TL;DR
- China’s Ministry of State Security has doubled in size since 2013 and combines CIA, FBI, NSA, and NGA functions under unified control
- Bureau 18 - the MSS bureau focused exclusively on the United States - represents China’s acknowledgment that the relationship has become fundamentally adversarial
- Recent cases reveal full-spectrum operations: traditional human intelligence, cyber campaigns (Salt Typhoon, Volt Typhoon), academic exploitation, and biological research theft
- The MSS operates without ethical constraints recognized by Western intelligence services - a structural asymmetry that advantages Chinese operations
- Defense requires whole-of-society awareness, not just government counterintelligence - universities, companies, and individuals are all targets
Introduction
In December 2025, a U.S. Navy sailor was convicted and sentenced for selling secrets to Chinese intelligence. In early 2026, two Chinese PhD students were caught bringing dangerous pathogens into the United States from China. Congressional committee staff systems were compromised through China’s Salt Typhoon cyber operation.
These aren’t isolated incidents. They’re visible manifestations of what former DIA Deputy Director David Shedd calls “an enormous investment” by the Chinese Communist Party in intelligence operations against the United States - an investment that has doubled the Ministry of State Security since Xi Jinping took power in 2013.
Understanding the scope and methods of this campaign is essential for anyone working in technology, academia, defense, or government.
The Ministry of State Security Structure
Western observers often underestimate Chinese intelligence capabilities by mapping them onto familiar institutional structures. The Ministry of State Security doesn’t correspond to any single U.S. agency. It combines functions distributed across the CIA (foreign intelligence), FBI (domestic counterintelligence), NSA (signals intelligence), and NGA (geospatial intelligence) under unified control.
This integration creates operational advantages. Information flows between collection disciplines without the bureaucratic friction that slows Western agencies. A cyber operation that identifies a recruitment target immediately feeds human intelligence operations. Geospatial surveillance supports both.
Bureau 18, focused exclusively on the United States, receives the best resources and personnel. The MSS “saves the best for last” - acknowledging that the U.S. relationship represents their primary intelligence priority.
The doubling in size since 2013 reflects strategic commitment. Xi Jinping has made great power competition with the United States a central organizing principle of Chinese policy. The intelligence apparatus has expanded accordingly.
Operational Methods
Chinese intelligence operations against the United States span the full spectrum of tradecraft, from traditional human recruitment to sophisticated cyber campaigns.
Human Intelligence Operations
The Jing Xiao Wei case exemplifies traditional tradecraft. An active-duty Navy sailor in San Diego was recruited, photographed classified materials, and removed sensitive data from the naval base. Convicted in December 2025, he joins a growing list of military and government personnel compromised by Chinese intelligence.
These recruitments target individuals with access rather than ideology. Financial incentive, family connections to China, and professional frustration all create recruitment opportunities. The MSS approach is patient and persistent - relationships develop over years before intelligence requests begin.
Academic and Research Exploitation
The University of Michigan pathogen case represents a different vector. Two Chinese PhD students brought dangerous biological materials into the United States from China. The full purpose remains under investigation, but the case illustrates how academic exchange programs create intelligence and technology transfer opportunities.
Previous cases have involved stealing seeds from agricultural companies, transferring proprietary research to Chinese institutions, and using academic positions to access defense-relevant technologies. The line between legitimate research collaboration and intelligence collection is deliberately blurred.
Cyber Operations
Salt Typhoon and Volt Typhoon represent sustained cyber campaigns against U.S. infrastructure and government systems. Congressional committee staff were compromised through Salt Typhoon - giving Chinese intelligence insight into legislative priorities and classified briefings.
These operations demonstrate technical capabilities that match or exceed Western intelligence services. The integration with human intelligence means cyber-derived information immediately supports recruitment operations and strategic planning.
The Asymmetry Problem
A structural challenge for U.S. counterintelligence is the asymmetric constraint environment. Western intelligence services operate within legal and ethical frameworks that Chinese services do not recognize.
The MSS operates “unfettered in terms of ethics or any other constraints.” This isn’t editorializing - it describes operational reality. Activities that would terminate careers in Western services are standard practice for MSS officers.
This asymmetry creates advantages in several domains:
Scale of Operations: Fewer constraints enable more aggressive and extensive collection operations. The sheer number of approaches to potential sources, cyber intrusions attempted, and academic relationships cultivated exceeds what constrained services can match.
Patience: Operations that develop over 5-10 years are standard. Western career structures often don’t reward the patient relationship development that Chinese services excel at.
Whole-of-Society Approach: Chinese intelligence leverages diaspora communities, visiting scholars, business delegations, and professional associations in ways that Western services cannot and should not replicate.
The defense against this asymmetry cannot be matching Chinese methods. It must be raising awareness throughout the target population - universities, companies, government, and individuals who may be approached.
Defense Implications
Effective defense against Chinese intelligence operations requires recognizing that traditional counterintelligence is necessary but insufficient. The threat model has expanded beyond classified government information to include:
- Commercial technology and intellectual property
- Academic research with dual-use applications
- Personal information enabling future recruitment approaches
- Infrastructure access for pre-positioning in potential conflict
For Institutions: Organizations handling sensitive information - technological, commercial, or governmental - need security awareness programs that address the specific Chinese threat. Generic security training doesn’t prepare people to recognize the patient relationship-building that precedes Chinese recruitment approaches.
For Individuals: Anyone with access to valuable information should understand they may be targeted. This includes academics, engineers, military personnel, and government employees. The approach is rarely dramatic - it usually begins with legitimate-seeming professional engagement that gradually escalates.
For Policymakers: The integration of Chinese intelligence, military, and commercial actors means that “normal” business and academic relationships with Chinese counterparts require scrutiny that equivalent Western relationships don’t. This isn’t xenophobia - it’s recognition of how the MSS operates through ostensibly civilian channels.
Key Insights
Integrated Threat: The MSS combines functions that are separated in Western systems, creating operational advantages in intelligence collection and action.
Whole-of-Society Target: Chinese operations target universities, companies, and individuals - not just government agencies. Defense must be similarly distributed.
Asymmetric Constraints: Operating without ethical or legal constraints recognized by Western services gives MSS structural advantages that cannot be matched, only mitigated through awareness.
Patient Persistence: Operations develop over years. The approach that seems like legitimate professional engagement may be early-stage recruitment.
Questions for Further Exploration
- How should academic institutions balance international collaboration with security requirements given the academic exploitation pattern?
- What policy changes would most effectively counter Chinese intelligence operations without damaging legitimate relationships?
- How do the cyber operations (Salt Typhoon, Volt Typhoon) relate to potential conflict scenarios in the Taiwan Strait?
Editorial Note
This analysis focuses on documented intelligence operations and official assessments. The threat is institutional (MSS, CCP policy) rather than ethnic or cultural. Chinese-Americans and legitimate scholars from China are themselves potential victims of CCP intelligence operations and should not be treated as suspects based on national origin.
Source: CSIS interview with David Shedd, former Deputy Director and Acting Director of the Defense Intelligence Agency (cred 8/10). Content from January 14, 2026.