial 
            application.

   Deter Chinese actions to steal our national resources by 
        defending America's interests in cyberspace: Our response to 
        Chinese cyber-attacks that steal personal data and intellectual 
        property has been weak, resulting in the perception by China 
        that an attack on the American economy will not incur costs. 
        The U.S. needs a strong national response to demonstrate that 
        interference with American information and infrastructure 
        assets in any manner is unacceptable. We have to raise the cost 
        of attacks and decrease the benefits that our adversaries seek.

     Publicly attribute attacks to raise costs to 
            adversaries. The increased willingness of the Intelligence 
            Community, DHS, and FBI publically to attribute Chinese 
            cyber attacks through indictments is crucial and positive 
            first step.

     Develop precise and legal offensive cyber operations 
            that change the current dynamic of America simply sitting 
            back and absorbing the blows of adversarial actions. Good 
            defenses are important, but defense will not alone mitigate 
            the threat of foreign attacks. To complement defensive 
            measures, the U.S. government, led by the Department of 
            Defense, needs to bolster its capabilities to disrupt and 
            degrade Chinese cyber operations before they succeed.

     Improve intelligence sharing with the private sector. 
            The Intelligence Community should also strive to share as 
            much intelligence information as possible about Chinese 
            cyber operations. In the past, the government has too often 
            watched important intellectual property or data flow out of 
            the country without warning impacted organizations.

    Senator Sullivan. Well, thank you. Outstanding opening 
statements by each of our witnesses, and we have the Chairman 
of the Full Committee here and I'm just wondering if he wants 
to make an opening statement before we start making questions.

                STATEMENT OF HON. ROGER WICKER, 
                 U.S. SENATOR FROM MISSISSIPPI

    Senator Wicker. Thank you very much, Mr. Chairman, and I 
will not take anywhere near five minutes to make an opening 
statement, but I do want to say that this is the very type of 
hearing that I envisioned when we came up with the Subcommittee 
on Security.
    I want to commend Chairman Sullivan and my long-time friend 
and colleague from the House and Senate, Senator Markey, for 
their leadership in this regard.
    The economic relationship that the United States has had 
with China has been remarkable in the past few decades, but 
it's been a learning experience as American consumers have 
benefited from this and certainly as the Chinese people have 
benefited from it.
    It has become obvious that the leadership in China has no 
intention of playing by international rules, that they have no 
concept of respecting such international principles as 
intellectual property rights or data privacy and so while the 
relationship that we have and that we're going to necessarily 
have with China over time presents us with great opportunities, 
it does present us, as the title of this subcommittee hearing 
indicates, with immense challenges.
    So I think this is a very thing that we need to be looking 
at in a very good way early on in this Congress for this 
subcommittee to spend its time and I congratulate both of my 
friends for their leadership in this regard and wish you well.
    Senator Sullivan. Well, thank you, Mr. Chairman, and I'll 
begin the questioning here by, you know, one of the big things 
we're trying to do in the Congress is really hot to work with 
the Administration to craft a bipartisan strategy on how to 
deal with these issues which are very complex.
    One of the issues, and I highlighted it in my opening 
statement, is this issue of reciprocity. I think reciprocity is 
important because people certainly in our country understand it 
and I think in most countries they understand it. It just goes 
to basic fairness.
    I've asked a number of keen observers of China, including 
Dr. Henry Kissinger, in an Armed Services hearing a couple 
years ago about should this be a defining feature between the 
United States and China. He essentially answered yes in so many 
words.
    So I want to talk about this issue, particularly as it 
relates to the economic relationship. You know, I had my first 
trip to China as a U.S. Senator and I raised this question of 
reciprocity last spring on numerous fronts. Here's just an 
example. We all know that Chinese companies, usually backed by 
government subsidies or government investment funds, come to 
the United States and they buy, for example, you name it, movie 
studios, biotech companies, robotics companies, Internet 
companies, OK, and then the answer--and I'm not going to even 
ask you because we all know what the answer is.
    If a U.S. company wants to go to China and buy the same 
kind of companies, a movie studio, a biotech company, a high-
tech company, an Internet company, the answer is no. So there's 
no reciprocity, particularly on the investment side of the 
ledger.
    So my question and maybe I'll start with you, Mr. Kallmer, 
would you be supportive of a very simple bill, maybe called the 
U.S.-China Reciprocity Act of 2019, that essentially says if a 
U.S. firm can't go over in a sector of China and buy a company, 
then they can't do it here? What would be wrong with that?
    The American people would understand it and this is a 
really important point. We meet with many foreign leaders. I am 
very convinced that if we did something like this, the EU 
would, the Japanese would, the Koreans would, and all of a 
sudden you could have two-thirds of the global GDP of the world 
saying the same thing. If you don't play by the rules that we 
all play by, you can't invest. Pure reciprocity. It's fair. 
People understand it.
    Would you support something like that? What would be the 
pros and cons of that approach?
    Mr. Kallmer. Thanks for the question, Mr. Chairman. I think 
we would----
    Senator Sullivan. And then comment on our allies doing it, 
as well, which I think they would be willing to do with U.S. 
leadership leading the way on this.
    Mr. Kallmer. And I would actually--I wanted to comment on 
that in a little bit of a broader context.
    I think we would certainly want to see the text of such a 
bill, but I think in general terms we'd be very supportive of 
the concept.
    Senator Sullivan. This would be broader than the CFIAS 
reform we just did.
    Mr. Kallmer. Absolutely, absolutely. I mean, this is a 
systemic issue in doing business with the Chinese. The example 
I used in my opening remarks about the cloud services companies 
is a perfect example.
    We have the best cloud services companies in the world. 
When they go to China, they are prevented from owning Chinese 
companies. They're, you know, forced to enter joint ventures. 
They're prevented from using their intellectual property. 
They're prevented from representing themselves in----
    Senator Sullivan. But the Chinese don't have similar 
restrictions here.
    Mr. Kallmer. Not at all, not at all.
    Senator Sullivan. Not at all. So it's unfair. It's 
basically unfair.
    Mr. Kallmer. It is completely unfair.
    Senator Sullivan. Not a level playing field.
    Mr. Kallmer. It is not. It is not, and you can replicate 
that fact pattern across different sectors of the economy and 
so I think we would look forward to the opportunity to work on 
something like that with you.
    Your point about the support of allies is critical not 
just----
    Senator Sullivan. Critical.
    Mr. Kallmer.--in the context of something like this but in 
everything we do to try to influence China. The United State is 
still the biggest economy in the world, but we can't do it 
alone. This is fundamentally a global problem. Chinese 
practices harm German companies, Japanese companies. They 
impede innovation in those countries.
    Senator Sullivan. Let me just interrupt you here.
    Mr. Kallmer. Yes.
    Senator Sullivan. Sorry. I want to ask one follow-up.
    Ambassador Lighthizer's doing this a lot with the EU and 
Japan. They even have a group, the U.S.-Japan-EU group that's 
pretty much focused on these issues working together as it 
relates to the China challenge.
    Mr. Rosen, what do you think of that idea of pure, just a 
pure straight-up reciprocity bill that says if you can't do it 
here--if we can't do it there, you can't do it here? Pretty 
simple, pretty easy to go home and explain to our constituents 
about it, and very, very fair. Why would we not want to do 
something like that?
    Mr. Rosen. Thank you very much, Mr. Chairman. I think first 
thing that can be helpful to the deliberation is that Rhodium's 
put together a fairly perfect database on two-way flows and it 
is actually still the case that the value of U.S., FDI, and 
China is much greater than the value of Chinese direct 
investment in the United States, although at the margin in 
recent years, the trend has been that there's been more annual 
Chinese flow into our economy than is possible in the other 
direction.
    Second, some non-trivial amount of this Chinese investment 
coming into, say, Silicon Valley is actually Chinese companies 
that were started by U.S. private equity and venture capital 
companies. So there is some American chromosomes, if you will, 
in some of the money that's flowing in this direction.
    That is the kind of granular stuff that's important to 
unpack and have staff kind of work through as you design and 
put together what might be a very important and useful 
framework and regime on reciprocity.
    Moving to the question of fairness, though, for just a 
second, you know, it has since the 1790s, in fact, been the 
position of the U.S. that if other people want to bring their 
treasure here, that's a good thing for us, regardless of 
whether they accept our treasure flowing in their direction. 
That is to say, you know, Cuban capital flight out of that 
economy because of the realities there, we should accept 
regardless of whether they have the ability to absorb our 
capital outflows.
    Senator Sullivan. Not if they're stealing the investment 
and then using it to buildup their own industrial base.
    Mr. Rosen. Right. So we need to take the analysis to the 
next level. What is the nature of the lack of reciprocity, the 
nature of the asymmetry and investment opportunity, and is 
there in fact a specific risk in a given area of technology 
that confers a benefit, especially in an emerging foundational 
technology area?
    So there are many cases where I am acutely concerned about 
the lack of reciprocity. There are many other sectors, like 
real estate, where I don't really care very much and I say let 
the money leave China and come up on our shores.
    Senator Sullivan. OK. Senator Markey.
    Senator Markey. Thank you, Mr. Chairman.
    This is the proper committee because this is the Committee 
in the 1990s that created this whole digital revolution with 
the laws that were passed out of this Committee. So we are the 
right committee. We are the Committee of expertise to now be 
examining the consequences. So I thank you again for bringing 
this focus to it.
    Mr. Rosenbach, Tick Tock is a Chinese-owned app which 
allows users to share and view short video clips with music and 
it's no secret that kids and teens flock to this platform every 
day.
    Last month, the Federal Trade Commission levied a record 
fine against Tick Tock for violating the Children's Online 
Privacy Protection Act and its Chinese company that's doing it. 
It's illegal, whether it's Chinese or American, but it's an 
indication of how the Chinese can get inside of our system.
    What steps should the United States take to protect 
Americans from invasion of privacy that Chinese companies, like 
Tick Tock, are engaging in every single day?
    Mr. Rosenbach. Thank you, Senator. To start with, you know, 
theft of intellectual property is one thing that is horrible 
but doing something that would harm kids, you know, is kind of 
over the top, as the father of a pre-teen who would be involved 
in that, and so I think you need to uphold the rules and if 
this firm is not going to follow U.S. law and the privacy 
protections that are there in place to protect children, they 
should not be allowed to operate in the U.S. and we should find 
ways for them to be blocked so that kids can't access that and 
the app is not legal here.
    Senator Markey. Thank you, sir. I'd like to give you--yes, 
Ms. Sacks.
    Ms. Sacks. Under the expanded CFIAS system, access to U.S. 
citizens-sensitive personal data is now a consideration and I 
welcome that for specifically this issue.
    Senator Markey. Thank you.
    Ms. Sacks. However, I think that it needs to be narrowly 
tailored. Right now, it's very broad and so from the Chinese 
perspective, they see this as justification for their own 
efforts to localize data.
    So as we think about access to U.S. citizen data under 
CFIUS, let's see if we can set a model for the Chinese in more 
narrowly scoping what that means.
    Senator Markey. OK. But still we have to deal with it. It's 
going to happen and intensify as the years go by.
    I want to follow up on the Chairman's question, just go to 
the Huawei issue, and our need to deal with their desire to 
bring their technologies and to build them into the 
communications networks of our country and yet just going to 
the reciprocity question, clearly that would never be allowable 
in their country in terms of allowing our companies to do the 
same thing.
    So if you could, just expand upon that duality and what you 
would recommend that we establish as policies, following up on 
what the Chairman said, to ensure that we have some parity of 
treatment between the two countries, sir.
    Mr. Rosenbach. Yes, sir. I've been working in national 
security and telecom intelligence for almost 20 years, have 
followed the Huawei trajectory for the last 10. There's no way 
I would allow Huawei gear in the U.S. 5G backbone. It's a 
threat to national security and clearly they don't even play 
fair.
    More importantly, the Chinese used Snowden as an excuse to 
exclude a lot of American firms from the market to raise some 
of these data protection boundaries that are not based on real 
fact or technology and are very protectionist and if they're 
going to do that, then I think the reciprocity principle is 
something that is very important to recognize.
    We want our firms to be able to compete on a level playing 
field and U.S. tech firms will win if they can do that.
    Senator Markey. Anyone else want to comment upon that and 
the Chairman's, you know, insight in terms of the lack of 
reciprocity? The Chinese would never allow us to have an 
American company go inside their networks and build these kinds 
of technologies into information-gathering operations. Yes, Mr. 
Kallmer.
    Mr. Kallmer. Thanks, Ranking Member Markey. I would just 
add that I think there are multiple ways to view this kind of 
an issue.
    Reciprocity and whether and how to do it is an incredibly 
important one, but it sort of speaks more to the economic 
commercial trade issues. There could be wholly separate 
national security considerations, such as the ones that Mr. 
Rosenbach identified for which the U.S. Government also needs 
to have tools and that is a theme that we talk about a lot. 
We'll probably talk about it more today, which is that from a 
security perspective, it's important also for the U.S. 
Government to clearly identify the authorities that it has or 
that it needs or that it has but needs to build up, to address 
all of these risks.
    Senator Markey. Yes. And a lot of this hearing is really 
just to deal with the sinister side of cyberspace. We talk 
about all the benefits but there is a definite sinister side 
and you, Mr. Rosenbach, were talking about all of the attempts 
by the PLA, People's Liberation Army, to penetrate key American 
interests.
    So could you expand upon that and whether or not you think 
this is a pathology? What's the smartest way to deal with that 
underlying pathology so that we're paradoxing them correctly?
    Mr. Rosenbach. Yes, sir. So this is something that was 
directed from the senior most levels of the Chinese leadership 
to use national intelligence agencies to steal intellectual 
property and pass them to state-owned industries. That's 
something that not only doesn't happen in the U.S., is illegal. 
The idea that NSA would pass secrets to Intel or Google or 
Microsoft, you know, is absurd. That's not fair.
    Not only that, they're using that data, from my assessment, 
to build a new platform for AI. Data matters a lot and that's 
the reason you would steal these large troves of data that's 
clean and organized and help you further develop the algorithms 
of machine learning.
    So it's not only a cost in the way people expect an IP, 
down the road I believe it's even more important and will have 
a bigger impact----
    Senator Markey. And when Huawei says, oh, and we're not 
connected to the government at all, we're just a private 
sector, do you have a brief comment on that?
    Mr. Rosenbach. I don't believe it, and in some ways there 
will always be a nexus between telecom companies and the U.S. 
and the government but it's not the same. There's not the same 
type of relationship and if you look at the trajectory of some 
countries that made the mistake of putting Huawei gear in their 
backbone, like the U.K. and Australia, they're now in the very 
difficult situation of ripping it out.
    I don't think the U.S. wants that. We're already a little 
behind on 5G. Doing something like that would put us even 
further behind.
    Senator Markey. Thank you. Thank you, Mr. Chairman.
    Senator Sullivan. Senator Fischer.

                STATEMENT OF HON. DEB FISCHER, 
                   U.S. SENATOR FROM NEBRASKA

    Senator Fischer. Thank you, Mr. Chairman.
    Mr. Rosenbach, you've mentioned a couple times now about 
the hacking and the theft that we have seen of Americans' 
information. You talked about the collection of that data and 
it's going to feed the Chinese AI system.
    I would like to ask you specific examples that you can give 
us about the risk that this poses to consumers and to 
businesses from an economic espionage perspective, please.
    Mr. Rosenbach. Some of the examples of IP theft, which 
might be different than just the large data theft, would be the 
theft of aerospace secrets, both in the commercial and the 
private sector. There are some pretty well-documented cases of 
in the chemical sector.
    One that you can say is a known fact relates to Huawei 
itself which in a court case admitted and paid a fine for 
stealing the source code from Cisco that they then used to 
build the core routers that have made them successful down the 
road. That's the type of behavior that is directly harmful to 
U.S. firms.
    The other thing is there's a cost here to the economy for 
these large data thefts, which means every consumer that has to 
deal with getting new credit cards. It seems like a small thing 
but anyone who was involved in Equifax knows you spent time, 
it's a drag on the economy, and we need to protect our data 
better because of that.
    Senator Fischer. You've also highlighted the need to limit 
foreign ownership to protect American information and 
infrastructure assets that we have.
    I know you're aware of the efforts of the Chinese to 
penetrate the U.S. railcar industry. The CRRC has recently 
signed contracts to provide inexpensive Chinese Government-
subsidized railcars to meet the several Metro Centers across 
the U.S. and that's a concern. That's a worry that they could 
install some kind of technology there that's going to provide 
them with surveillance of our rail and our transit interests.
    Do you share those concerns, and do you believe Congress 
should implement some kind of additional oversight so that we 
do have safeguards to protect our critical infrastructure in 
those circumstances?
    Mr. Rosenbach. Yes, ma'am, I do. First, it just seems odd 
that a firm that's getting help from the Chinese Government 
would be able to do that and we wouldn't produce them in the 
U.S. if we could.
    Second, your point on critical infrastructure is really 
important. What if there is a special sauce baked into the 
software that controls the networks that run these 
transportation modes in any transportation sector, and at a 
time of their choosing, the Chinese use that to hold the U.S. 
hostage or, in the worse case, unlikely but very critical, to 
conduct a cyber attack? Those are two bad things for certain.
    Senator Fischer. Thank you.
    Ms. Sacks, in your testimony, you cited and you also warned 
against the U.S. interests viewing China's tech ambitions as a 
struggle between two compelling blocks.
    Given the Chinese Government's trend toward country-unique 
policies that hinder market access, how can the United States 
and its allies approach imbalances that are created by China's 
core interests in favoring those domestic companies and can we 
realistically try to shape China's approach in many respects?
    Ms. Sacks. Thank you. I think the key in addressing these 
issues is to understand the cost-benefit that comes with 
looking at this as a competition in which this is a zero sum 
game, right.
    So when we talk about AI and 5G and all sorts of 
technologies, they don't necessarily conform neatly to national 
borders. Code flows between borders when we talk about the 
research being done with diffuse networks of sciences across 
countries, the open source information that is sort of the 
backbone of AI cutting edge research right now.
    So right now under consideration is new export controls 
around emerging and foundational technologies and I welcome 
industry and others to weigh in on how do we more narrowly 
tailor the scope of this to take into consideration ways that 
we can erect barriers without undermining our own 
competitiveness and innovation in the process.
    In some ways, distinguish----
    Senator Fischer. Do you think that's realistic? Can we----
    Ms. Sacks. When it comes to AI,----
    Senator Fischer.--have those barriers and not have that 
bilateral competitiveness?
    Ms. Sacks. I think with AI, it's going to be very 
difficult. In some ways, it may be impossible to distinguish 
between the military and civilian use for some of these 
applications, and I agree with the assessment of ITI and my 
colleague, Mr. Kallmer, in that when we think about where these 
technologies are being used, what is essential from a military 
advantage? It's not just about being used or could be used by 
the military and there needs to be a process to understand 
that.
    Senator Fischer. Thank you very much. Thank you, Mr. 
Chairman.
    Senator Sullivan. Senator Blackburn.

              STATEMENT OF HON. MARSHA BLACKBURN, 
                  U.S. SENATOR FROM TENNESSEE

    Senator Blackburn. Thank you, Mr. Chairman. I am so pleased 
that Chairman Wicker established this subcommittee. I think 
it's so needed as we work on these issues and Mr. Markey and 
I've worked on these issues for a long time, as Senator Blunt 
was also with us over at Energy and Commerce in the House.
    I think as we talk about AI, as we talk about 5G, not only 
are we concerned with China and how you never know where their 
commercial sector and their industrial complex end and begin. 
They really are pretty much one and the same.
    And in addition to the things that you all have discussed 
this morning, I think we also have to look at, and, Ms. Sacks, 
this goes to your point to Ms. Fischer, looking at who is going 
to set the standards when it comes to AI, when it comes to 5G, 
and knowing that we're going to have to deal with the China 
scale and weight and intensity on this issue and Huawei 
specifically as we look at a lot of this and how they embed the 
malware and the spyware into their technology.
    We don't want our allies to use it. We do not want American 
companies to be using this technology because of their tendency 
to do that. So in that context of looking at communications and 
the information equipment, to what extent can Chinese firms put 
a downward pressure on us and on our allies as we talk about 
what we're doing in that Armed Services sphere?
    I served on Armed Services Committee and, Mr. Kallmer, I 
see you shaking your head, nodding your head. I'd like for you 
to answer and, Mr. Rosenbach, I'd like to come to you.
    Mr. Kallmer. Sure. Thanks, Senator Blackburn, and the 
reason I'm nodding my head is because it's a terrific question 
that I think illustrates the importance of being really 
deliberate and analytical about identifying risk.
    One of the points that we made throughout the FIRRMA 
process last year is that, in addition to nothing being more 
important than U.S. national security, it's critical that we 
observe with humility working with our government partners who 
have best access to information and breakdown the various 
risks.
    Is the risk one of a foreign company with bad intentions 
buying something in the United States? Is there a risk of 
technology outflow from the United States to some other 
country? Is the risk the one you identified, which is another 
country, such as China, having a disproportionate role in 
writing the rules and setting the standards?
    And in that regard, it is critical that we get our arms 
around this whole risk set and have tools to address each of 
them.
    Senator Blackburn. Well, and I would add to that, as we 
look at the risk set, I think the intentionality----
    Mr. Kallmer. Right.
    Senator Blackburn.--needs to be a consideration.
    Mr. Kallmer. Exactly. And so the example of standards is a 
perfect one. It goes maybe not so much anymore, but 
traditionally a little bit below the radar because it's quite 
technical, but in a way, there's nothing more pernicious than 
China's approach to seeking to dominate the writing of 
standards, pushing that approach in----
    Senator Blackburn. Well, they set the rules of the road if 
they set the standards.
    Mr. Rosenbach.
    Mr. Rosenbach. I think it is important to talk about risk 
and the one thing to keep in mind is you need to think about 
risk on a decade-long at least perspective and so sometimes 
firms, American, European, otherwise, will make risk decisions 
based on a year or two or three out and that?s when they're 
more likely to invest in Huawei gear because they have a better 
deal because it's subsidized by Chinese Government and they 
don't think, first of all, at the national level what that can 
mean for a national security perspective or that 10 years down 
the line, they're going to be locked into something that they 
can't get out of and that's where it's more of the government's 
role to think about risk at the strategic perspective for the 
country and over the run of the Information Age.
    Senator Blackburn. OK. My time is expiring. Ms. Sacks, I 
have a question for you. I'll submit it for the record, but I 
liked your analogy that you used of a small yard/high fence. 
I've got a question on that for you.
    Mr. Rosenbach, I'm going to come back to you with something 
as Commerce being a market-facing agency, a couple of questions 
there as that relates to the integration for some of our 
stakeholders as we look at our military side and our commercial 
side.
    Yield back.
    Senator Sullivan. Senator Klobuchar.

               STATEMENT OF HON. AMY KLOBUCHAR, 
                  U.S. SENATOR FROM MINNESOTA

    Senator Klobuchar. Thank you very much. I don't have much 
of a voice. So that means I won't filibuster. Very good for 
you.
    Mr. Kallmer, I recently led 18 Senators in a letter urging 
the National Security Advisor to reconsider the decision to 
eliminate the role of Cybersecurity Coordinator at the NSC and 
I'm concerned that, given the Chinese Government's commitment 
to cyber programs and investment in cyber capabilities, we 
aren't keeping pace. Could you respond to that?
    Mr. Kallmer. Yes, thank you, Senator Klobuchar, and I hope 
you recover your voice soon.
    Senator Klobuchar. So do I.
    Mr. Kallmer. That is a theme that has been very important 
to us. Our companies across the board care deeply about 
cybersecurity and historically have found that there's nothing 
more important than the U.S. Government not only having a lot 
of smart people thinking about it, but in having a truly 
coordinated approach and so whether it is having a senior role 
at the White House, whether it is having a senior person at the 
State Department, and the extent to which they are all 
coordinating a whole of government approach, it's critical.
    In fact, the RSA conference is occurring right now in San 
Francisco, which I think is the world's largest cybersecurity 
conference. Finding ways for industry to support the U.S. 
Government in having that top-notch whole of government 
approach is a top priority.
    Senator Klobuchar. Right. Senator Thune and I actually have 
a bill that I'm leading to try to get more expertise into the 
government from the private sector with tours of duty. Have you 
thought through that?
    Mr. Kallmer. We have. In fact, part of our organization 
focuses not just on public procurement of ICT products but also 
IT modernization within the government and this is a theme that 
we have been pushing for some time, which is to find some way 
to second or create opportunities for really talented cutting-
edge people in the private sector to do tours of duty in the 
government.
    Senator Klobuchar. Good. Then there's kind of that non-
traditional espionage with 500 million guests for Marriott and 
some of the other hacks that we've seen.
    Maybe someone else wants to answer this. What kind of 
outreach, Mr. Rosenbach, do you think should be going on with 
the private sector?
    Mr. Rosenbach. The idea of bringing outside private sector 
expertise into the government is really important. During the 
time I was in the Pentagon as chief of staff, we started 
something called the Defense Digital Service in which we found 
ways to bring hard-core techies in for a tour of 3 years, small 
team, did some really phenomenal things that really improved 
the overall level of cybersecurity at DoD.
    Anything that you could do to make that more widespread 
across government I think would be very helpful.
    Senator Klobuchar. OK. Another area, election 
infrastructure. A report by the Hoover Institute and the Asia 
Society concluded that China did not directly interfere in our 
2018 elections, although we know Russia was working on it 
pretty hard in terms of hacking in and then, of course, Russia 
did a lot of other things that were very bad.
    Can any of you explain the cyber capabilities of China to 
interfere in our elections?
    Mr. Rosenbach. Yes, ma'am. I 'm running a project at the 
Kennedy School called Defending Digital Democracy that's 
working with state and local election officials to help them 
protect their infrastructure. We had an after-action review 
from the 2018 elections, had 25 states come and talk about what 
they saw.
    We shouldn't be relieved that we didn't see anything in 
2018 and very clearly if the Chinese wanted to influence the 
U.S. in a strategic way, they have the capability to do it, 
either through directly attacking the election and undermining 
trust or through disinformation campaigns that would be done 
via social media.
    So it's something we need to keep working on and, quite 
frankly, the Government needs to play a stronger role. DHS has 
gotten much better, but it's not fair to let the states take 
blows from nation state intelligence services when it's about 
our elections.
    Senator Klobuchar. Very good. Last, you stressed the 
importance of privacy legislation and, of course, it's 
something we're working on here. Senator Kennedy and I have a 
bill.
    Could you talk about how security and economic threats 
Americans face could get worse if we do nothing when it comes 
to privacy?
    Mr. Rosenbach. Yes, ma'am. Just real quickly, when 
information is the most precious commodity in the Information 
Age, it seems crazy that the U.S. would not have a national 
bill to regulate this.
    Now if we don't do it, California will be the standard or 
GDPR from Europe will be the standard. So it seems almost----
    Senator Klobuchar. That was meant to scare you, Senator 
Sullivan.
    Ms. Sacks. Or China. China actually is further ahead in 
their legislative process in having a national privacy law. So 
that may be a bit under the radar.
    Senator Klobuchar. OK. That's good to know.
    Senator Markey. We don't want China to get ahead of us.
    Senator Klobuchar. That was a bit of a sarcastic joke by 
the Ranking Member.
    Anyone else want to comment on this?
    [No response.]
    Senator Klobuchar. All right. Thank you very much.
    Senator Sullivan. Senator Blunt.

                 STATEMENT OF HON. ROY BLUNT, 
                   U.S. SENATOR FROM MISSOURI

    Senator Blunt. I thought you were getting to me. I was just 
guessing it was going to my turn.
    But I want to join my colleagues who got here earlier, 
asked questions earlier, with their praise of both of you and 
the Chairman in creating this committee. I think it's a really 
important issue that we've been trying to deal with in a number 
of diverse ways but never quite this focused before.
    So I chair the appropriating committee on NIH, Labor, and 
Health and Human Services, Education, but particularly at NIH, 
in the last year, and I know you've been paying attention to 
this, the idea of researchers that are either being wooed by 
the Thousand Talents Program or are students who are here, 
particularly from China, and, you know, we've had a problem for 
a long time of feeling like that the things that we had 
developed were almost being forced to be given away but now we 
see maybe dual research, maybe there's enough information going 
back and forth to another country that they've set up their own 
research lab based on our money and our efforts to move 
research in that direction.
    So I guess for whoever wants to take it and maybe more than 
one of you, what do you think the impact of programs like this 
are going to be on U.S. research, things like the Thousand 
Talents Program, and also how do we address that without unduly 
damaging scientists who are actually there to do scientific 
research and to do it under all the guidelines that we would 
hope they would have?
    Ms. Sacks, your hand is up, so we'll let you start.
    Ms. Sacks. Thank you, Senator. This is the right question 
to ask because universities are in many ways the bedrock of 
U.S. power in the world, attracting the best and the brightest. 
So we have to get this right.
    I think there are three distinct issues that often get 
blurred and I'd like to untangle them. The first one is the 
Chinese Community Party has a concerted effort to control and 
monitor its students here. There's a great example from a case 
of the University of Maryland from a few years ago.
    This is distinct from the issue of access to U.S. 
technology and research and here I think the tools of the 
national security community and law enforcement are designed to 
handle that. They are designed to handle when there are real 
threats and they should continue to be used in that way.
    I am deeply concerned that Chinese researchers, scientists, 
and students are being discriminated against on U.S. campuses. 
This is highly problematic not just from a moral perspective. 
It gets at the heart of the openness and the values that define 
our country.
    We need to compete for the best talent in the world and if 
those students don't feel welcome on our campuses, they will go 
elsewhere. So we have to get this balance right.
    Mr. Rosen. Senator, we were just part of a production of a 
study on the relationship between Chinese and American 
biotechnology industries over the past 20 years that we did for 
the China Security Commission here on the Hill which you'll be 
familiar with.
    That study does, I think, an excellent job of bringing all 
available evidence to bear on what the interaction between our 
two economies has been in that industry. Bottom line is that 
China's biotech industry today wouldn't exist if it weren't for 
China's ability to participate in, benefit from the open 
dynamic of American biotech industry, nor today is our 
sustainable without the inclusion of tens and tens of thousands 
of Chinese graduate level researchers which are a big part of 
the human resources that make us dynamic in that industry, as 
well.
    So this is a tricky one because if we really try to sort of 
disentangle from things that are benefiting China's capability 
in this space, we're going to pull a lot of the timber out 
holding up the roof of our sector here, as well, and so this 
one really needs care.
    There's some good research available in that space to try 
to make sense of it. I will say that transparency and 
understanding who are the investors looking to make 
acquisitions in the United States is an absolute key to getting 
this right.
    Senator Blunt. Mr. Kallmer, did you have something on this?
    Mr. Kallmer. Yes, Senator Blunt, I think I would say at a 
high level that I associate myself with Ms. Sacks and Mr. 
Rosen.
    Senator Blunt. Let's go to Mr. Rosenbach then.
    Mr. Rosenbach. So I have to say this doesn't represent 
Harvard University, just Eric Rosenbach.
    I think one thing that's counterintuitive and you hear a 
lot in Silicon Valley and in Cambridge, which are tech hubs, is 
that if you could, quote, staple a green card to the diploma of 
every computer science graduate who's a Chinese or not, they 
would stay here and they wouldn't go back to China and they 
would fuel the American economy and that will seem 
counterintuitive but a strong openness that immigration from 
the smartest people in the world will be good for the U.S.
    Senator Blunt. OK.
    Senator Sullivan. Thank you, Senator Blunt.
    We're going to go a second round of questions here and 
we've had a good attendance, so I'm sure there will likely be 
some other Senators returning.
    I want to go back to this idea of reciprocity and a couple 
issues. You know, one challenge that I see with the idea that 
we've been discussing, this kind of pure reciprocity, is you 
could potentially hurt kind of the innovators in America.
    Let me just give you an example. Let's say there's somebody 
in Silicon Valley. He or she, she, I have three daughters, so I 
always like to say she, she builds an AI company, builds it 
over 20 years. It's really good, going to sell it, puts it on 
the market, and the biggest bidder by far is a Chinese-backed/
government-backed investment fund. OK. So there you have this 
issue. We could never buy an AI company from China, but at the 
same time, you don't want this young American woman who is an 
entrepreneur, who's going to get a big payday, to be told by 
the government, well, you can't take the highest bid, even 
though the highest bid is from a Chinese Communist-backed 
investment fund. So it creates a dilemma.
    But let me also mention, and, Mr. Rosen, you touched on it, 
I've been looking into this reciprocity issue for a long time, 
but there's kind of what I call negative reciprocity, so the 
idea of a bill that we're talking about here.
    If we can't do it there, you can't do it here, negative, 
but there's also what I would consider positive reciprocity, 
and one of the things the U.S. has done over the decades is 
we've gone over and done green field investments, right, you 
know, Google, Microsoft, GM, Ford. We build factories from the 
ground up. Green field, and by the way, when there was tensions 
between the United States and Japan in the 1970s and 1980s, one 
of the things the Japanese did, which was to help reduce those 
tensions, they came over here and built green field 
investments. I mean auto factories in the South and Ohio. I 
mean, Japanese auto manufacturers employ as many or more 
Americans in that sector than a lot of the Big 3 does.
    The Chinese always seem very reluctant to do that. I've 
spent a lot of time in China in my career and I've always gone 
to them and said why don't you come to--don't come and buy our 
companies, right, don't come and try and buy the AI company, 
but come over and build something from the ground with your 
capital and your expertise and employ Americans. They're very 
reluctant to do that.
    You talked about this, Mr. Rosen. Are you seeing a change 
in that? I think it would help reduce tensions. It would be 
similar to what happened in the 1970s and 1980s with Japan. Are 
you seeing that? Again, just give me a little bit more of your 
sense quickly on reciprocity, just pure reciprocity on 
investment.
    Mr. Rosen. Thank you very much, Senator. Indeed, beyond the 
numbers I referenced before, just the absolute volumes of 
direct investment, traditionally defined, the breakdown between 
M&A versus green field is radically different.
    Senator Sullivan. So they don't do a lot of green field in 
America?
    Mr. Rosen. Well, they don't, but----
    Senator Sullivan. Why don't they?
    Mr. Rosen.--it's partly because, you know,----
    Senator Sullivan. Why don't they?
    Mr. Rosen.--companies from less-developed markets and 
economies, their first turn around the block in a highly 
regulated advanced economy like the U.S., not so easy to build 
it from scratch, much easier to buy it, especially if you have 
pretty attractive capital terms available to you. So we can 
kind of understand that.
    Senator Sullivan. Do you think they're changing, though, 
because it would be in their strategic interests and I think 
ours and could help lower tensions?
    Mr. Rosen. It is changing, not just in the United States, 
but we're looking at this for comparison very closely in the 
European Union. There's a tendency for China to start trying to 
move to green field investments, but I would suggest we need to 
be a little bit careful here.
    Indeed, there are 800,000 Americans working for Japanese-
invested firms here, most of them green field, pretty big deal 
for employment.
    Senator Sullivan. And working out well for both countries.
    Mr. Rosen. Yes, has been.
    Senator Sullivan. Pretty much.
    Mr. Rosen. Has been a stabilizing and sort of moderating 
factor in our relationship over many decades.
    However, there are also green field R&D investments taking 
place. For example, up around Route 128 in Silicon Valley, 
which overnight are putting out the word anybody who wants to 
double their salary who's an engineer doing autonomous driving 
come talk to us and they're absorbing a huge amount of the 
available best talent in some ecosystem catchment areas for 
talent and those are green fields, green field R&D operations. 
So those can be concerning, as well.
    So just the green field kind of stream doesn't fully solve 
the problem but it's something that we need to think about.
    Senator Sullivan. Let me ask one other quick question 
before I turn it over to some of my colleagues again.
    You know, on the other hand, investments sometimes gives 
countries leverage and we're starting to hear about--you know, 
we talk about universities where these Confucius institutions, 
Senator Portman and his Investigation Subcommittee did some 
good work on this recently, put out a report, and I don't know. 
These are just anecdotal, but you're also starting to hear 
anecdotes about even the Hollywood movie studios where there's 
significant Chinese investment, which there is, and when's the 
last time we saw a movie from a United States movie studio with 
Chinese investment that was anything remotely critical about 
China?
    Are we starting to see investment in U.S. firms leading to 
censorship on China-related issues, and, if so, shame on the 
Hollywood movie studio execs if that's the case, but isn't that 
something else we should be concerned about? Any comments on 
that or am I just reading an article that might not be factual?
    Mr. Rosen. If I may, Senator, I've been teaching a class at 
Columbia for 18 years and in my classroom, my Chinese students, 
graduate school, are much less willing to engage in an open 
discussion than they used to be.
    Senator Sullivan. Why?
    Mr. Rosen. They're concerned about who else is in the room, 
who their fellow students are, and whether there might be some, 
you know, consequence to them from speaking frankly.
    So this is a very broad concern. It shows up in cultural 
areas, such as movies, although I have to say that is being 
sold back off by the Chinese side. They ran into financing 
troubles. So we'll probably get it back, like we did from the 
Japanese with Rockefeller Center.
    But in any case, it is a broad concern not just to the 
United States but to virtually everyone in the advanced 
democratic world.
    Senator Sullivan. Ms. Simms.
    Ms. Sacks. Chairman, you asked about----
    Senator Sullivan. Sacks, I'm sorry.
    Ms. Sacks. Chairman, you asked about how this impacts firms 
and there's an example from the past year involving U.S. 
airlines and their not being able to refer to Taiwan as Taiwan 
but as associated with China. So censorship about the way that 
Taiwan is talked about and the political system there expanding 
to airlines and the terminology they use. So I think there's 
something to be looked into in that.
    Senator Sullivan. Yes, Mr. Kallmer.
    Mr. Kallmer. And I would just add, this is, you know, why 
it's important to have the tools. I don't know a lot personally 
about the movie example, but as Ms. Sacks pointed out earlier, 
under the revised CFIUS framework, use of data could be a 
relevant national security criterion and so it seems important 
to be able to say we've got a new thing that doesn't feel right 
and it almost kind of rings, if it is true, in national 
security terms, important to look at what the risk is, whether 
it can be mitigated, which is a critical question, and to be 
able to address it.
    Senator Sullivan. Great. Thank you.
    Senator Rosen.

                STATEMENT OF HON. JACKY ROSEN, 
                    U.S. SENATOR FROM NEVADA

    Senator Rosen. Thank you so much for holding this hearing 
and I appreciate that two of the panelists also have Rosen in 
their names. So it makes me feel very welcome here today. I 
appreciate that. Just had to mention that. Thank you so much.
    [Laughter.]
    Senator Rosen. But, you know, this is a really important 
topic as we talk about China's threats today, and I want to 
talk really about some of the cyber military threats that we 
have.
    You know, I'm really concerned about the emerging 
cybersecurity threats from China, including our intellectual 
property, technology transfer specifically, and cybersecurity. 
I just came from another hearing. This is what is on 
everybody's mind, privacy and security. It's what we all worry 
about as individuals, regardless of what our businesses are, 
and, of course, in Nevada, we have a lot of defense in Nevada.
    Nellis Air Force Base, Fallon Naval Air Station, Nevada 
National Test and Training Range, Creech Air Force Base, lots 
of things going on there, and military's very important.
    So what I want to ask a little bit and maybe, Mr. Rosenbach 
or anyone can take this question, what's your assessment of 
China's use of hybrid warfare methods, mixing conventional 
attacks with cyber attacks, and how does China use this 
strategy to influence our other Asian partners and even our 
allies? Anyone who would like to.
    Mr. Rosenbach. Thank you, Senator, very much, and, you 
know, you might want to check out some time the Cyber Flag 
Exercise at Nellis Air Force Base. You can go watch them fight 
cyber wars.
    Senator Rosen. Yes.
    Mr. Rosenbach. It's very interesting. On your question, 
which is really smart, the Chinese, just like the Russians, 
have started to use cyber as part of hybrid warfare, primarily 
in Southeast Asia and there near abroad.
    So when they're trying to advance their interests in the 
South China Sea, they'll use cyber information ops, diplomacy, 
and other means of coercion to have the Vietnamese back down, 
the Philippines, even trying on the Australians.
    I have a colleague who wrote a great report on this. If you 
want, I'd be happy to----
    Senator Rosen. I'd love to have that. Thank you.
    Mr. Rosenbach. Yes, ma'am.
    Senator Rosen. Yes, and anyone else want to respond to 
this?
    [No response.]
    Senator Rosen. And so what do you think in your estimation, 
knowing that they're doing this, how can we, I guess, give the 
counterpunch or maybe not the counter--not be reactive. How are 
we being--how do you think we can best be proactive in this 
cyber warfare?
    Mr. Rosenbach. Yes, ma'am. In my experience, which is based 
primarily on all of the interactions I had with the Chinese and 
the PLA when we were negotiating these things, the Department 
of State and Defense, it was very clear that unless you give 
forceful action to the Chinese and you demonstrate that, that 
they'll continue to take as much space as they can to advance 
their interests.
    That means you need to attribute things publicly when they 
do nefarious activities. You need to push back. In the Obama 
Administration, quite frankly, we were very often too passive 
up until the end and that sent the message to the Chinese that 
they could do aggressive things, both in cyber----
    Senator Rosen. So we need to take more aggressive approach?
    Mr. Rosenbach. Yes, ma'am, we do.
    Senator Rosen. I want to keep on this a little bit and move 
it out to commercial investments. Of course, they have ports 
across South Asia, Africa, the Middle East. What do you think 
the advantage that these ports provide China in a conflict with 
us and to what extent do you think the projects that China 
provides they have leverage over these countries?
    Mr. Rosenbach. I guess that's for me again. In a time of 
conflict and the Chinese buying key ports in Africa, even in 
the case of Australia, that's very significant for the U.S. 
military because the logistics chain is so important to the way 
in which you would fight a war and, you know, we hope that 
would never ever happen with China, but if it did, that would 
be a very logistics transportation heavy-type conflict and if 
the Chinese controlled ports where we need to have access and 
move things, that would be a big problem for the Department of 
Defense.
    Senator Rosen. They can control them not physically but 
cyber, cyberly, if cyberly is a word.
    Mr. Rosenbach. Cyber or could be through investment. 
They're doing both, I think.
    Senator Rosen. As well. Thank you. I yield back.
    Senator Sullivan. Senator Markey.
    Senator Markey. Thank you. This committee is going to be 
the Committee in drafting a new privacy policy for the country 
and there are intensive bipartisan discussions that are taking 
place right now amongst the members.
    My question to you is, should we do cybersecurity 
simultaneously with privacy? Are they inextricably linked? If 
we're going to have a comprehensive policy, should we do both 
at the same time so that there is a new predictable environment 
not just here but internationally as people are looking at our 
country? Ms. Sacks.
    Ms. Sacks. I mentioned earlier that China is further ahead 
than we are on this effort and we laughed about it, but the 
reality is they actually have a personal information protection 
law in advance stages in the legislative process and under 
their framework, under the cybersecurity law, cybersecurity and 
privacy are actually in the same bill and in many ways that's 
contradictory.
    On the one hand, there are actually provisions for consent 
in the cybersecurity law, but they also have provisions that 
would allow the state security services to go in and collect 
more personal information and it creates a contradiction.
    But I do urge this committee to think about, to understand 
that if that is not accelerated here in the U.S., China is 
moving forward in advancing their own model of what data 
protection means. So at the moment, we have the European model 
and we have the China model, and the U.S. is in a reactive 
position. So I commend you on this work.
    Senator Markey. Thank you. Mr. Rosenbach.
    Mr. Rosenbach. Yes, sir. Senator Markey, I know the 
Committee has had several hearings on this and I think it's 
outstanding because it's probably the most important piece of 
legislation you could pass when it comes to cybersecurity and, 
dare I say, competitiveness in the Information Age.
    If it's about information and right now the U.S. has a 
patchwork of laws, mostly driven by the states for this, that 
introduces a lot of litigation risk to firms trying to figure 
out what they should do, and it inhibits innovation.
    So both from a national security perspective and, my 
opinion, an economic perspective, having a national law that's 
both about data protection and privacy and cybersecurity would 
be good for both of those areas.
    Senator Markey. Yes, and I agree with you. I mean, I just 
think that they go hand in glove and ultimately it's the 
discussion that we put off. We should have had it in the 1990s 
as we were unleashing the revolution. We did not, but now we 
can see what the consequences are in terms of the vulnerability 
of the system and the vulnerability of private citizens' data, 
corporate data in our country.
    Any others who wish to comment on that? Yes, Mr. Kallmer.
    Mr. Kallmer. Thank you, Senator Markey. I would just add 
that this is an issue that's critically important to our 
members, as well, and we've been putting together actually a 
framework for how we would suggest the Congress think about 
consumer privacy legislation for the last several months with 
the objectives of not only having higher substantive standards 
for personal data protection, but also making sure that we have 
something that is globally interoperable and again, as with all 
these issues, contributes to American leadership.
    On the question of how and whether to marry it up with 
cybersecurity topics, I think that's an intriguing idea and one 
we'd be interested to talk more about. There is a lot--
recognizing Senator Klobuchar's good question about 
cybersecurity leadership, there is a lot of activity that the 
U.S. Government and industry work in partnership on when it 
comes to cybersecurity.
    So I think mechanically we just want to make sure we're 
doing the right things in the right way, but no doubt the 
concepts are linked and we need to think about them together.
    Senator Markey. Yes, and, you know, up in Greater Boston, 
we are now the cybersecurity capital. We're like a mini-Israel 
in terms of cybersecurity companies that are being developed, 
but it's all in reaction to the vulnerability of the system and 
I think it's critical for us and a lot of members are talking 
about that, as well, on this committee, that we develop those 
cybersecurity standards.
    What are the expectations that we have, you know, for our 
corporate side but also from our governmental side in terms of 
the safeguards that they are going to build in because this is 
a daily attempt to break through the more limited safeguards 
which were put on the books thus far and it's only going to 
intensify as the years go by.
    Mr. Rosenbach.
    Mr. Rosenbach. Yes, sir. I was just going to say you 
brought up the example of Israel and the model there is you use 
cybersecurity encryption, data protection as a center of 
gravity to build new areas of the economy that could drive the 
U.S. forward. So both would be great for the country from a 
national security perspective but great from an economic 
perspective in the Information Age.
    Senator Markey. Thank you. Any others?
    [No response.]
    Senator Markey. Thank you, Mr. Chairman.
    Senator Sullivan. A couple other follow-up questions. I 
want to change the subject slightly.
    Mr. Rosenbach, you had mentioned this issue, which I think 
is a really important one, where the Chinese Government, kind 
of coordinated with companies, is engaging in activities that 
not only our government doesn't do, that people do it in 
government or in the private sector, they would violate laws.
    So the biggest one there is the Foreign Corrupt Practices 
Act, right. We don't go and bribe foreign government officials 
to get deals and if American companies go bribe foreign 
officials to get deals, they can go to jail. That's just the 
way Congress thought that should be addressed.
    I'm going to submit for the record here a Wall Street 
Journal investigation. It's called ``Wall Street Journal 
Investigation: China Offered to Bail Out Troubled Malaysian 
Fund in Return for Deals.'' Without objection for the record.
    [The Wall Street Journal investigation follows:]

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    

    Senator Sullivan. This is a really extensive Wall Street 
Journal report that shows the extent to which at the most 
senior levels in the Chinese Government official corruption was 
pushed as part of the policy to get Chinese predatory 
infrastructure financing through the bribery of foreign 
officials around the world.
    Now, of course, this puts American companies at a 
comparative disadvantage if they're trying to do infrastructure 
developments in other parts of the world and Chinese senior 
government officials are bribing officials in those countries.
    Can any of you speak to this issue of corruption, official 
Chinese corruption with regard to global deals and how you 
think we should be trying to address that, as well? You want to 
start, Mr. Rosenbach?
    Mr. Rosenbach. Honestly, Senator, I don't have any factual 
data on that. I only know what we would hear often or see in 
intelligence about Chinese officials offering things on the 
side for deals, in particular connected to telecom deals in 
Africa.
    Senator Sullivan. But do you think that that's something 
again us as a country and our allies should be working on 
together so we essentially say to the Chinese this is 
unacceptable,----
    Mr. Rosenbach. Yes, of course.
    Senator Sullivan.--not acceptable?
    Mr. Rosenbach. Right. It's unfair for an American firm to 
have to do all the due diligence that goes into upholding the 
Foreign Corrupt Practices Act, which is expensive just from a 
legal perspective, and to know that people aren't playing by 
those same rules and could be sliding money across the table to 
win a deal when they don't even have the best technology or the 
best services.
    Senator Sullivan. Mr. Rosen, you had a comment?
    Mr. Rosen. Senator, if I can broaden the concern you're 
expressing a little bit to not just to corrupt factor in the 
equation, if you will, but all sorts of politicization of the 
investment process, right. That ultimately creates a risk of 
financial instability which is a concern, a national security 
concern to us and our allies, as well.
    We've worked, you know, post World War II, kind of half 
that period. We, unfortunately, were part of building up debt 
loads in a lot of developing countries and then the second half 
of that period, we've tried to remedy that and improve the 
development outlook for, you know, the same 75 or hundred 
countries that China is now trying to design the belt and road 
program for.
    I just have a tremendous concern that China's attempt to 
cut corners on diligent investment at home has created the 
biggest trap of all for China itself, right. We talk about the 
risk to China's growth outlook now because it's been so over-
reliant at home on debt. Well, as it now goes abroad with the 
development program, it's essentially exporting the same risks 
that are woven into its economic structure and model into a lot 
of other very fragile nations around the world.
    We know, unfortunately, from experience that when fragile, 
politically fragile places, like Venezuela, avail themselves of 
easy credit card options, just like college students, they tend 
to wind up in trouble and we're seeing that in too many places 
today. So that's not corruption alone, but it is something 
which I think deserves our attention. The spillovers of China's 
model, how that can be deleterious to our national security 
interests.
    Senator Sullivan. Let me ask a final question of all of you 
from my perspective and again I appreciate it. This has been a 
really good discussion and unless there's additional followup, 
OK, and, well, maybe I'll have Senator Rosen ask her question 
and then I'll end with mine.
    Senator Rosen.
    Senator Rosen. Thank you. I appreciate it. You know, in 
order to respond to security threats and, of course, prepare 
for new challenges across the spectrum frankly, we have to 
ensure that we have enough trained cybersecurity and just IT 
professionals in general. So here in Congress, we set great 
legislation, apprenticeships, opportunity grants, tax credits, 
whatever tools we have available to us.
    So what Federal investments do you think we can best make 
right now so we can be proactive against these threats? Anyone? 
No? No one has an idea of investments that we can make into 
our----
    Mr. Rosen. I love the expanded----
    Senator Rosen.--economy, into our work force?
    Mr. Rosen.--provisioning for human resources around the 
CFIUS process and now the FIRRMA expanded CFIUS process to make 
sure there's an adequate team of people who can quickly go over 
many more transactions, not tying up American commerce with 
long lengthy review time tables, but instead turn back clarity, 
as all the panelists have said.
    Most important is that we can quickly narrow down to the 
transactions that are concerning to us and let the ones that 
are not concerning go through quick so people can create jobs.
    Senator Rosen. So maybe I'm not exactly clear. I'm talking 
about what investments can we make in human capital or even 
hardware capital, computing capital, if you will, quantum 
computing, artificial intelligence that's going to help with 
this, so we need both? Please.
    Mr. Kallmer. So a lot of things that we can do and we have 
worked with the Congress and the Administration and are eager 
to continue doing it.
    Some of it has to do with developing capacity on emerging 
technologies, AI, 5G, quantum computing. We recently made a 
recommendation to the Administration to work with the Congress 
to promote that because the growth and leadership potential is 
significant. STEM education so that we can continue to build a 
U.S. workforce of people that are prepared for these jobs, 
continued partnerships with universities, continued R&D 
investment in pre-competitive basic research, the kind of 
things that we've had legendary cooperation on.
    Senator Rosen. Right. Not just first stage research but 
research going all the way through.
    Mr. Kallmer. So it's a great question and something we 
think about a lot.
    Senator Rosen. Thank you.
    Ms. Sacks. I have two recommendations. In my previous life, 
I worked with Siemens in their Industrial Cybersecurity 
Business and I think that the next frontier and risk is what we 
call operating technology or where the IT meets the physical 
infrastructure and this is an idea where I think we absolutely 
should focus more resources in training expertise.
    The second is on diversity and inclusion issues, focusing 
more on how can we get sort of multiple voices. Gender is a 
particular one in the cybersecurity space. When we think about 
issues like algorithmic bias, that's going to be very 
important.
    Senator Rosen. I had a Code like a Girl Bill. I'm a former 
computer programmer. That was the first bill I put when I was 
in Congress. I'm going to be reintroducing that again. So we'll 
be addressing that one.
    Thank you.
    Mr. Rosenbach. I was just going to say one thing real 
quick. You know, I teach and students are always looking for a 
way to get into government and serve and so something that 
would be like an ROTC program for undergrads or maybe grads 
where they then go into government, serve in cyber-security.
    Senator Rosen. Like a reserve program.
    Mr. Rosenbach. They could go into the private sector.
    Senator Rosen. Like a cyber reserve, like the Army.
    Mr. Rosenbach. We have a long tradition in the military 
doing that in the U.S. and Israel. Something like that I think 
could be effective.
    Senator Rosen. I think that's a great idea. Thank you so 
much.
    Senator Sullivan. Senator Blumenthal.

             STATEMENT OF HON. RICHARD BLUMENTHAL, 
                 U.S. SENATOR FROM CONNECTICUT

    Senator Blumenthal. Thank you, Mr. Chairman. I understand 
and I apologize that I've been at various other hearings, as 
all of us have been, that Mr. Rosenbach notes that 
authoritarian regimes have stolen large amounts of sensitive 
personal data from consumers.
    There are a list of them, a litany. This information 
directly provides China with strategic intelligence and 
economic advantage but it also feeds into a surplus of raw 
material that can be developed, used to develop new 
technologies.
    Do members of the panel agree that privacy rights with 
respect to China or any other of these countries are also a 
matter of national security and that in pursuing privacy, as we 
are doing in this committee, for consumers in general, we are 
helping to protect national security? Mr. Rosen.
    Mr. Rosen. I think my colleagues have offered more 
considered perspectives on the integration of the privacy 
agenda with cyber and security agendas. So I would defer to 
them to elaborate.
    Mr. Kallmer. Happy to do so, Senator Blumenthal. It's a 
great point, and I think what we've observed is that there 
absolutely can be alignment. In fact, one of the topics we've 
discussed a little bit today is the revised CFIUS bill, which, 
of course, is a process designed round national security and 
inward investments and other economic activity.
    The fact that it is now expanded to include a reference to 
the use of data, the use of personal data as a potential 
national security criterion is positive. The U.S. Government 
has to be flexible to address new kinds of threats that come 
around and also explore whether those threats can be mitigated 
so as not to interfere with business and innovation, but it's a 
good question.
    Senator Blumenthal. Do you agree?
    Ms. Sacks. (Nods.)
    Senator Blumenthal. Let me shift to Huawei. Should the U.S. 
Government and our allies be satisfied by the show and tell 
that this company has offered us? What are the tactics that 
Huawei could use in terms of back door use of its equipment and 
is it preventable?
    Mr. Rosen. I will offer that that's principally a technical 
question and so again I would defer to my colleagues that are 
from the technology backgrounds.
    However, I will say that from a sort of high-level 
perspective, the basic problem of China in our time is that in 
previous years, China explicitly identified its own need to 
separate commercial and government intentions and combination 
in the marketplace.
    In just the past few years, that objective on China's part 
and the need for it has become very murky and that is prima 
facie concerning to any other market economy concerned that if 
you don't have a nice crisp boundary around what's official and 
what's commercial, it's very hard for other nations to embrace 
especially critical infrastructure-related offerings from those 
vendors.
    Senator Blumenthal. Let me explain the reason for my 
question and maybe I asked it in too shorthand a way.
    This company, as you know, has continued to court our 
allies in Europe principally. One of its tactics there has been 
to allow governments to inspect the source code of their 
devices. In other words, to kind of peek under the hood and 
assume that everything else is fine, everything else is safe, 
but experts warn that the result is a false sense of security.
    Huawei doesn't simply hand over the equipment. It provides 
software updates and often directly manages the network. All of 
these services create ongoing potential vulnerabilities and 
they're not just vulnerabilities that serve the company but 
they serve a potential adversary in terms of national security, 
as you have correctly characterized them.
    So I welcome any other views on this topic.
    Ms. Sacks. When we talk about the risk of Huawei, I think 
it's important first to identify three distinct risks so we can 
mitigate around that. These often get blurred. So one is does 
Huawei have a back door that would allow access? The other is 
shoddy engineering and, quite frankly, that's what our partners 
in the U.K. have found, which is different, and the third is 
what would a company like Huawei be prevailed upon to do in a 
warlike situation?
    So what cybersecurity practitioners will say is an outright 
blanket ban is not the most effective way to deal with that 
risk. Instead, you identify specific quantifiable risks 
associated with certain technologies and you design a 
management system around that.
    Mr. Rosenbach. I know we're overtime, so you all tell me if 
I need to be quiet, but I would say, Senator, this is really 
important to look at.
    The example you had of looking at the source code is an 
example in which just that day you would be able to say this 
looks clean because they'll do a software upgrade. They will 
have remote access. The gear with Huawei core routers is 
configured so that you can have remote access.
    In the case of the U.K., this is about 5 years ago, they 
set up a center that reviewed all the gear, looked at it, put 
it into their network. Today, because of both shoddy 
engineering and concerns about security, they're ripping it all 
out of their network.
    So you just need to keep in mind a glimpse and a snapshot 
on 1 day does not mean that there's not special sauce baked in 
there and down the road.
    Senator Blumenthal. Well, I think that point is extremely 
important and you put it better than I did, but let me just say 
in conclusion because I'm out of time, we are in a warlike 
setting.
    Ms. Sacks. Are we?
    Senator Blumenthal. I don't think too many people would 
doubt having read, heard, seen the conflicts that are ongoing 
in the cyber domain that we are in a warlike setting and I 
think that's the reason that justifiably I and many of my 
colleagues have called for much greater advocacy to protect our 
national security.
    Senator Sullivan. Senator Markey.
    Senator Markey. Thank you so much. According to reports, 
China and the United States have agreed on a pact that would 
require Beijing to purchase American agriculture and energy 
goods while also lowering some trade barriers inhibiting U.S. 
companies from accessing Chinese markets.
    But those reports suggest that the deal would not ensure 
that China curtails intellectual property theft, cyber attacks 
or subsidies that create uneven playing fields for American 
companies.
    Should those concessions also be a part of any deal given 
that we know these have long-term implications for our country 
if we don't deal with them right now and China does want to 
deal? Yes, Mr. Kallmer.
    Mr. Kallmer. I don't know the state of the pact right now, 
but if it were an agreement that only dealt with purchases and 
didn't make serious inroads on the structural systemic issues, 
it would be a colossal missed opportunity. The Administration 
has done great work in getting to this point with the Chinese 
taking it seriously, but it needs to address those issues. It 
needs to have meaningful enforcement and verification 
mechanisms and ultimately it needs to be a multinational effort 
to make sure China abides by it.
    Senator Markey. OK. Great. And I'm concerned about 
Beijing's efforts to hack U.S. defense contractors and research 
institutions to steal sensitive military information.
    Earlier this week, the Wall Street Journal reported that a 
known Chinese hacking group is behind a series of cyber attacks 
on universities in the United States in an elaborate scheme to 
steal research about maritime technology.
    Ms. Sacks, what should we be doing at the Federal level in 
order to protect our military secrets from Chinese hackers?
    Ms. Sacks. The Chinese Government under Xi Jinping has 
invested tremendously in elevating cyber policy. They created a 
very powerful entity within the Chinese bureaucracy to funnel 
much more resources and focus to this issue.
    So I think it's imperative that on our side we also invest 
in making sure that cyber is a high-priority element within the 
U.S. Government bureaucracy because they certainly are doing 
so.
    Senator Markey. Yes. And any other comments on that?
    Mr. Rosenbach. Sir, I would just say we have worked on this 
problem for almost a decade. The Chinese continue to take 
aggressive action like this, very strategically targeting an 
area in which they need to leap ahead the United States Navy in 
submersible technology autonomous underwater vehicles and so 
they do it very consciously.
    It's just not fair to expect a university doing research on 
this to be protecting itself and spending money at the level 
that you're trying to thwart the PLA and so you need to think 
about ways that maybe even the government or another defense 
contractor is bringing cybersecurity solutions because 
otherwise that investment is flowing out the door. The Chinese 
and the PLA are reaping the benefits of that.
    Senator Markey. Yes, so I thank you. So, you know, from my 
perspective, Mr. Chairman, just an incredibly successful first 
hearing----
    Senator Sullivan. Yes.
    Senator Markey.--on this subject, and we're just scratching 
the surface of all of the issues that we're going to have to 
deal with.
    When I think of the Chinese and I think of their Belt and 
Road Initiative and trying to move into countries very 
friendly, like want to help you there in Sri Lanka, want to 
help you there in Malaysia, we'll give you all this discount 
access to what it is that you might need for your 
infrastructure and then buyer's remorse on the part of these 
countries. What have we done in allowing them in without asking 
the questions upfront in terms of what the strings are that are 
attached, this Trojan horse strategy which they have in 
technology after technology in country after country.
    So when we talk about Huawei, we talk about any of the rest 
of these issues that are in this whole complex, that it's 
critical for us to start asking questions and then proposing 
answers because we're already deep in and it's pretty obvious 
that we haven't had the national conversation that will create 
the policies that can give us a strategy that matches the 
magnitude of the strategy which the Chinese already have in 
effect.
    So I thank you, Mr. Chairman, and I thank the witnesses for 
this very good hearing.
    Senator Sullivan. Thank you. I'll just wrap it with a 
comment and then a final opportunity for comments from our 
witnesses, but thank you. You guys have done a great job for 
our first hearing.
    You know, I think what we're seeing here is a strong 
bipartisan sense of a challenge that we need to address and in 
some ways that's good that we're working together on this, and 
I also do want to compliment the President and his 
Administration.
    If you've looked at, for example, the National Security 
Strategy of the Trump Administration, the National Defense 
Strategy, these are very serious documents. I think they have a 
lot of bipartisan support.
    Our friends in the media don't write about that a lot, but 
they've also recognized the challenge, right. The big National 
Security Strategy's a shift from, you know, rightfully we've 
been looking at the challenge of violent extremist 
organizations since 9/11 as the primary challenge to our 
Nation's security. That's still, of course, an ongoing 
challenge, will be for a long time.
    But the Trump Administration's National Security Strategy 
and National Defense Strategy recognizes that the return of 
great power rivalry with China as the pacing threat is the 
biggest geostrategic challenge for the next 50 to a hundred 
years. I happen to believe that. That's why we had this hearing 
as our first hearing.
    I also think they're doing a good job on these trade 
issues. The tariffs are controversial to some, but I think the 
President and his team have put this front and center. So 
they're in these negotiations now. A number of us have been 
working with the Administration on things like structural 
reforms, enforcement mechanisms, starting to address this 
corruption issue.
    There are some, you know, in the United States who are 
saying cut this deal now, get it done. The stock market will 
probably go up if you do it.
    Any final thoughts for the Administration as they are 
engaged in a tough negotiation and again to their credit, 
they've put this front and center in ways that I think previous 
Administrations, Democrats and Republicans, for a number of 
reasons have kind of swept it under the rug. So kudos to them.
    But any final thoughts to the Administration on this near-
term challenge of what they should be trying to achieve? Mr. 
Kallmer, you already mentioned it. Anyone else, just thoughts 
for Ambassador Lighthizer and Secretary Mnuchin and others? 
Yes, Ms. Sacks.
    Ms. Sacks. Last week, Ambassador Lighthizer testified 
before the House Ways and Means Committee and he said the 
negotiations ongoing are really dealing with the structural 
issues, IP, tech transfer, cyber espionage, and so I would 
really encourage this Administration to use this moment of 
potential leverage to really tackle these issues and to not 
settle for a cosmetic deal.
    We heard that China has announced they're going to make 
technology transfer illegal, but let's get----
    Senator Sullivan. Haven't they been saying that for 30 
years?
    Ms. Sacks. Right. And so that's why I bring up the issue of 
standards. Look at where are these vulnerabilities actually 
occurring and come up with a targeted way to get at them, 
right. Don't just look at this Made in China 2025 being as 
being a rollback.
    Senator Sullivan. Great. Anyone else for final--Mr. Rosen.
    Mr. Rosen. Any deal that does not include an extraordinary 
amount of structural work that China commits to doing, an 
extraordinary amount of acknowledgement by China that its 
freedom to swing its fist stops where other people's noses 
begin, and that its non-market choices right now are having 
deleterious consequences for others, any deal that doesn't have 
those elements and others is not going to be a deal that lasts 
more than about 45 minutes.
    So there's really two deals we need to prepare for. One in 
which China gets back to believing that marketization is in its 
own interests and is the only path forward, which Deng 
Xiaoping, Zhu Rongji and many of the other leaders we've seen 
in the past 40 years believed, and another deal that we have to 
be prepared for in which China continues to think that there's 
an alternative model that it can pursue.
    In the latter case, there's only so much engagement that's 
going to be possible between us and it's going to be very 
painful to us to have to live with that.
    Senator Sullivan. But we need to work with our allies on 
this, too. Does everybody agree with that?
    Mr. Rosen. Right. There's no way we can absorb the cost of 
that if it's 20 different advanced economies all trying to cut 
their own deals.
    Senator Sullivan. Well, listen, thanks again. I think this 
has been a great hearing.
    The hearing record will remain open for two weeks. During 
this time, Senators may submit additional questions for the 
record. Upon receipt, the witnesses are respectfully requested 
to submit their written answers to the Committee as soon as 
they can.
    I thank again the witnesses for appearing here today.
    This hearing is now adjourned.
    [Whereupon, at 11:59 a.m., the hearing was adjourned.]

                            A P P E N D I X

                                     Rail Security Alliance
                                                      March 6, 2019

Hon. Dan Sullivan,
Chairman,
Subcommittee on Security,
U.S. Senate Committee on Commerce, Science, and Transportation,
Washington, DC.

Dear Chairman Sullivan:

    The Rail Security Alliance congratulates you in convening the 
inaugural hearing of the Senate Committee on Commerce, Science, and 
Transportation's Subcommittee on Security. The topic of the hearing 
``China Challenges for U.S. Commerce'' is a timely topic that is vital 
to both the economic and national security interests of the United 
States. We appreciate the opportunity to communicate to you the work of 
the Rail Security Alliance and the importance of protecting U.S. 
commerce from the unfair practices from the People's Republic of China.
    The Rail Security Alliance is a coalition of North American freight 
rail manufacturers, suppliers, unions, and steel interests that is 
committed to ensuring the economic and national security of passenger 
and freight rail systems. This alliance was formed in response to the 
merging of China's two rail manufacturers into one massive state-owned 
enterprise, the China Railroad Rolling Stock Corporation (CRRC). CRRC, 
by their own calculation, controls roughly 83 percent of the global 
rail market. As a state-owned enterprise, CRRC has access to unlimited 
state funding that allows them to win contracts around the world by 
underbidding every other competitor, jeopardizing the future of this 
industry.
    Over the past three years, the Chinese state-owned enterprise China 
Railway Rolling Stock Corporation (CRRC) has aggressively targeted the 
U.S. market as a means of advancing China's ``Made in China 2025'' 
initiative, which aims to overtake the United States and other nations 
in critical industries like passenger and freight railcar 
manufacturing. Using state-backed financing and other anti-competitive 
tactics, CRRC has now secured $2.6 billion in contracts to build metro 
transit cars for Boston, Chicago, Philadelphia, and Los Angeles, 
sometimes underbidding its competitors by as much as several hundred 
million dollars.
    This threat is now knocking on the doors of Washington. WMATA, 
Washington's metro system, is seeking to procure new metro cars this 
year and it is becoming increasingly clear that CRRC could win this 
contract. With no Buy America or Disadvantaged Business Enterprise 
(DBE) requirements for this contract, CRRC is well positioned to make a 
compelling bid. Needless to say, the prospect of metro cars 
manufactured by the Government of China running under or near the 
Pentagon, the Capitol, the White House, and other sensitive 
installations should raise every alarm across this city.
    The freight system is not immune to CRRC either. CRRC has also 
attempted to enter the North American freight rail manufacturing 
sector--first with a joint venture in North Carolina that fortunately 
did not come to full-fruition, and now with a separate facility in 
Moncton, New Brunswick. We have seen this pattern before. CRRC entered 
the Australian market in 2008 and decimated its domestic manufacturers 
in just nine years. We would be naive to think that cannot and will not 
happen here.
    We have attached for the Committee record a report from Oxford 
Economics illustrating how a similar pattern in the United States could 
result in the loss of roughly 65,000 American jobs in the freight 
sector alone, along with a $6.5 billion reduction in U.S. GDP. 
Furthermore, we have also included a report from Brig. Gen. John Adams 
(USA, Ret.) on the national security risks inherent in allowing a 
Chinese state-owned enterprise access to our freight and transit rail 
systems.
    Allowing Chinese state-owned enterprises to continue expanding and 
operating in the United States without appropriate oversight presents 
major risks to the economic and national security of our country. The 
United States can no longer risk an unchecked China doing business on 
our shores.
    Again, congratulations on chairing the inaugural hearing for the 
Subcommittee on Security. We appreciate that you chose to highlight the 
threat of China to American commerce and we look forward to our 
continued work together.
            Respectfully submitted,
                                         Erik Robert Olson,
                                                    Vice President,
                                                Rail Security Alliance.
                                 ______
                                 
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
         
                                 ______
                                 

      National Security Vulnerabilities of the U.S. Freight Rail 
    Infrastructure and Manufacturing Sector--Threats and Mitigation

  Brigadier General John Adams, U.S. Army (Retired)--October 22, 2018

    Our country depends upon the privately owned and operated North 
American freight railroad system to provide safe, reliable, and 
effective transportation for our Nation's industries, our defense 
industrial base and to ensure the security of our homeland. Our 
nation's future depends upon the reliability and security of freight 
rail as the primary mode of transportation not only for every 
imaginable type of industrial cargo, but also for military equipment, 
fuels, chemicals, and hazardous waste. 140,000 miles of main-line U.S. 
freight rail infrastructure connect ports to rural and urban inland 
hubs, tie military bases to key logistical nodes throughout the nation, 
and link the U.S. to key allies and trading partners.
    In short, U.S. freight rail is crucial to our Nation's global 
economic competitiveness and a strategic asset that our armed forces 
depend upon to maintain readiness and preserve our defense capacity.
    Yet, while we have recognized certain threats to the security of 
our freight rail system, we have begun to allow foreign interests to 
make incursions into the rail industry in ways that could threaten our 
national interests for decades to come. The Government of China has 
made it a priority to target the U.S. freight rail system, building 
inroads into freight rail supply chains and taking aim at rolling stock 
asset ownership. Beijing's ``Made in China 2025'' plan aims for 
comparative advantage in the global advanced rail sector, along with 
nine other industrial sectors. Now is the time for our Nation to push 
back on China's strategy to overtake U.S. freight rail, because a 
failure to do so means tremendous security risk at home. As a retired 
Brigadier General and 30-year veteran of the U.S. Army, I know that 
Chinese dominance of U.S. rail would turn the system from a bedrock 
industrial and strategic asset into a potentially crippling 
vulnerability.
    In the pages that follow, I review the many reasons that we should 
be concerned about the advancing efforts by the Government of China to 
take control of U.S. freight rail; reflect on the state of those 
efforts thus far; and make specific recommendations for policy action 
that should be taken to keep our rail, and our nation, safe.
                                                 ohn Adams,
                                                 Brigadier General,
                                                   U.S. Army (Retired),
                                                         President,
                                           Guardian Six Consulting LLC.
                                 ______
                                 
Executive Summary
    The privately owned and operated U.S. freight rail system is the 
most sophisticated, productive, and capital-intensive in the world. 
Freight rail is vital to our economy, our commercial transportation 
system, and our homeland security infrastructure. Today, on more than 
140,000 miles of track, freight rail carries 40 percent of all American 
intercity freight and 13 percent of the Nation's goods.
    The sustainability of this extensive and sophisticated network is 
now under threat as the Government of China seeks to make inroads into 
increasingly large and vital portions of the freight rail manufacturing 
sector and its supply chain. Unlike other transportation sectors, 
freight rail products do not have Buy America protections. Therefore, 
Chinese state-owned enterprises (SOEs) could undercut U.S. suppliers. 
If we allow Chinese SOEs to continue their efforts to target and 
undermine U.S. freight rail interests, we risk not only tens of 
thousands of U.S. jobs, but also larger potential damage to the 
industrial base, our critical infrastructure, and the security of this 
Nation.
    The threat of Chinese dominance of our freight rail sector is more 
than just a market concern. The national security implications of U.S. 
industry and military interests being forced to rely on Chinese 
government-manufactured railcars are jarringly self-evident: Chinese 
penetration of the rail system's cyber-structure would provide early 
and reliable warning of U.S. military mobilization and logistical 
preparations for conflict. Were the Chinese to gain access to advanced 
U.S. freight car technology (notably specific rolling stock asset 
health, waybill commodity information on loaded freight cars, or 
precise GPS train location) the potential exists for the generation of 
a false negative (or positive) sensor activation--something 
particularly worrisome given that freight rail carries most nuclear 
waste and hazardous material that we transport in this Nation. A false 
sensor reading (e.g., tank car outlet dome cover is secure) could lead 
to a false level of confidence that tank car service valves are secure. 
If service valves are disturbed and undetected a release of toxic 
chemicals could result in catastrophic consequences to life and the 
environment. Moreover, Chinese intelligence about U.S. rail freight 
logistical movements could provide China with a destabilizing economic 
competitive edge. Chinese access to or control of U.S. freight rail 
would also mean that risk of other actors'--including terrorists'--
malicious intrusion would become more difficult for U.S operators to 
detect or counter.
    We depend on technology, machinery, and a robust system of 
intellectual property protections to support our national security; 
when we allow foreign states to interfere--especially our strategic 
competitors--we risk that security. While Congress has recognized and 
taken steps to address similar threats to products such as computer 
chips and cellular technology, policymakers may not fully understand 
China's ongoing incursion into an increasingly digitized rail network. 
Indeed, there are few places where this risk is more acute than with 
the U.S. freight rail system, and few actors who threaten the security 
of the freight rail system more than the Chinese government.
    Yet in recent years, we have witnessed an unabated and aggressive 
entry into the U.S. rail market by China's national rail company, China 
Railway Rolling Stock Corporation (CRRC). This show of force, intended 
to serve the long-term strategic and technological aims of the Chinese 
government, as well as that nation's desire to ensure a massive 
external market for the oversupply of its railcars, components, and raw 
materials, threatens the survival of U.S. freight rail manufacturing. 
This, in turn, raises one of the most serious security risks we have 
faced in the postwar era.
    CRRC's history of using underhanded tactics to overtake rail 
manufacturing in other countries is well known. Over a span of just 
nine years, CRRC decimated the Australian freight manufacturing 
marketplace. Now, without immediate action, the U.S. freight rail 
manufacturing risks a similar fate. If this pattern continues in the 
U.S., Chinese state-directed efforts will eventually force U.S. 
companies out of business, endangering as many as 65,000 U.S. 
manufacturing jobs \1\ and putting our national security at risk.
    Chinese intrusion into the U.S. rail system's supply chain 
threatens the health and sustainability of this vital economic pillar, 
especially in a national emergency. Were China to gain inroads into 
those operations, management, and supply chains, the ability of U.S. to 
effectively utilize and leverage the freight rail network in a crisis 
could be crippled. Moreover, the extensive telematics and digitization 
of the American rail network, while integrating the most modern 
technology, also exposes the system and those who use it to a wide 
array of cyber risks. While there is no single solution that will 
mitigate these concerns, we must modernize our national policies to 
reflect these security risks. Three key reforms are needed from 
Congress and the administration:

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

I. The Impact and Importance of Rail in America
    The U.S. freight rail network, in comparison with freight moved by 
water, pipeline, truck, and air, accounts for approximately 40 percent 
of U.S. freight moved by ton-miles and 16 percent of freight moved as 
measured by tons.\2\ In 2014, the operations and capital expense of the 
major U.S. freight railroads supported approximately 1.5 million jobs 
(1.1 percent of all U.S. workers), nearly $274 billion in U.S. economic 
output (1.6 percent of the total), and $88 billion in wages (1.3 
percent of the total).\3\ The thoroughly integrated rail systems of the 
United States, Canada and Mexico are a cornerstone of the North 
American market as well as the foundation for the safe, reliable, and 
efficient transportation of goods from rural communities to urban areas 
to seaports and government and military installations.
    Railroads not only serve as the primary mode of transport for an 
array of key products and commodities, but they also regularly 
transport U.S. military equipment, hazardous waste, potentially toxic 
and hazard commodities (i.e., chlorine, anhydrous ammonia, ethylene 
oxide) and flammable liquids (i.e., petroleum products, ethanol). The 
North American railcar fleet includes more than 1.6 million cars. With 
seven Class I railroads,\4\ 21 regional railroads, and 525 local 
railroads,\5\ more than 140,000 miles of active railroad, more than 
1.65 million freight cars in North America, and 39,521 locomotives, an 
estimated 12,000 trains operate daily.\6\
    The U.S freight rail industry moves more freight than any other 
rail system worldwide. These figures include the $6.5 billion U.S. 
freight rail manufacturing sector which directly supports 65,000 
jobs.\7\ The rail industry provides numerous public benefits including 
reductions in road congestion, highway fatalities, fuel consumption, 
logistics costs, and public infrastructure maintenance costs. As 
private organizations responsible to their shareholders, U.S. freight 
railroads depend upon profits for reinvestment and capital improvement. 
The average U.S. manufacturer spends about 3 percent of revenue on 
capital expense. The comparable figure for freight railroads is nearly 
19 percent, more than 6 times higher than other industries.\8\ The 
majority of this goes to maintenance and repair, and up to 20 percent 
gets reinvested to enhance capacity.\9\
    Most commercial freight (i.e., container freight) ships 
intermodally. Rail's ability to transfer cargo intermodally--train 
transport of goods before or after transfers from other modes of 
traffic (aircraft, vessels, or trucks)--is vital to the economic 
viability of U.S. ports and urban hubs, and for the past four decades, 
constitutes the fastest growing segment of the freight rail 
industry.\10\ Though the viability of American ports also depends upon 
the ability to deliver to and receive inland cargo by all 
transportation modes, freight rail connectivity at ports is 
increasingly and uniquely important to attract containerized cargo when 
the origin-destination pairs are more than 500 miles apart.\11\ Indeed, 
U.S. railroads moved over 1 million intermodal loads in July 2018, a 
5.5 percent increase over July 2017.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    U.S. military vehicles are transported by freight rail near 
Greenville, SC in July 2018.

    Half of all freight traffic is interchanged. This means that, 
except for captive unit train movements on a single railroad from 
origin to destination, using only that railroad's own cars (i.e., coal 
or grain hoppers), most of the cars in any given freight train will be 
owned by someone other than the handling carrier. Approximately 70 
percent of all freight cars in North America are owned by non-railroad 
entities (e.g., private car owners, leasing companies, banks, shippers, 
and utilities). Interchanged traffic is vital to smooth international 
commerce for Canada, Mexico, and the United States.
    The U.S. freight rail system is also one of the most 
technologically advanced in the world, with a rapidly expanding scope 
of digitization, thoroughly incorporating the network into the Internet 
of Things (IoT). Onboard freight telematics incorporate a vast network 
of wireless sensors that monitor asset health and location, sending the 
information to communication management units as well as to displays in 
locomotive cabs. U.S. railroads depend upon the continual upgrade and 
development of advanced technology to reduce risks, improve safety, and 
improve the network's efficiency. As Federal Railroad Administration 
(FRA) Administrator Ronald Batory stated at his swearing in on February 
28, 2018: ``We must aggressively embrace the Internet of Things and 
artificial intelligence, along with seeking autonomous functions that 
can foster an environment towards minimal to non-existent risk.'' \12\
II. China's Government Aims to Dominate U.S. Rail
    Rail manufacturing is one of the 10 industries included in the 
Chinese government's ``Made in China 2025'' initiative,\13\ a plan 
targeting global dominance in sectors that the Government of China 
considers most strategic to its global aims. As the White House Office 
of Trade and Manufacturing Policy noted in a recent report, ``[T]he 
Chinese government has institutionalized the industrial policy of 
inducing investment in `encouraged' high technology sectors using the 
financial resources and regulatory instruments of the State.'' \14\ 
Toward these ends, China's government has brought to bear a range of 
state subsidies, state financing, and other resources to support the 
market entry and market ascension objectives of its wholly government-
owned, $33 billion conglomerate, China Railway and Rolling Stock 
Corporation (CRRC), an enterprise that--with more than 183,000 
workers--is now the largest rolling stock producer in the world.\15\ 
While it is owned by the Chinese government, CRRC is controlled by the 
Communist Party of China, and it has set about to build a foothold in 
the U.S. market, with a near-term goal of overtaking our rail sector.
    Indeed, CRRC's own bylaws state that the company will seek guidance 
from the Communist Party of China on significant matters affecting the 
company's operations.\16\ Three of CRRC's current board members 
previously held high-level positions at state-owned defense companies, 
Aviation Industry Corporation of China (AVIC), which produces fighter 
and bomber aircraft, helicopters, and unmanned aerial vehicles for the 
Chinese Army, and China Shipbuilding Industry Corporation (CSIC), which 
produces submarines, warships, and other naval equipment for the 
Chinese Navy. Furthermore, two former CRRC board members held positions 
at AVIC and China North Industries Group Corporation Limited (NORINCO), 
a state-owned defense company that supplies tanks, aircraft, missiles, 
firearms, and related products for the Chinese military.
    The latter two of these entities, CSIC and NORINCO, have been 
subject to allegations of espionage and sanctions evasion by the U.S. 
government, raising serious questions about the connections of CRRC 
board members to these activities. In 2007, AVIC was reputed to have 
stolen data on the F-35 fighter jet from Lockheed Martin and used it to 
build the Chinese J-31 fighter.\17\ Similarly, CSIC was indicted in 
2016 by the U.S. Department of Justice for entering into contracts with 
another Chinese company for the purchase of industrial materials that 
were created using stolen trade secrets from an American firm.\18\ 
NORINCO has also been sanctioned by the U.S. State Department on six 
occasions for contributing to Iranian nuclear weapons development.\19\ 
Two of CRRC's board members were respectively employed in high-level 
positions at CSIC and NORINCO at the time these offenses occurred, 
suggesting that they were likely aware of, if not complicit in, this 
illicit activity.
    These actions are a compelling example of how the Communist Party 
places pressure on SOEs to fulfill directives such as Made in China 
2025. To advance these plans, CRRC has first set its sights on the U.S. 
municipal transit sector, seeking to get major new contracts to sell 
transit cars to transit agencies in Boston, Chicago, New York, Los 
Angeles and Philadelphia, among others. The Chinese government is 
banking on the fact that once CRRC secures sufficient U.S. municipal 
transit contracts, it can pivot quickly and inexpensively toward the 
more strategically important freight rail sector. There, China can 
unload much of its current freight car manufacturing capacity 
oversupply--offsetting its own, slowing domestic market while 
continuing its strategy of using exports to sustain the Nation's 
employment base.
    Given China's manufacturing capacity oversupply and long-term goals 
for global dominance, CRRC hardly needs to profit on short-term sales. 
As such, the Government of China is able to sweeten CRRC's bids for new 
U.S. transit car contracts; not only by subsidizing CRRC's operating 
costs but also, in many instances, providing below-market financing 
terms to municipal buyers, making CRRC's prices enticingly low compared 
to other bids. In fact, CRRC's own 2016 annual report shows that it has 
leveraged China's state-owned banks to the tune of almost $27 billion 
to finance its expansion plans.\20\ CRRC has used those resources to 
make its bids for major U.S. project opportunities more attractive, 
underbidding other competitors by as much as 50 percent, and--since 
2015--winning $2.6 billion in transit rail contracts to supply ``Made 
in China'' railcars for the Boston, Los Angeles, Philadelphia, and 
Chicago metro systems, among others.\21\ Soon, CRRC will have the 
chance to apply the same tactics to metro transit rail contracts in 
Atlanta, Washington, D.C., New Jersey and New York City.
    With these massive successes under its belt, CRRC has built two 
U.S. transit assembly plants in Springfield, Massachusetts and Chicago. 
These are not where railcar manufacturing occurs, since China has 
little interest in shifting its manufacturing to the United States. 
Instead, these facilities are where Chinese components and 
subcomponents are shipped and assembled into cars that are then sold to 
U.S. buyers. Most of the transit cars must have more than 65 percent of 
their content sourced from American components if transit authorities 
want to qualify for Federal funding. In the case of the Boston transit 
contract, however, CRRC met the desire of Massachusetts for an in-state 
assembly facility and bid the lowest price by more than $150 million 
under the next competitor.\22\ With no Federal funding supporting this 
procurement by the state transit authority MBTA, CRRC avoided all 
otherwise applicable Federal Transit Administration ``Buy America'' 
requirements. In November of last year, CRRC shipped the first fully-
built, shrink-wrapped transit rail cars that had been made completely 
in China into the Port of Boston.
    And while U.S. transit rail is typically subject to such domestic 
content requirements, no similar requirements apply to freight railcar 
manufacturing. This means that CRRC can effectively import complete or 
nearly complete freight rail cars to the United States or complete 
minor assembly at CRRC U.S. facilities at an even lower discount than 
transit cars have received. Having already established major operations 
in the U.S., CRRC's current assembly facilities in the United States 
can easily be modified to accommodate freight assembly as well, which 
are in fact a downgrade for facilities to produce compared to transit.
    CRRC's entry into the freight rail manufacturing poses a direct 
threat to a major strategic and economic asset of the United States. 
Indeed, a 2017 Oxford Economics study found Chinese competition in 
freight rail threatens U.S. economic competitiveness.\23\ That same 
study projected that up to 65,000 U.S. jobs could be eliminated if we 
allow China to displace U.S. freight rail manufacturing, a sector that 
has many U.S.-headquartered players today, as well as a long U.S. 
supply chain since the industry is a major consumer of U.S.-made steel. 
Even so, signs of Chinese targeting of North American freight rail are 
already evident, with CRRC having recently opened freight car assembly 
facilities in Wilmington, North Carolina and Moncton, New 
Brunswick.\24\,\25\

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Source: Oxford Economics

    If the prospect of losing domestic freight rail capabilities seems 
far-fetched, we need only remind ourselves of recent CRRC activities in 
Australia to understand how far China is willing to go to dominate in 
rail. Within a decade after entering Australia's once-thriving domestic 
rail manufacturing industry, CRRC used underpricing and other anti-
competitive tactics as described above to wipe out Australia's domestic 
rail manufacturing base entirely.\26\ Today, Australia's railcar 
manufacturing is wholly controlled by CRRC. As a clear reminder of 
China's intentions of continuing--this trend, CRRC itself Tweeted 
recently about its plans for market dominance, announcing, ``So far, 83 
percent of all rail products in the world are operated by #CRRC or are 
CRRC ones. How long will it take for us conquering the remaining 17 
percent?'' \27\
    The European Union and Israel recognize this threat and are 
exploring and enacting policies to better protect their domestic rail 
manufacturing and production sectors.\28\ \29\ As of this writing, even 
though freight rail is considered by the Department of Homeland 
Security to be a key element of our Nation's critical infrastructure, 
similar U.S. measures have not been enacted at the Federal level to 
directly protect American freight rail manufacturing from the 
Government of China and its designs for global dominance.
III. China's Rail Agenda Threatens U.S. Cybersecurity
``The possibility of causing mayhem remotely could make train hacking 
        an attractive priority for terrorists.'' \30\
    In 2010, the world witnessed the first case of weaponized malware 
when the nuclear industry fell prey to Stuxnet, prompting the 
possibility of attacks on industrial controls in cyber-systems. The 
possibility has since become far more real as we have witnessed growing 
numbers of cyberattacks that threaten and at times undermine key 
segments of the world's economies, power, financial systems, and other 
assets.
    Predatory Chinese efforts to penetrate our freight rail market 
create the potential for disruption to the most advanced technologies 
upon which our rail system depends for safety and efficiency. 
Commercial railroads are, of course, aware of the risks they face from 
potential cyber-security incursions and are investing in cybersecurity 
capabilities. Even so, we significantly increase the risk of Chinese 
cyber-espionage or even cyber-terrorism by allowing CRRC to displace 
U.S. rail interests and shift our freight rail supply reliance to the 
Government of China. If allowed to penetrate the U.S. freight rail 
system, Chinese government-backed entities could simply vacuum data 
from individuals and firms connected to the rail network. China's 
history of cyberattacks on U.S. interests, combined with the Chinese 
Government's known efforts to use facial recognition and artificial 
intelligence for tracking its own citizens through ``a vast and 
unprecedented national surveillance system'' make this security risk 
all the more acute.\31\
    In other U.S. economic sectors where Chinese SOEs have engaged 
aggressively, the U.S. Government has responded with targeted 
restrictions to mitigate clear security risks. Such measures have 
included a reported U.S. government ban on contracting with the Chinese 
computer firm Lenovo,\32\ a ban on the purchase of Chinese drones,\33\ 
and the removal of Chinese-made security cameras from U.S. military 
bases.\34\ In April 2018, DoD banned Huawei and ZTE cell phones from 
sale in U.S. military exchanges world-wide.\35\ We have yet to do the 
same to protect Chinese incursions into the U.S. freight rail 
manufacturing base.
    According to the National Institute of Standards and Technology, 
the following are cyber-threats to industrial control systems, all of 
which must be taken into account when we consider control of U.S. 
freight rail assets:

   Blocked or delayed flow of information through ICS networks, 
        which could disrupt ICS operation.

   Unauthorized changes to instructions, commands, or alarm 
        thresholds, which could damage, disable, or shut down 
        equipment, create environmental impacts, and/or endanger human 
        life.

   Inaccurate information sent to system operators, either to 
        disguise unauthorized changes, or to cause the operators to 
        initiate inappropriate actions, which could have various 
        negative effects.

   ICS software or configuration settings modified, or ICS 
        software infected with malware, which could have various 
        negative effects.

   Interference with the operation of equipment protection 
        systems, which could endanger costly and difficult-to-replace 
        equipment.

   Interference with the operation of safety systems, which 
        could endanger human life.\36\

    Furthermore, as freight trains become increasingly sophisticated, 
incorporating more technology and systems integration, these types of 
cyber-security concerns become more palpable. In U.S. freight rail, 
industrial controls have replaced the mainframes and protocols that 
have historically undergirded the industry, and these controls present 
vulnerabilities not only relative to the freight rail systems 
themselves, but also through outside data connections that could 
threaten both public safety and operating continuity.\37\ Significant 
technology and rapidly expanding IoT capabilities in the U.S. freight 
rail network create potential security challenges that include:

   A digitized railroad network/the Internet of Things: Like 
        other high-tech industries, the freight railroad industry has 
        embraced digitization and the IoT. Integrated teams of data 
        scientists, software developers, and engineers develop and 
        apply technology across every aspect of the nationwide freight 
        rail network. Indeed, such technology has generated significant 
        improvements in operational safety and network efficiency. 
        These benefits also have increased the vulnerability of onboard 
        systems, individual train operations, and perhaps even the 
        industry's metadata warehousing centers to cyber threats.

   Rail Signaling: In California in 2008, a Metrolink passenger 
        train collided with a Union Pacific train, causing 25 
        fatalities and 135 passenger injuries. Congress responded 
        mandating the installation of positive train control (PTC) 
        systems on much of the Nation's rail system including the Class 
        I network by 2015. The statutory deadline was later extended by 
        Congress to December 31, 2018, subject to certain alternative 
        schedule criteria. PTC is designed to prevent four specific 
        accident scenarios: train-to-train collisions, over-speed 
        derailments, unauthorized train incursions into right-of-way 
        work zones, and misaligned track switches. A malicious cyber 
        breach of PTC or underlying existing rail signaling systems 
        could wreak havoc and cause accidents on the highly 
        interdependent freight railway network.

   Locomotives: Latest generation diesel locomotives have 
        hundreds of sensors which generate thousands of asset health 
        and performance indicators per minute.

   Onboard Freight Car Location & Asset Health Monitoring: 
        There are 25,000 freight cars equipped with telematics or 
        remote monitoring equipment. Over 85 percent of the 
        installations are on tank cars and the vast majority of those 
        are materials: chlorine, anhydrous ammonia, ethylene oxide, and 
        flammable liquids. Thetracking technology includes a wireless 
        communication management unit to track precise near-real time 
        lat-long location via GPS, direction of travel, speed, and 
        dwell time within the 45 Transportation Security Administration 
        (TSA) designated high-threat urban areas (HTUAs) \1\ and 
        thousands of chemical shipper/consignee defined geo-fences. 
        Wireless sensor nodes measure and/or alert:
---------------------------------------------------------------------------
    \1\ The Transportation Security Administration defines an HTUA as 
an area comprising one or more cities and the surrounding areas, 
including a 10-mile buffer zone.

---------------------------------------------------------------------------
   loaded or empty car condition

   accelerations and peak impacts in yards & on line-of-road 
        roller bearing temperature

   lading temperature in tank cars

   tank car hatch covers open (based upon degree of tilt)

   handbrake on or off (unattended train securement issue)

   End-of-Train Telemetry (EOT): The FRA requires all freight 
        trains operating on excess of 30 mph to be equipped with a 2-
        way EOT device. EOTs include a flashing blue light indicating 
        the last car in a train as well as the rear brake pipe pressure 
        which is transmitted to the lead locomotive in the train. EOTs 
        also include GPS location. The 2-way feature means that the 
        locomotive engineer can initiate an emergency brake application 
        from the rear of the train as well as the front. This is 
        critical safety technology (a pool of 12,000 devices on the 
        Class I railroads) since Class I railroads are stretching some 
        trains from 10,000-12,000 feet long as opposed to a typical 
        5,000-6,000-foot train.
A. Industrial Cybersecurity Considerations
``Chinese industrial espionage is not new . . . but it is practiced 
        more openly these days,'' writes former Navy Secretary J. 
        William Middendorf and the State Department's Dan Negrea.\38\ 
        ''
    Every company shipping goods on U.S. freight rail--which transports 
nearly 13 percent of products across our country, for industries 
ranging from agriculture to chemicals to mining--should be concerned by 
the prospect of China controlling key aspects of the U.S. freight rail 
system. In 2016, U.S. railroads originated over 1.5 trillion tons of 
freight in 27 million carloads. 40 percent of all intercity freight 
goes by rail, including 67 percent of the coal used by electric 
utilities for power generation.\39\ Similarly, the chemicals we use to 
keep our water supply pure and much of the food products we consume are 
shipped by private freight rail. Therefore, ensuring that these 
products arrive at their destinations and are free from tampering is of 
paramount concern.
    The Transportation Security Administration, in the Preamble to its 
November 26, 2008 Rail Transportation Security Final Rule, noted that 
``Due to the open infrastructure of the rail transportation system, 
freight trains can be particularly vulnerable to attack'' and 
``[f]reight trains, transporting hazardous materials are of even more 
concern, because an attack on those trains. . .could result in the 
release of hazardous materials'' and that ``the release of PIH 
materials in a densely populated urban area would have catastrophic 
consequences.'' Rail also carries some of the most hazardous materials 
(HAZMAT) between industries and military installations in America, 
often through densely populated areas and cities. Typically railroads 
move 1.7-1.8 million carloads of HAZMAT every year--items that are 
essential to our economy and our society--and about 105,000 carloads 
are so-called ``poisonous by inhalation hazard'' (TIH) materials such 
as chlorine or anhydrous ammonia. Freight rail is also a principal mode 
of transport for nuclear waste. Indeed, the majority of TIH materials 
in this country are transported via rail, which underscores the 
paramount emphasis on freight rail safety, free from tampering and 
malicious intrusion. The safety consequences of any HAZMAT incident, 
especially those involving the most dangerous worst commodities (e.g., 
poisonous by inhalation hazard) are substantial: In January 2005, for 
example, a rail tank car ruptured in Graniteville, SC as the result of 
a derailment, releasing chlorine that forced the evacuation of 5,400 
people within a mile radius of the site. Ultimately 9 people died, and 
75 others required treatment for chlorine exposure.\40\
B. Transportation Operations Cybersecurity Considerations
    Given the crucial role of rail in our economy and our defense 
industrial base, U.S. Presidential Policy Directive 21 classifies 
freight rail as part of our Nation's critical infrastructure.\41\ And 
yet, no Federal law specifically restricts foreign government ownership 
of our freight rail supply sector. At the same time, many of the same 
critical infrastructure features designed to boost the quality of and 
operation of our freight rail system also raise serious vulnerability 
concerns in the hands of a foreign government.
    Policymakers should recall that the ubiquitous freight rail network 
traverses nearly every major city in the nation, particularly the 45 
TSA designated continental HTUAs. Many rail yards and storage locations 
are close to densely populated areas, which at any time could contain 
large numbers of loaded HAZMAT tank cars.\42\ Additionally, freight and 
passenger rail are highly interdependent; they use many of the same 
bridges, tunnels, control centers, tracks, signals, and switches. 
Amtrak--the principal U.S. provider of inter-city passenger rail--
operates on more than 22,000 miles of track owned by freight railroads, 
and many commuter and light rail systems also operate on freight rail 
tracks.\43\ A freight rail or railyard incident could be triggered to 
cause tremendous direct and collateral damage on large population 
centers as well as vital transportation networks.
    Finally, railroads have information-based operating systems that 
also pose vulnerabilities. The Railway Alert Network (RAN), for 
instance, distributes intelligence between and among the Federal Rail 
Administration, commercial railroads and U.S. law enforcement; RAN, 
which is now operated by the American Association of Railroads (AAR), 
allows for analysis and dissemination of threat communications from DOT 
and DHS to AAR's members.\44\ Tapping into the RAN system would give an 
unfriendly outside government access to secure information, including 
network data analytics and traffic analysis, that should not be shared. 
The AAR developed its AskRail mobile app in 2014. First responders are 
able to instantaneously access the specific hazardous materials 
commodity in a tank car as well as the hazards posed. AskRail employs 
GIS mapping to identify vulnerable areas like hospitals and schools and 
rivers. Obviously, unauthorized access to AskRail by those with 
malicious intent poses a security threat.
C. Military Cybersecurity Considerations
    The Department of Defense (DoD) has a longstanding reliance on 
freight rail in the United States. Most of the military's heavy and 
tracked vehicles are transported by freight rail meaning that freight 
rail runs through every military base in the United States.\45\ DoD's 
Military Traffic Management Command (MTMC) has designated nearly 39,000 
miles of freight rail track as being uniquely important to our Nation's 
defense, and thus part of the Strategic Rail Corridor Network, or 
``STRACNET.'' STRACNET serves 193 U.S. defense installations, 
connecting military bases with maritime ports of embarkation and other 
key points across the country.\46\
    Freight rail is also at the heart of the U.S. Transportation 
Command (TRANSCOM), DoD's global defense transportation system, 
coordinating people and transportation assets around the world. The 
Surface Deployment and Distribution Command (SDDC), which is a 
component of TRANSCOM, operates 10,000 containers and some 1,350 rail 
cars of its own to deliver equipment and supplies for deployed members 
of the Army, Navy, Air Force, Marines, and Coast Guard. SDCC also, of 
course, leverages commercial freight rail to provide important 
components of DoD's surface transportation requirements.\47\ SDCC also 
utilizes a special heavy-duty flatcar fleet of 1,850 specially designed 
heavy-duty flatcars managed by a company owned by the major freight 
railroads.
    Because of the deep reliance of our military on U.S. commercial 
rail, MTMC monitors and evaluates data on railroad industry 
construction, industry mergers, bankruptcies and other similar events 
to determine how they may affect DoD's mobility and readiness 
capabilities. We can assume that MTMC is aware of the ongoing efforts 
by China's Government to dominate the U.S. rail sector. We must act on 
this concern to stop CRRC's activities to assert itself in the U.S. 
marketplace.
IV. Policy Action is Needed
    America's domestic freight rail manufacturing base has always 
played a vital role in the economic and national security of the United 
States. As this report demonstrates, freight rail is the lifeblood of 
the American economy--employing tens of thousands of workers, shipping 
millions of tons of consumer goods and materials through every major 
artery in the country and adding over $6.5 billion in GDP. 
Simultaneously, freight rail is an indispensable part of our Nation's 
defense infrastructure, a vital transportation system that supplies and 
connects U.S. military installations across the continent. Despite our 
longstanding reliance on freight rail, America remains unprepared to 
protect itself from foreign entities with ambitions directly at odds 
with our own. Even current cooperative efforts between industry and the 
Department of Homeland Security--while commendable--remain inadequate. 
The good news is that there is still time to address this threat. 
Federal and state policymakers have an opportunity to adopt meaningful 
laws and regulations that can significantly slow the Chinese 
government's intrusion into the U.S. freight manufacturing space and, 
in turn, bolster America's security in the face of ever-changing global 
threats. The goal of this report is to encourage America's political 
leaders to strongly consider any and all of the following 
recommendations.
1) Develop comprehensive restrictions and reviews on investments from 
        foreign state-backed entities in critical infrastructure 
        integral to our national defense.
    The recent reforms to the Committee on Foreign Investment in the 
United States (CFIUS) through the broadly supported Foreign Investment 
Risk Review Modernization Act (FIRRMA) were a welcomed step forward for 
U.S. policy and come at a pivotal moment. Nevertheless, CFIUS continues 
to face shortcomings. Greenfield investments--wherein a foreign entity 
creates entirely new investments, rather than through an acquisition, 
merger, or joint venture--are still not explicitly covered under 
CFIUS's scope of authority. This means that CRRC and other Chinese SOEs 
can continue to build new facilities in the U.S. without oversight. To 
date, only five transactions have ever been blocked by CFIUS,\48\ 
suggesting that we should explore alternative tools to ensure the 
integrity of the rail manufacturing sector and its associated supply 
base.
    One such tool that has been proposed has been to create a parallel 
committee to CFIUS under the authority of the Department of Commerce to 
review transactions for the effects they would have on economic 
security. With a broader mandate that would allow the Committee to take 
economic considerations into effect, we could address many of the 
restrictions that have plagued CFIUS. Another more attainable option is 
for Congress to take steps to ensure that Federal funds are not used to 
further the aims of SOEs like CRRC. Three of the four manufacturing 
contracts that CRRC won in the U.S. were awarded using Federal Transit 
Administration (FTA) dollars, meaning that the U.S. government 
effectively subsidized a Chinese state-owned enterprise to further the 
Made in China 2025 initiative at the expense of American workers and 
security.
2) Ensure that appropriate Federal agencies, in coordination with 
        states and localities, develop robust standards for cyber and 
        data integrity applicable to any rail or transit sector 
        contracts involving foreign state-backed entities.
    As technology continues to advance, so must our standards for 
cybersecurity. If foreign SOEs are permitted to produce any aspect of 
the thousands of detector and monitoring systems onboard trains around 
the country, we will face a continued national security threat capable 
of halting our entire rail network. These technologies present 
countless opportunities for hacking and surveillance, and with the 
cybersecurity risks of other Chinese entities having been well-
documented in numerous other industries, action is urgently needed. The 
Department of Homeland Security and the Department of Transportation 
should coordinate with state and local agencies to develop and 
implement standards that ensure cyber and data security for our rail 
system in any interface with a foreign SOE. These agencies should also 
engage with private industry to determine what other appropriate 
measures to address the cybersecurity concerns posed by foreign SOEs 
and, if appropriate, establish a task force of key stakeholders 
involved in the manufacturing, operations, and oversight of the freight 
rail sector. Under new and existing authority, officials must take 
robust steps to ensure the cyber integrity from any SOE threat of all 
rail network systems and data streams.
3) Strengthen oversight of Buy America laws to ensure that existing 
        laws and regulations are adhered to in federally funded transit 
        and rail procurements including railcar manufacturing and 
        explore new avenues to further ensure the manufacturing 
        capabilities of freight rail and other core domestic industries 
        that are integral to support and maintain our defense 
        industrial base.
    CRRC's pattern of investment in other markets like Australia 
suggest that China will use the transit railcar manufacturing sector as 
a beachhead to then move into freight railcar manufacturing, 
implicating even more pressing national security concerns. In the 
transit railcar manufacturing sector, Buy America laws offer the most 
comprehensive protections for the industry that, when followed, can 
help mitigate the financial and strategic advantages that the 
Government of China offers state-owned companies like CRRC. However, 
various loopholes and lax enforcement has limited the effectiveness of 
these laws, allowing CRRC to advance into the transit railcar 
manufacturing sector unabated.
    In April 2017, President Trump signed an executive order to 
strengthen Buy America laws, requiring Federal agencies to develop 
policies to maximize the use of domestic workers and materials in 
procurements as well as to recommend new policies to strengthen the 
implementation of Buy American laws.\49\ Nevertheless, little has been 
done since then to strengthen Buy America. Buy America laws have proven 
to be a vital protection for the U.S. manufacturing and industrial 
base, ensuring the employment of thousands of American workers while 
strengthening our ability to respond to foreign threats in the process. 
These laws, however, can be easily manipulated as Federal agencies 
often lack the resources to effectively police them, relying all too 
heavily on the claims of manufacturers and suppliers. When those 
manufacturers are foreign state-owned enterprises, we have little 
incentive to take them at their word. Congress and the administration 
should explore avenues to strengthen domestic content provisions and 
ensure that existing laws are being followed to protect American 
workers and security.
V. Conclusion
    The Government of China's attack on our rail system is insidious 
and ingenious. China enters at the local level, subsidizes the assembly 
of Chinese transit rail cars, and supplies them to cash-strapped 
transit systems at bargain prices. In the process, Chinese companies 
bring small numbers of assembly jobs to the U.S. while the 
manufacturing, technology, and R&D stay in China. Today and for the 
foreseeable future, no American company makes transit rail cars, but 
the evidence is compelling that the Chinese government has now directed 
state-owned entities to target the U.S. freight rail manufacturing 
sector as well. Our freight railcar industry is now in China's sights.
    As our Nation's freight railcar manufacturers continue to 
incorporate innovative new technologies to enhance the safety and 
productivity of our rail system, the growing presence of China's CRRC 
is all the more concerning. From rural communities to major cities to 
seaports and government installations, freight rail not only serves as 
the primary mode of transport for an array of key products and 
commodities, but also for sensitive U.S. military equipment, hazardous 
nuclear waste, and toxic chemicals. We must take urgent measures to 
ensure freight rail remains secure and American-run. We must retain the 
know-how and technology to improve our rail system in the future, and 
safeguard against disruption of this strategically vital sector of our 
economy and pillar of our national security.
Endnotes
    \1\ Oxford Economics, ``Will We Derail U.S. Freight Rolling Stock 
Production,'' May 2017. https://www.oxfordeconomics.com/recent-
releases/will-we-derail-us-freight-rolling-stock-production
    \2\ Federal Railroad Administration, ``National Rail Plan Progress 
Report'', September 2010. Cited in https://www.fra.dot.gov/page/P0362
    \3\ Towson University, Regional Economic Studies Institute, June 
2016 (quoted in AAR President Ed Hamberger's April 11, 2018 Statement 
to the House Appropriations Committee THUD Subcommittee hearing on Rail 
Safety, and Infrastructure).
    \4\ Federal Register, ``Indexing the Annual Operating Revenues of 
Railroads,'' Cited in https://www.fra.dot.gov/page/P0362
    \5\ Federal Railroad Administration, `Freight Rail Background,'' 
March 2012. Cited in https://www.fra.dot.gov/page/P0362
    \6\ Department of Homeland Security, ``Transportation Systems 
Sector.'' https://www.dhs.gov/transportation-systems-sector
    \7\ Oxford Economics, ``Will We Derail U.S. Freight Rolling Stock 
Production,'' May 2017. https://www.oxfordeconomics.com/recent-
releases/will-we-derail-us-freight-rolling-stock-production
    \8\ Towson University, Regional Economic Studies Institute, June 
2016 (quoted in AAR President Ed Hamberger's April 11, 2018 Statement 
to the House Appropriations Committee THUD Subcommittee hearing on Rail 
Safety, and Infrastructure).
    \9\ Federal Railroad Administration, ``National Rail Plan Progress 
Report,'' September 2010. Cited in https://www.fra.dot.gov/page/P0362
    \10\ Federal Railroad Administration, ``Freight Rail Overview,'' 
https://www.fra.dot.gov/page/P0362
    \11\ Louisiana Department of Transportation & Development, ``A 
Comparative Analysis of Intermodal Ship-to-Rail Connections at 
Louisiana Deep Water Ports,'' August 2007. http://
www.sp.dotd.la.gov/Inside_LaDOTD/Divisions/Multimodal/Marine_Rail/
Misc%20Documents/
A%20Comparative%20Analysis%20of%20Intermodal%20Ship%20to%20Rail%20Connec
tions%
20at%20Louisiana%20Deep%20Water%20Ports.pdf
    \12\ As Prepared Remarks of Ronald L. Batory Swearing-In Ceremony 
as the 14th Administrator of the Federal Railroad Administration, U.S. 
Department of Transportation Headquarters, Washington, DC, February 28, 
2018. https://www.fra.dot.gov/Elib/Document/17848
    \13\ The Made in China 2025 plan identifies ten priority sectors: 
next-generation information technology; high-end numerical control 
machinery and robotics; aerospace and aviation equipment; maritime 
engineering equipment and high-tech maritime vessel manufacturing; 
advanced rail equipment; energy-saving and new energy vehicles; 
electrical equipment; new materials; biomedicine; and agricultural 
machinery.
    \14\ White House Office of Trade and Manufacturing Policy, ``How 
China's Economic Aggression Threatens the Technologies and Intellectual 
Property of the United States and the World,'' June 2018. https://
www.whitehouse.gov/wp-content/uploads/2018/06/FINAL-China-Technology-
Report-6.18.18-PDF.pdf
    \15\ CRRC 2016 Annual Report, April 2017. http://www.hkexnews.hk/
listedco/listconews/SEHK/2017/0427/LTN201704272466.pdf 
    \16\ ``CRRC Corporation Limited Articles of Association,'' CRRC 
Corporation Limited, at 70. http://www.crrcgc.cc/Portals/73/Uploads/
Files/2018/6-4/636637164457871915.pdf
    \17\ ``America's most expensive weapons system, the F-35, is a key 
symbol of Trump's trade gripe with China,'' CNBC, March 22, 2018 
https://www.cnbc. com/2018/03/22/americas-most-expensive-weapons-
system-the-f-35-is-a-key-symbol-of-trumps-trade-gripe-with-china.html
    \18\ ``Chinese Nationals Stole Marine Technology to Benefit Chinese 
Regime, According to U.S. Justice Department,'' Epoch Times, April 30, 
2018. https://www. theepochtimes.com/chinese-nationals-stole-marine-
technology-to-benefit-chinese-regime-according-to-u-s-justice-
department_2509135.html
    \19\ ``United States Imposes Sanctions Against Chinese Firm,'' 
Nuclear Threat Initiative, September 22, 2004. https://www.nti.org/gsn/
article/united-states-imposes-sanctions-against-chinese-firm/
    \20\ ``CRRC 2016 Annual Report,'' CRRC Corporation Limited, April 
28, 2017 http://www.crrcgc.cc/Portals/73/Uploads/Files/2017/4-28/
636289739063167304.pdf
    \21\ Focusing initially with transit freight contracts allowed CRRC 
the opportunity to work with local governments and small businesses, 
leveraging CRRC's economies of scale at a much lower level than were 
CRRC to initially tackle the larger-scale, higher visibility, more 
stringent review process associated with freight rail contracts.
    \22\ ``China-based T supplier keeps rolling,'' CommonWealth, March 
24, 2017. https://com
monwealthmagazine.org/politics/china-based-t-supplier-keeps-rolling/
    \23\ Oxford Economics, ``Will We Derail U.S. Freight Rolling Stock 
Production,'' May 2017. https://www.oxfordeconomics.com/recent-
releases/will-we-derail-us-freight-rolling-stock-production
    \24\ William Vantuono, ``New tank car builder coming on line,'' 
Railway Age, February 13, 2014. https://www.railwayage.com/
financeleasing/new-tank-car-builder-coming-on-line/
    \25\ ``CRRC to build North American wagon plant in Canada,'' 
Railway Gazette, May 5, 2017. http://www.railwaygazette.com/news/news/
n-america/single-view/view/crrc-to-build-north-american-wagon-plant-in-
canada.html
    \26\ Letter from Rail Security Alliance to U.S. Trade 
Representative, December 14, 2017.
    \27\ @CRRC_global, ``Following CRRC's entry to Jamaica, our 
products are now offered to 104 countries and regions. So far, 83 
percent of all rail products in the world are operated by #CRRC or are 
CRRC ones. How long will it take for us conquering the remaining 17 
percent?'' Twitter, January 11, 2018. https://twitter.com/CRRC_global/
status/951476296860819456
    \28\ Yosi Melman, ``Cause for Concern? Chinese Investment and 
Israel's National Security,'' The Jerusalem Post, April 7, 2018. 
https://www.jpost.com/Jerusalem-Report/Chinese-TAKEAWAY-546692
    \29\ Hermine Donceel and Eric Maurice, ``EU Parliament approves new 
anti-dumping methodology,'' EU Observer, November 15, 2017. https://
euobserver.com/economic/139866
    \30\ David Morris, ``Railroad Association Denies Smart Train Cyber 
Vulnerabilities,'' Fortune, January 22, 2016. http://fortune.com/2016/
01/22/railroad-association-denies-smart-train-cyber-vulnerabilities/
    \31\ Paul Mozur, ``Inside China's Dystopian Dreams: A.I., Shame and 
Lots of Cameras,'' The New York Times, July 8, 2018. https://
www.nytimes.com/2018/07/08/business/china-surveillance-technology.html
    \32\ Sophie Curtis, ``Spy agencies `ban Lenovo from secret 
networks,'' The Telegraph, July 29, 2013. https://www.telegraph.co.uk/
technology/news/10208578/Spy-agencies-ban-Lenovo-from-secret-
networks.html
    \33\ Alwyn Scott, ``China drone maker steps up security after U.S. 
Army ban,'' Reuters, August 14, 2017. https://www.reuters.com/article/
us-usa-drones-dji/china-drone-maker-steps-up-security-after-u-s-army-
ban-idUSKCN1AU294
    \34\ Max Greenwood, ``US Army base removes Chinese-made 
surveillance cameras,'' The Hill, January 12, 2018. http://thehill.com/
policy/defense/368710-us-army-base-removes-chinese-made
-surveillance-cameras
    \35\ Hamza Shaban, ``Pentagon tells U.S. military bases to stop 
selling ZTE, Huawei phones,'' The Washington Post, May 2, 2018. https:/
/www.washingtonpost.com/news/the-switch/wp/2018/05/02/pentagon-tells-u-
s-military-bases-to-stop-selling-zte-huawei-phones/?utm_term=.bf1e
99041b11
    \36\ Keith Stouffer et al., ``Guide to Industrial Control Systems 
(ICS) Security,'' NIST Special Publication 800-2, Revision 2, May 2015. 
https://nvlpubs.nist.gov/nistpubs/SpecialPub
lications/NIST.SP.800-82r2.pdf
    \37\ ``The state of cybersecurity in the rail industry,'' Rockwell 
Collins, August 2017. https://www.rockwellcollins.com/-/media/Files/
rc2016/marketing/C/Cybersecurity-solutions/The-state
-of-cybersecurity-in-the-rail-industry-white-
paper.pdf?lastupdate=20171215210046
    \38\ J. William Middendorf II and Dan Negrea, ``China takes a wrong 
turn,'' The Washington Times, March 11, 2018. https://
www.washingtontimes.com/news/2018/mar/11/china-takes-a-wrong-turn/
    \39\ Testimony of Michael T. Haley, ``Update on Federal Rail and 
Public Transportation Security Efforts,'' Hearing before the 
Subcommittee on Transportation Security and Infrastructure Protection, 
of the Committee on Homeland Security, U.S. House of Representatives, 
February 6, 2007.
    \40\ ``Transportation Sector-Specific Plan: Freight Modal Annex,'' 
U.S. Department of Homeland Security, 2007, Pg. 2. https://
www.hsdl.org/?view&did=474331
    \41\ ``Presidential Policy Directive 21--Critical Infrastructure 
Security and Resilience,'' The White House, February 12, 2013. https://
obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-
policy-directive-critical-infrastructure-security-and-resil
    \42\ Government Accountability Office, ``Freight Rail Security: 
Actions Have Been Taken to Enhance Security, but the Federal Strategy 
Can Be Strengthened and Security Efforts Better Monitored,'' Report No. 
09-243, April, 2009, Pg. 7. https://www.gao.gov/products/GAO-09-243
    \43\ Id at 7. 44 Testimony of Michael T. Haley, ``Update on Federal 
Rail and Public Transportation Security Efforts,'' Hearing before the 
Subcommittee on Transportation Security and Infrastructure Protection, 
of the Committee on Homeland Security, U.S. House of Representatives, 
February 6, 2007.
    \45\ ``Strategic Rail Corridor Network (STRACNET),'' Global 
Security, 2012. https://www.globalsecurity.org/military/facility/
stracnet.htm
    \46\ Id.
    \47\ ``About SDDC,'' U.S. Army Military Surface Deployment and 
Distribution Command, 2016. https://web.archive.org/web/20110818114337/
http://www.sddc.army.mil/What/default.aspx
    \48\ James Jackson, ``The Committee on Foreign Investment in the 
United States (CFIUS),'' Congressional Research Service, July 3, 2018. 
https://fas.org/sgp/crs/natsec/RL33388.pdf
    \49\ Executive Order No. 13788, ``Buy American and Hire American,'' 
April 18, 2017. https://www.whitehouse.gov/presidential-actions/
presidential-executive-order-buy-american-hire-american/
                                 ______
                                 
  Response to Written Question Submitted by Hon. Marsha Blackburn to 
                            Daniel H. Rosen
    Question. Question: In your testimony, you state that China is 
mixing political guidance with corporate governance, which distorts 
market outcomes and generally serves the interests of firms in China. 
Moreover, you note that given China's scale and weight, these 
distortions can quickly put firms in other nations out of business. In 
the context of communications and information technology equipment, to 
what extent can Chinese firms put serious downward pressure on Western 
technology companies?
    Answer. In the context of information and communications technology 
(ICT) equipment, the benefits of Chinese industrial policies for native 
firms, including a mixture of political and economic incentives, can 
impair the commercial viability of Western technology companies. 
Chinese Communist Party committees present in all state and many 
private firms have a heavy, if not controlling, influence over 
leadership assignments and compensation, including at the major banking 
institutions. Those financial institutions are mandated to promote 
stability and other political goals, in addition to commercial 
efficiency. This can translate into permissive financing terms for 
domestic ICT firms, to support the government's goals in areas like job 
creation and innovation. Since political stability is not a mandate for 
creditors to western firms, those firms do not enjoy the financial 
flexibility that their Chinese competitors do.
    Chinese industrial policy can also affects the Nation's outbound 
direct investment flows in a manner that creates an unlevel playing 
field for foreign firms. Following decades of unsuccessful attempts to 
develop a domestic semiconductor industry, for example, in 2014 China 
enacted a national policy to accelerate the development of its 
semiconductor industry which included overseas investment as one key 
element. After the announcement of that initiative, private investors 
and government funds embarked on an unprecedented buying spree of 
assets along semiconductor production chains in Asia, Europe and North 
America.
    Before the strategy was announced, outbound investment from China 
into the global semiconductor industry was low, never exceeding $1 
billion in a single year. In 2014, the combined value of Chinese 
takeovers announced globally increased to $3 billion. In 2015, that 
figure rose to $35 billion. The total value of transactions actually 
completed since 2000 adds up to $8.1 billion, a smaller figure as many 
deals either fell through or were rejected for national security 
purposes. But nearly all of that $8.1 billion occurred in the 3 years 
since the Chinese government announced its 2014 strategic plan. Most of 
these transactions were supported by funding offered on favorable terms 
from strategic finance vehicles set up by China's central government 
with an industrial policy mandate.
    Western firms that make imprudent bets on acquisitions don't 
survive. If their Chinese competitors can do so without bearing the 
same consequences, they will disrupt the competitive ecosystem on which 
American competitiveness depends.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Todd Young to 
                              Josh Kallmer
    Question 1. Mr. Kallmer--in your testimony you raise a key point--
that China may propose many more standards in international standards 
organizations, but that there is no ``first mover advantage'' that 
would give them an advantage in the development of 5G. Could you please 
expand on this topic?
    Answer. As I noted in my testimony, China is rapidly developing a 
large quantity of domestic standards on various technologies, but 
quantity does not denote quality. Chinese national standards can often 
be inadequate for international adoption for a number of reasons, 
including a lack of technical sophistication, insufficiently addressing 
interoperability, or because they overtly favor a single vendor's 
technology, which is unacceptable in an international forum. While 
Chinese standards are often developed on short timelines with a great 
deal of downward administrative pressure to generate tangible 
``deliverables,'' international standards setting bodies go through a 
far more rigorous process of review with a wide range of members from 
the international community. International standards setting bodies 
have governance processes in place that enable participants to hold any 
contribution accountable for technical viability and equality for all 
implementers. The rules have been created so that all contributors are 
on a level playing field and thus the notion of a ``first mover 
advantage'' is a mischaracterization. If their industry produces 
meaningful technical submissions and submits them to the international 
process, they will have the same opportunity as the submission from any 
other participants. There is no doubt that being a contributor is a 
stronger position than being an observer and that is why ITI has long 
been a proponent of policies and practices that encourage tech sector 
R&D investment. The strongest counter to any contribution, from any 
country, is highly credible technical content of our own. For the U.S. 
to be most successful 5G standards development, we recommend that the 
U.S. Government:

   Support U.S. industry R&D investment in 5G space with 
        encouragement and support for international standards 
        participation by the private sector;

   Ensure robust competition in U.S. wireless markets, which 
        results in stronger U.S. companies that are able to innovate 
        and successfully contribute to 5G standards; and

   Maintain a strong USG presence in the international 
        standards arena in order to maintain a healthy standardization 
        system.

    Question 2. Shouldn't we encourage U.S. industry to develop 
wireless technology that will inform international standards in the 
future? How can we best do that?
    Answer. Yes. The U.S. should continue to incentivize R&D in the 
private sector through programs like the Small Business Innovation 
Research (SBIR) program, increase public-private partnerships along 
with strengthening Federal R&D in this area, and ensure robust U.S. 
competition in wireless, which allows American companies to gain the 
experience and revenue to make investments in 5G and beyond. With 
regard to developing standards, the U.S. model for consensus-based, 
voluntary, industry-led standards is the very approach that has allowed 
its industry to thrive in the technology space. This approach enables 
the formulation of standards through qualitative and comprehensive 
participation from industry technical experts. Because the private 
sector is at the cutting edge of developments, the long-held U.S. 
standards development approach has great flexibility and is responsive 
to often rapid changes in technology. We encourage the U.S. government 
to continue supporting that approach--helping to facilitate and convene 
important conversations on pressing standardization issues--while also 
investing in R&D and innovation as mentioned above.
                                 ______
                                 
  Response to Written Question Submitted by Hon. Marsha Blackburn to 
                               Samm Sacks
    Question. Question: Through the Made in China 2025 plan, the 
Chinese have been exerting influence on critical technology markets, 
including polysilicon, which is the critical input for semiconductors. 
What else can the U.S. be doing to help fight back on this front?
    Answer. The Chinese government aspires to control the entire 5G 
supply chain from applications that run on top down to servers and 
chips. This kind of vertical integration would give Chinese companies 
greater influence in global technology markets in ways that are harmful 
from a national security and competitiveness standpoint to U.S. 
interests.
    The U.S. government should create more incentives for U.S. 
companies to invest in bolstering U.S. capabilities in polysilicon as a 
critical input for semiconductors. Seeding investment in research and 
development (R&D) and other forms of public-private partnership that 
can help reduce the reliance of U.S. industry on China will be key.
    U.S. government efforts related to Diminishing manufacturing 
sources and material shortages (DMSMS) can serve as important resource 
on the challenge. The Defense Advanced Research Project Agency (DARPA) 
also has a key role to play.
                                 ______
                                 
     Response to Written Question Submitted by Hon. Todd Young to 
                               Samm Sacks
    Question 1. Ms. Sacks--you touched on U.S. policymakers adopting a 
``small yard, high fence'' approach in addressing the challenges posed 
by China. In short, we must be selective in choosing our battles and 
the technologies that we are willing to go to the mat over.
    Today, what are the top three technologies you believe ought to be 
a part of such an approach and how would you start to address the 
challenges China poses?
    Answer. Updating the export control regime is a long overdue step 
and necessary considering China's efforts to catch up and surpass the 
U.S. in technology. The Department of Commerce has issued a list of 
technologies that may be subject to new export controls due to their 
importance for national security and has solicited feedback from 
industry.
    The challenge of identifying specific technologies in need of 
stronger barriers is a very complex one that must be done in close 
coordination among technical experts across the U.S. government, the 
private sector, and the academic and research communities. Now is an 
important window to have these discussions as the export control regime 
is the process of undergoing major changes.
    I have several recommendations:

    Under the current export control framework, the term ``essential'' 
should not be interpreted to encompass technology that is simply used 
or is usable by the military, especially since the defense industry is 
increasingly reliant on commercial off-the-shelf technology.
    Related, some experts like MIT's R. David Edelman have commented 
that distinguishing between civilian and military uses of AI may be 
impossible, and Jack Clark at OpenAI has said the risk of making an 
error with AI export controls is therefore quite large.
    It is very difficult to prevent code from crossing borders. Many 
state-of-the-art AI systems like facial recognition are produced by 
industry and are then (in part or fully) published openly online. It 
wouldn't be too difficult for a foreign military to pick up the 
technology and leverage it in a military application. In addition, 
research is often done collaboratively through networks of engineers 
around the world that do not confirm neatly to national borders. This 
further complicates the ability of export controls to prevent 
potentially harmful uses of American AI tech by foreign governments.
    As discussion of new export controls moves forward, processes 
should be put in place to assess the practical effects given the global 
nature of R&D and understanding the American competitiveness and 
innovation underpins security.
    In terms of technologies that should be subject to stronger 
restriction, I believe that greater access to some kinds of 
semiconductor manufacturing equipment (such as photolithography 
machines) could enable China to eventually replace foreign suppliers. 
This is critical to American technological competitiveness since 
semiconductors underpin much of the advanced computing hardware used to 
train AI systems. While the Chinese government has spent over $2 
billion on a national investment fund and devoted major policy 
resources to support indigenous industry, local Chinese fabs in China 
still lack high-end equipment to attain the kind of self-sufficiency to 
which China's leaders aspire. This is one technology that should 
perhaps be subject to stronger restriction.
    Quantum computing is another area of technology in which to 
consider stronger export restrictions. While speculation on the 
construction of a powerful quantum computer varies in the range of a 
few decades, its development is currently competitive across 
governments, firms, and academic and other research institutions. 
Quantum computers essentially would have far greater computing 
complexity than standard computers in use today. If a powerful quantum 
computer were developed, the entity in control would likely be able to 
leverage its capabilities in applications ranging from advanced 
chemical modeling to new, more sophisticated ways of training AI 
systems. Powerful quantum computing capabilities may also enable new 
approaches to cryptography. Related, there is a substantial risk that a 
powerful quantum computer would allow the holder to break existing 
public key encryption algorithms that currently protect information 
``in transit'' across the Internet and other networks.
                                 ______
                                 
  Response to Written Question Submitted by Hon. Marsha Blackburn to 
                          Hon. Eric Rosenbach
    Question. In regards to information security, there's so much 
emphasis on the real-time sharing of cyber threats. While this is 
clearly important, isn't is just as important to have a long term 
outlook to analyze trends in the marketplace, potential choke points in 
the supply chain, hi-jacking of standards setting bodies, and things of 
that nature?
    Answer. Yes, while real-time information sharing is a critical 
element of our defensive strategy, there are at least three longer-term 
tactics the U.S. can adopt immediately to protect the country from 
foreign attacks and takeovers.
    First, the U.S. must incentivize the use of strong encryption. 
Making America the world leader in encryption technology could advance 
both economic and national security interests. Protecting the Nation's 
most important resource will require a significant expansion in the use 
of encryption. The nation's defense and security agencies have relied 
on encryption to protect its most precious secrets for many decades--
DoD, in fact, is the largest user of encryption in the world. The U.S. 
must both clarify the legal questions around encryption and develop 
real incentives to promote the use and growth of encryption products 
and platforms that allow individuals and organizations to protect their 
data.
    Second, the U.S. should limit foreign ownership and provide 
resources to support firms in key information sectors. Over the past 
decade China has systematically targeted investment in and ownership of 
firms developing technology, such as AI, that will drive strategic 
advantage in the Information Age. Congress took encouraging action by 
reforming and passing legislation that increased limitations and 
oversight of foreign ownership and involvement in data-rich sectors. 
This was important, but should be supplemented with new sources of 
incentives to sustain American tech firms whose technology does not 
have an immediate commercial application.
    Third, good defenses are important, but defense alone will not 
mitigate the threat of foreign attacks. The U.S. needs to quickly 
develop precise and legal offensive cyber operations that change the 
current dynamic of simply sitting back and absorbing the blows of 
adversarial actions. The private sector cannot meet this challenge: the 
U.S. Government, led by the Department of Defense, needs to bolster its 
capabilities to disrupt and degrade Chinese cyber operations before 
they succeed.
    At the same time, the U.S. still has room to improve information 
sharing efforts. The increased willingness of the Intelligence 
Community, DHS, and FBI publicly to attribute Chinese cyber attacks 
through indictments is crucial and positive first step in raising the 
cost to adversaries. The Intelligence Community should also strive to 
share as much intelligence information as possible about Chinese cyber 
operations. In the past, the government has too often watched important 
intellectual property or data flow out of the country without warning 
impacted organizations.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Todd Young to 
                          Hon. Eric Rosenbach
    Question 1. Our national security depends in large part on a 
vibrant, growing, and secure economy. As we continue to face greater 
international economic competition worldwide, China presents a 
particular challenge, as all of the panel's testimony has elicited in 
some form. A failure of the United States to compete economically will 
undermine the prosperity and security of our Nation.
    It is in our national interests of the United States to promote 
free, fair and reciprocal economic relationships between the United 
States and foreign individuals and entities. That is why last year, 
with Senator Cardin as well as Senators Rubio and Coons, I introduced 
the National Economic Security Strategy Act. This legislation directs 
the Federal Government--the President in coordination with the National 
Security Council, the National Economic Council, and the heads of other 
relevant federal agencies--to periodically submit to Congress a 
national economic security strategy.
    My bill would enhance the ability of the Federal Government to 
counter the anticompetitive economic behavior, policies, and strategies 
of foreign individuals and entities. The goal is to ensure Federal 
policies, statutes, regulations, and procedures are optimally designed 
and implemented to facilitate the competitiveness, prosperity, and 
security of the United States.
    Mr. Rosenbach, could you elaborate on your thoughts as to why it is 
so important for the U.S. to have a comprehensive approach to 
international predatory economic practices?
    Answer. States with authoritarian forms of government--and China in 
particular--first recognized the strategic importance of information, 
and have adapted their national laws and policies accordingly. Over the 
past decade, China has pursued a national strategy to challenge the 
United States' global leadership in the Information Age through a 
conscious strategy of state-backed investment, loose consumer data 
privacy protections, a centralized AI and technology deployment 
strategy, and intelligence operations to steal crucial data and 
intellectual property.
    The United States, on the other hand, seems to be standing by, 
beholden to large technology companies focused primarily on connecting 
more people to generate more data to further bolster their profits. In 
the absence of a national strategy to protect Americans' data, promote 
the competitiveness of American firms, and secure our information and 
technology infrastructure assets, the U.S. risks ceding its leadership 
role in the future economic, military, and political landscapes.
    America needs a whole-of-government strategy to improve national 
competitiveness in the Information Age. Information geopolitics cuts 
across all aspects of the economy, society and state security 
apparatus. Authoritarian governments have adopted a highly centralized, 
mercantilist approach to protecting, acquiring and using information. 
Centralization will not be the answer for democracies, but coordination 
must be. Unprecedented cooperation is required, across economic, 
social, defense, intelligence, state department and homeland security 
portfolios. For example, the American government can no longer silo 
regulatory decisions about information-related companies separate from 
foreign policy decisions on cyberspace.
    Even further, America needs a whole-of-nation strategy that 
includes coordination with the private sector. The U.S. intelligence 
community needs to share threat information about foreign intelligence 
organizations with the social media platforms that so directly 
influence Americans' economic and political decision. Policymakers must 
be willing to work with private actors to ensure regulatory red tape 
does not stand in the way of innovation, and that public-private 
partnerships continue to create incentives to accelerate technology 
development. At the same time, American technology firms need to 
understand, and be held accountable for, their role in protecting 
national security interests.

    Question 2. What are we--the U.S. government--missing in making our 
policies data-centric?
    Answer. The Information Age demands a data-centric security and 
economic strategy: America needs to develop a data-focused strategy for 
competitiveness. From a security perspective, a network-centric 
approach to national security is failing. Focus on the threat of a low 
probability catastrophic attack on critical infrastructure networks, 
for example, has distracted leaders from the reality that we are not 
defending the Nation's most precious resource: information. Likewise, 
the government has done very little to prioritize the centers of 
gravity for an economy powered for the Information Age.
    The privacy of personal information is also a national security and 
economic priority. Policies aimed at bolstering U.S. national security 
and promoting U.S. economic competitiveness must go hand-in-hand with 
consumer protection. Authoritarian governments may ignore consumer 
rights in pursuit of acquiring information power, but democracies 
cannot. Bolstering the global competitiveness of American companies 
should remain a top priority, but not at the expense of allowing these 
companies to collect, use, and sell information without user consent or 
under-invest in cybersecurity measures.
    Within the framework of robust national data privacy and security 
laws, the U.S. government should promote more partnerships with 
civilian companies and academic institutions to make progress on high-
priority AI initiatives. For example, the Defense Innovation Unit--
Experimental (DIUx), established by DoD for this purpose, provides a 
model for incentivizing the private sector to develop technologies with 
direct national security applications.

    Question 3. Mr. Rosenbach--in your testimony you note that while 
China has an undeniable advantage in data collection due to the nature 
of its authoritarian government, there are things we can do to keep 
America competitive. When it comes to deploying next-generation 5G 
technology, your belief is we must do everything we can to reduce 
regulatory red tape that slows 5G deployment.
    Answer. China's authoritarian system does give it a deployment 
advantage, but the U.S. can do a lot more to reduce regulatory red tape 
to expedite deployment of next-generation broadband infrastructure. 
Nationwide 5G deployment is a massive effort requiring equipment 
installation and associated permits and approval processes across 
thousands of localities. Yet without this foundation, the U.S. risks 
falling behind in the next generation of wireless-enabled technologies. 
Policymakers must drive toward regulation that standardizes and fast-
tracks local approvals, while giving local authorities the opportunity 
to provide implementation guidance.
    The U.S. should ensure regulation supports the competitiveness of 
American firms in critical sectors. American firms are currently locked 
in a tight competition with Chinese powerhouses to determine who will 
dominate this important area. The U.S. government--and the FTC in 
particular--should make sure that regulations designed to protect 
consumers and competition don't inadvertently undermine the 
competitiveness of American firms relative to Chinese national 
champions like Huawei.
    To promote American competitiveness in 5G technology development 
and in other critical sectors more broadly, the U.S. must also win the 
race for talent. The U.S. has a history of prizing and nurturing 
openness, creativity, and innovation. Our university system is a 
springboard for raw talent; our legal and government institutions allow 
new businesses to thrive; and our sophisticated financial system enable 
the best ideas to be successful. To maintain a competitive edge, the 
U.S. needs a foundation of policies and practices that continue to 
attract top talent, like the heads of AI at Apple, Facebook, Microsoft, 
and Google's cloud computing division, who were all born outside the 
US. The visa program is a good place to start--at minimum, Congress 
should ensure that more highly skilled workers are able to obtain H-1B 
visas. Policymakers should further consider special programs for 
students and experts in the AI and broader set of STEM fields.

    Question 4. Mr. Rosenbach, do you believe the FCC has the required 
authority today to put the U.S. in a position to win the race to 5G? If 
not, what additional authorities should Congress give to the FCC to 
ensure burdensome regulations don't keep us from doing everything we 
can to win the race to 5G?
    Answer. I am not an expert on the FCC, so while I do not have 
specific recommendations for FCC authority reform, I do support a 
whole-of-government approach to ensuring American competitiveness in 5G 
deployment.

                                  [all]