“At the center of Xi’s vision are what he calls China’s “new productive forces”—breakthroughs in advanced batteries, biotech, LiDAR, drones, and other emerging technologies that promise to redefine the next industrial revolution. By dominating these sectors, Beijing aims to ensure Chinese technology is deeply embedded within critical American supply chains—everything from power grids and ports to communications networks—thereby converting China’s commercial success into a powerful geopolitical tool of leverage.” — Craig Singleton in “China’s Tech Triple Play Threatens U.S. National Security,” Real Clear Defense, 25 March 2025.
[Editor’s Note: The article cited above addresses China’s plans to penetrate and exploit American supply chains as a non-kinetic, gray zone means of applying economic pressure to bend America’s will. Today’s guest blog post by Lisa Morton expands on this theme to explore how our pacing threat’s intelligence services could weaponize our military supply chains against us — employing front companies and unwitting American citizens to penetrate and “poison” our critical supply chains with key subcomponents that degrade and fail over time — achieving time-delayed sabotage of our vital combat systems.
Preposterous, you say? Another of our adversaries has reportedly already thoroughly penetrated American industry:
“North Korean nationals have infiltrated the employee ranks at top global companies more so than previously thought, maintaining a pervasive and potentially widening threat against IT infrastructure and sensitive data.“
“There are hundreds of Fortune 500 organizations that have hired these North Korean IT workers,” Mandiant Consulting CTO Charles Carmakal said Tuesday [29 April 2025] during a media briefing at the RSAC 2025 Conference.”
“Literally every Fortune 500 company has at least dozens, if not hundreds, of applications for North Korean IT workers,” Carmakal said. “Nearly every CISO that I’ve spoken to about the North Korean IT worker problem has admitted they’ve hired at least one North Korean IT worker, if not a dozen or a few dozen.” — Matt Kapko, “North Korean operatives have infiltrated hundreds of Fortune 500 companies,” Cyberscoop, 30APR25
Ms. Morton’s vignette and subsequent discussion offers us a disturbingly credible vision of how our critical military supply chains could be penetrated and weaponized by our adversaries as another attack surface. Fortunately, she also offers a three-fold prescription to help us mitigate this emergent threat — Read on!]
Imagine this: a seemingly insignificant bolt, a crucial component in a helicopter’s rotor assembly, fails mid-flight. The result? A catastrophic crash, loss of life, and a critical mission compromised. This is the potential consequence of adversaries exploiting publicly available contracting data to subtly sabotage our military’s supply chain…
It is 2030 and a UH-60 Blackhawk helicopter just crashed near the coast of Taiwan. As soon as the crash is reported, all UH-60 operations are halted until a preliminary investigation is completed to determine what caused the incident. Army investigators from the safety center at Fort Novosel fly to Taiwan to determine the cause of the crash. When the safety team identifies a defective bolt as the cause, a junior officer of the People’s Liberation Army (PLA) Naval Air Force stationed on board the Fujian reads the report and senses that the PLA’s plan to sabotage American UH-60s has succeeded.
A year earlier, he and his intelligence team formed several seemingly legitimate American businesses whose task was to find publicly available information about upcoming requirements for bolts so they could underbid American companies and potentially gain access to critical technologies. These small business startups are now PLA insider threats targeting and exploiting the Department of Defense’s publicly available contract information and bidding on contracts, delivering the bolts on time and under budget. The bolts pass initial quality control tests, but are subtly flawed, using inferior materials that degrade over time. The PLA’s small businesses are virtual companies masquerading as American companies, incorporated in American cities and recruiting unknowing Americans to gather data necessary to supply the defective bolts to the U.S. Army. These virtual companies post online job opportunities with good pay and remote work, which is advantageous to the operation and enticing to potential recruits.
“Jane” is an American recruited and hired by one of these shadow PLA virtual businesses whose job is to get access to DoD’s online contract system and search for specific hardware requirements (i.e., bolts) to bid on. Jane diligently performs her duties, unaware that her employer is a front for a PLA intelligence agency. Working out of her home, she dutifully searches for and reports all contract requirements for bolts. Her employer then bids on and wins contracts to produce bolts that pass standard quality control tests but have degraded performance under stress later in their lifecycle. By the time anyone realizes the hardware has manufacturing deficiencies, the 
bolts are already in DoD’s inventory and supply system, threatening readiness and posing a grave danger to U.S. forces –– the small business has been paid by the Defense Finance Accounting Service (DFAS), closed up shop, and disappeared. Jane’s searches were subtle enough to avoid notice –– the Army never suspected an insider threat had penetrated its supply chain.
The DoD allocates over $456 billion annually to contracts, underscoring the vital role of a robust industrial base, including small businesses and non-traditional contractors, in safeguarding national security. Over 200,000 companies contribute to the DoD’s needs, providing supplies, parts, manufacturing, and services. To promote competition, contracting officers are required to publicly announce certain proposed contracts that exceed specified dollar thresholds. These procurements are typically conducted on the open market and are often facilitated by a dedicated website. This website serves as a central repository of information on Army requirements, including detailed descriptions of needed services (Performance Work Statements or PWS) and supplies (Statements of Work or SOW). Registered users can access the website to identify government purchasing needs, including specifics on required products or services, timelines, and delivery locations.
This readily available information, while intended to promote transparency and competition, could also be exploited. It’s plausible that foreign intelligence agencies have infiltrated numerous small businesses by embedding seemingly innocuous, low-level contractor employees. Their mission could be to gather and analyze publicly available procurement data, focusing on Army purchasing activities worldwide. By scrutinizing details such as who is buying what, from whom, when, where, and in what quantities, these operatives could identify patterns and deduce the underlying reasons for specific procurement activities. This underscores the inherent tension between transparency in government contracting and the need to protect information that, while public, could be leveraged by adversaries.
This isn’t just a theoretical threat. In 1979, Gen Robert H. Barrow, then commandant of the U.S. Marine Corps, stated “Amateurs talk about tactics, but professionals study logistics.” Threats to force sustainment are real, potentially resulting in compromised equipment, mission failures, and ultimately, the loss of lives. It is critical to ensure individuals accessing DoD contract data are properly vetted and continuously monitored to prevent adversarial exploitation of publicly available contracting data. While federal contract regulations require that certain contract information be publicly accessible, this open access presents a significant security threat. This transparency must be carefully balanced against protecting sensitive business information and national security interests. Actions to counter potential threats include:
Enhanced Training and Vetting: Rigorous security training for contracting personnel, emphasizing the risks associated with seemingly innocuous data, is crucial. Vetting contractor ownership, especially regarding foreign influence, is also essential to prevent sabotage and intellectual property theft. Individual contractors with access to the contract data must be thoroughly vetted. Provide government employees with security training, while using engaging and relatable content to ensure contracting professionals are trained to recognize and mitigate threats. Something as simple as failing to redact a signature block containing Common Access Card information on a publicly available contracting document can provide malicious actors with the keys to the kingdom, potentially compromising sensitive systems.
Aggressive “Red Teaming”: Regular red team exercises, simulating real-world attacks on acquisition systems, can proactively identify and address vulnerabilities before they are exploited.
Cybersecurity Insurance: Requiring government contractors to carry cybersecurity insurance, transferring some of the financial risk of a data breach to the private sector and incentivizing better security practices.
The future of warfare depends on secure and resilient supply chains. By addressing these vulnerabilities head-on, the U.S. military can safeguard our Soldier’s readiness and protect our national security.
If you enjoyed this post, review the TRADOC Pamphlet 525-92, The Operational Environment 2024-2034: Large-Scale Combat Operations
Explore the TRADOC G-2‘s Operational Environment Enterprise web page, brimming with authoritative information on the Operational Environment and how our adversaries fight, including:
Our China Landing Zone, full of information regarding our pacing challenge, including ATP 7-100.3, Chinese Tactics, How China Fights in Large-Scale Combat Operations, BiteSize China weekly topics, and the People’s Liberation Army Ground Forces Quick Reference Guide.
Our Russia Landing Zone, including the BiteSize Russia weekly topics. If you have a CAC, you’ll be especially interested in reviewing our weekly RUS-UKR Conflict Running Estimates and associated Narratives, capturing what we learned about the contemporary Russian way of war in Ukraine over the past two years and the ramifications for U.S. Army modernization across DOTMLPF-P.
Our Iran Landing Zone, including the Iran Quick Reference Guide and the Iran Passive Defense Manual (both require a CAC to access).
Our North Korea Landing Zone, including Resources for Studying North Korea, Instruments of Chinese Military Influence in North Korea, and Instruments of Russian Military Influence in North Korea.
Our Running Estimates SharePoint site (also requires a CAC to access) — documenting what we’re learning about the evolving OE. Contains our monthly OE Running Estimates, associated Narratives, and the quarterly OE Assessment TRADOC Intelligence Posts (TIPs).
Then review the following related Mad Scientist Laboratory content addressing sustainment issues:
Weapons on Demand: How 3D Printing Will Revolutionize Military Sustainment, by Scott Pettigrew
Sinews of War: Innovating the Future of Sustainment by then MSG Donald R. Cullen, MSG Timothy D. Roberts, MSG Jessica Cho, and MSG Johanny Ortega
The 4th Industrial Revolution, Additive Manufacturing, and the Operational Environment by Jeremy McLain
The Hard Part of Fighting a War: Contested Logistics
>>>>Announcement: You are cordially invited to the Army Mad Scientist Initiative’s “Global Perspectives on the OE: Indo-Pacific” Virtual Event on the 22nd of May 2025. Partnering with our U.S. Army TRADOC Foreign Liaison Officers, this virtual event will explore our Allies and Partners’ perspectives on the Operational Environment, featuring prominent subject matter experts from some of our Allies and Partners in the Indo-Pacific theater to establish an open dialogue on their perspectives regarding the Operational Environment. The event will be held from 6:00pm EDT to 11:30pm EDT. Register to attend this event at the Eventbrite link here and check out the draft agenda here.
Once registered, you will receive a follow-up email with the link to the virtual event.
You must be registered in Eventbrite to receive a virtual event link! Stay tuned to all Army Mad Scientist social media and the Mad Scientist Laboratory for further updates!
>>>>Reminder: Army Mad Scientist wants to crowdsource your thoughts on Great Power Competition & Conflict — check out the flyer describing our latest writing contest.
All entries must address one of the following writing prompts:
How are the ongoing conflicts in Ukraine, the Middle East, and Africa shaping how the U.S. Army may need to fight in 2035?
What role can the U.S. Army play in helping the U.S. counter Chinese, Russian, and Iranian influence across the Global South?
How can the U.S. Army counter growing Russian/Chinese collusion in the Arctic, and China’s growing presence in the Antarctic?
What emergent technology(ies) or convergences of technologies could disrupt Great Power dominance in 2035? In 2050?
We are accepting three types of submissions:
-
-
- 1500-word Non-Fiction Essay
-
-
-
- 1500-word Fictional Intelligence (FICINT) Story
-
-
-
- Hybrid 1500-word submission incorporating a short FICINT vignette, with a Non-Fiction Essay expounding on the threat capabilities described in the vignette
-
Anyone can participate (Soldiers, Government Civilians, and all global citizens) — Multiple submissions are encouraged!
All entries are due NLT 11:59 pm Eastern on May 30, 2025 at: madscitradoc@gmail.com
Click here for additional information on this contest — we look forward to your participation!
About the Author: Lisa Morton, a Navy procurement professional and participant in the Naval Supply Systems Command (NAVSUP) Leadership Development Program (NLDP), expanded her understanding of threats in the operational environment during a 2025 developmental assignment with the U.S. Army TRADOC Mad Scientist Initiative.
Disclaimer: The views expressed in this blog post do not necessarily reflect those of the U.S. Department of Defense, Department of the Army, Army Futures Command (AFC), or Training and Doctrine Command (TRADOC).
