Navigating China's strategic landscape: a conversation with John Costello

China’s technology strategy prioritizes scale, commoditization, and IP acquisition. Learn how analysts can track risk, OSINT barriers, and cyber threats.

China is no longer a “future” concern for security teams; it’s a persistent feature of today’s threat environment. In a recent episode of NeedleStack, hosts AJ Nash and Robert Vamosi sat down with John Costello, Director of Strategic Affairs at Wirescreen and former senior leader in U.S. cyber policy, to unpack how China’s technology strategy intersects with cybersecurity, intelligence collection, and investigative risk.

The conversation makes one thing clear: understanding China today requires moving beyond headlines and into execution-level realities. For analysts, investigators, and security leaders, this means building workflows that can safely operate inside a contested digital environment, one where policy, economics, and cyber operations are tightly linked.

Below are some key takeaways from the episode. Want to hear the full conversation? Below, you can watch the complete NeedleStack episode where AJ, Robert, and John dive deeper into China’s technology strategy, cyber risk, and what investigators should be tracking next.

Strategic competition with China is the baseline

The past decade represents a sustained era of strategic competition between China and the United States. This competition extends far beyond military power, shaping technology supply chains, global trade, and digital ecosystems.

For intelligence and security teams, this means China-related risk should be assumed rather than treated as exceptional. Organizations operating in technology, manufacturing, energy, finance, healthcare, or government-adjacent sectors should expect persistent interest in their data, partners, and intellectual property.

In this environment, perimeter defenses alone are insufficient. Teams must be able to safely access and analyze the external digital terrain where threats originate.

China’s strength lies in scale, not breakthrough innovation

A central theme of the episode is the distinction between innovation and execution. China has historically excelled not by consistently inventing new technologies, but by acquiring intellectual property, optimizing it, and scaling it rapidly.

China performs best when a technology is already largely mature. At that stage, it can integrate components, reduce dependency on foreign suppliers, manufacture at scale, and compete aggressively on cost — often with state support.

For investigators, this shifts where risk emerges. Threat activity often accelerates not during early research, but once technologies become commercially viable and ecosystems expand. These inflection points are prime targets for IP theft, vendor compromise, and cyber-enabled intelligence collection.

Will China hit a ceiling without innovation?

A recurring question among executives is whether China’s model has limits. Can an economy built on optimization and acquisition succeed without sustained disruptive innovation?

The answer is nuanced. Structural constraints exist, particularly if China cannot expand basic research or foster conditions that enable long-term innovation. At the same time, China has repeatedly shown a willingness to absorb loss, tolerate inefficiency, and pivot aggressively to overcome obstacles.

For security leaders, the practical takeaway is clear: it is risky to assume internal challenges will reduce external threats. China remains capable, motivated, and strategic — qualities that demand sustained attention.

The five-year plan as a roadmap for analysts

China’s Five-Year Plans remain one of the most valuable open-source forecasting tools available to intelligence teams. These documents publicly outline national priorities and then align funding, talent development, and industrial policy to support them.

Historically, Five-Year Plans have correlated with:

• Increased state-backed investment
• Targeted STEM education and scholarship pipelines
• Heightened cyber activity against priority sectors
• Pressure on supply chains and third-party vendors

For investigators, these plans function as early-warning indicators. When a sector is emphasized, attention rarely stops at flagship companies. It often extends to suppliers, service providers, and adjacent technologies.

Why OSINT on China is increasingly challenging

China operates one of the most restricted digital ecosystems in the world. The Great Firewall, aggressive content controls, and large-scale takedowns of sensitive material have significantly reduced visibility for open-source investigations.

Analysts routinely encounter blocked sites, dead links, inaccessible filings, and region-dependent access. This complicates due diligence, threat research, and strategic monitoring.

The solution is not abandoning OSINT but modernizing how it is conducted. Investigators need a secure, isolated environment that allows them to safely access restricted content, capture evidence, and analyze findings without revealing identity, location, or investigative intent.

Military-civil fusion and hidden vendor risk

One of the most underestimated risks discussed in the episode is China’s model of military-civil fusion. In this system, commercial entities may be closely intertwined with state or military objectives, even when they appear independent.

Shared leadership, overlapping facilities, and collaborative research are common. For organizations engaging with Chinese firms (or firms connected to Chinese ecosystems) this blurring of lines introduces significant exposure.

Effective risk management requires more than surface-level checks. Security teams must understand ownership structures, leadership affiliations, funding sources, and ecosystem relationships before granting access to sensitive systems or data.

What this means for modern investigations

China’s approach to technology and cyber operations reinforces the need for a different investigative posture. Visibility without protection is no longer acceptable.

To operate effectively, intelligence teams need a unified workspace that supports the full intelligence lifecycle:

• Protect investigations by isolating analyst activity from external threats
• Mask identity, geolocation, and digital fingerprints during collection
• Accelerate workflows from access and capture through analysis and reporting
• Manage users, policy, and compliance across teams and cases

Direct engagement gives risk teams the edge, but only when it is done safely and deliberately.

Explore more on the NeedleStack podcast

NeedleStack brings together intelligence, cybersecurity, and investigative leaders to unpack real-world threats shaping the digital environment. Each episode delivers practical insight you can apply across access, collection, analysis, and reporting.

Subscribe to NeedleStack to stay ahead of emerging threats and hear directly from experts working at the intersection of security, intelligence, and technology.