Skip to main content
Back to Blog
Cyber LiabilityCybersecurityExecutive Strategy

The Emerging Chinese Threat

Chris Burns
March 17, 2026
A few weeks ago, I attended an FBI cybersecurity briefing led by Supervisory Special Agent Marty D'Amico from the Detroit field office. The message was clear: China is executing a long-term strategy for global dominance by 2049, and U.S. businesses are directly in the crosshairs. Their "Made in China 2025" initiative targeted ten key sectors, and their upcoming 15th Five-Year Plan doubles down on AI, quantum, 6G, and more. The threat has also evolved. A group called Volt Typhoon is no longer just stealing intellectual property — they're pre-positioning inside U.S. critical infrastructure, waiting for a geopolitical trigger. And here's what every business leader needs to hear: 80% of that critical infrastructure is privately owned. Your security gaps aren't just a business risk — they're a national security vulnerability. The FBI released Operation Winter Shield, a solid ten-point cyber resilience framework. But a checklist without a structured cybersecurity program behind it is like a workout plan without a gym. The checklist isn't the strategy — the program is. Have the conversation with your leadership team now, not next quarter. The adversary isn't waiting for your budget cycle.

A few weeks ago, I sat in on an FBI cybersecurity briefing at FutureCon. The speaker was Supervisory Special Agent Marty D'Amico from the FBI Detroit field office, where he leads their cyber squad. What he laid out should be required listening for every business owner, CEO, and board in America.

Here's the short version: China isn't hacking us for fun. They're operating on a 100-year plan with a goal that is very simple and very public: global dominance by the year 2049, the centenary of the People's Republic of China. To get there, they created the "Made in China 2025" initiative — a ten-year plan to dominate ten key sectors: information technology, robotics, aerospace, maritime equipment, rail transport, new-energy vehicles, power equipment, agricultural machinery, new materials, and biopharma. If your business touches any of those, you're not just competing with a Chinese company. You're a target of the Chinese state.

And they're not done. Made in China 2025 has been largely achieved. China's 15th Five-Year Plan (2026–2030) picks up right where it left off — doubling down on AI, quantum computing, biomanufacturing, 6G, and advanced robotics. This isn't a phase. It's a strategy.

For decades the FBI talked about intellectual property theft. That's still happening. But a group called Volt Typhoon has shifted the playbook entirely. They're not stealing your customer list. They're pre-positioning inside U.S. critical infrastructure.  Targets include communications, water treatment plants, oil and gas pipelines, the electrical grid  The are sitting low and slow, waiting. For what? A geopolitical trigger. Many analysts point to 2027 and the Taiwan situation. The goal isn't espionage anymore. It's sabotage. Disrupting physical safety to create domestic panic.

Now here's the part that should hit different if you're a business leader: the FBI reports that 80% of that critical infrastructure is owned by the private sector. Not the government. You. The FBI cannot be the firewall for every company in America. That means your unpatched firewall/router, your weak passwords, your "we'll get to it next quarter" attitude; that's not just a business risk. It's a national security vulnerability.

SSA D'Amico outlined Operation Winter Shield, which is the FBI's ten key actions to improve cyber resilience. It's a solid framework and I'd encourage every leader to read it: https://www.fbi.gov/file-repository/operation-winter-shield-slick.pdf/view

The problem I have is that list assumes you already have a cybersecurity program. Most businesses don't. They have a firewall, an antivirus/EDR, and maybe some backup. Handing a company the Winter Shield checklist without a structured cybersecurity program underneath it is like giving someone a workout plan when they haven't built the gym yet. It's going to end up in someone's inbox right next to the "we should really look into this" emails from 2021.

The checklist isn't the strategy. The program is the strategy. The checklist is what a good program executes.

Share this with your leadership team. Have the conversation. Not next quarter. Now. The adversary isn't waiting for your next budget cycle.

 

Back to All Posts