Retired Adm. Michael Rogers is a cyber warrior who spent much of his career in the military using electronic means to try to scoop up Chinese secrets and defend the U.S. from Chinese cyber spies. From 2007 to 2009, during a time of healthy relations between Washington and Beijing, Rogers was intelligence chief for the Navy’s Pacific Command. From there, he became director of intelligence for the Joint Chiefs of Staff and later had responsibility for all the Navy’s cyberwarfare efforts. In 2014, President Obama chose him to lead the National Security Agency, the nation’s premier electronic eavesdropping agency, and U.S. Cyber Command, which oversees the Pentagon’s cyber activities. China was and remains a big target of their efforts. President Trump retained him at both posts until he retired in 2018. These days, he advises corporate clients on cybersecurity and geopolitics at the corporate advisory firm Brunswick Group. This interview is part of Rules of Engagement, a series by Bob Davis, who covered the U.S.-China relationship at The Wall Street Journal starting in the 1990s. In these interviews, Davis asks current and former U.S. officials and policymakers what went right, what went wrong and what comes next.

Illustration by Kate Copeland
Q: In 2007, you were the senior intelligence officer for the Pacific Command. That was at the height of the period of U.S.-China engagement. When you looked at China then, what concerned you?
A: As a senior intel guy, I was trying to help my boss, the theater commander, understand what China was doing. What’s motivating it? What should we anticipate? What do we need to do to protect our interests and to achieve our objectives? [From 2007 to 2009 Adm. Timothy J. Keating was head of Pacific Command.]
At the time we had a decided edge in military capacity, but you could see China was in transition, with economic growth rates in the double digits. You could see the investments that they were starting to make in their military. You knew that the future was going to be different, that China was going to have more options that would create challenges for us.
You were also starting to see the Chinese in the South China Sea filling in reefs and creating land features that were only visible at low tide. They were starting to create man-made islands that could support airfields and military installations, and were also getting very aggressive about their territorial claims.
They were very focused on the South China Sea and were starting a narrative about how the problems of Asia and the Western Pacific should be dealt with by the nations of Asia and the Western Pacific: i.e. Let’s keep the Americans out of these problems. Their view is they’re in a stronger position when they’re dealing with nations individually than when they’re dealing with the United States and a coalition of other nations.
I always used to tell the theater commander when I was the intel officer, ‘If you want to understand China, sir, we need to understand its history. We need to understand its culture. We need to understand the Party, and we need to understand the economic dynamic. If you understand those four things, everything else flows from that.’
It’s not the other way around. So, if we want to understand why they’re moving the pucks on the board the way they are — ships here, aircraft there, submarines there — if we want to understand the investments they’re making in growing their military, it’s about understanding those four things.
I also used to tell the theater commander, ‘Sir, I worry less about a planned military confrontation. I worry much more about an inadvertent event that leads to either loss of aircraft, ships, loss of life, significant injury, loss of face. Those are the things that are going to spike and potentially lead us down an escalatory road that we don’t want to go.’
It’s always hard to diffuse a crisis, but it is particularly hard to diffuse a crisis when you don’t trust each other, when you don’t talk much and when you don’t have well-established mechanisms for diffusing and interacting. Right now we don’t.
Two years later, in 2009, I became the director of intelligence for the Joint Chiefs of Staff. I said to the chairman at the time, Admiral Michael Mullen, ‘Sir, we’re in two ground wars — Afghanistan and Iraq. Why would you want a guy like me to be your intel officer?’ And he said, “’Mike, I got a lot of people in this world who are focused on Iraq and Afghanistan right now, but I don’t have many people who have spent time focused on China. That’s why I want you here.’
There was a recognition, which ultimately led to the so-called China pivot, that we had to shift our strategic focus and much more of our intellectual and leadership decision-making bandwidth to what’s going on in the Asia-Pacific region, and be a little less focused on the ground wars in CENTCOM. [U.S. Central Command, which has responsibility for the Middle East, Afghanistan, and other parts of central and southern Asia.]
I can remember when Admiral Mullen came back from a policy decision meeting in the White House. He told the J3, the director of operations; the J5, the plans officer; and me, the intel guy: ‘The good news is the administration has agreed on this shift in the form of the pivot. The challenge is the Middle East isn’t going to want to let go. There are tons of challenges. And you guys, as you get more senior, are going to have to deal with actually shifting the focus.’ That was around 2010, 2011: and it turned out to be very prophetic.
One of the most important moments in recent U.S.-China relations occurred in 2015, when former President Obama and Chinese leader Xi Jinping met in the Rose Garden. The two leaders agreed neither government would knowingly support cyber theft of corporate secrets or business information. Did the Chinese ever stop the spying?
First of all, it’s interesting to see what led to that moment. This was [one of] Xi’s first visits to the United States as he assumed his new duties [as Chinese leader. Prior to that, Xi met President Obama in California at the Annenberg Estate in 2013.] The Chinese were communicating to us that Xi wanted a harmonious interaction and he wanted a visual image of the two leaders talking to the world about the positives of this relationship.
BIO AT A GLANCE | |
---|---|
AGE | 64 |
FORMER POSITIONS | Director of the National Security Agency, Commander of U.S. Cyber Command |
CURRENT POSITION | Senior advisor, Brunswick Group |
We were having significant issues with China with respect to cyber activity. We were watching — and had been for several years — the theft of intellectual property via cyber on a scale we had never observed before. So, we made the decision that Xi’s desire for something out of this visit potentially gave us some form of leverage.
We went to the Chinese and said, ‘If you want a positive image in the Rose Garden, then we have to address your cyber activity. Because if we don’t address this, President Obama is going to stand in the Rose Garden and in front of Xi is going to tell the world all the problems we have with Chinese activity in cyber. And we will be very direct, very vocal, and very public.’
That led the Chinese to decide that some agreement around the nature of Chinese activity in cyber would be in their best interest. There was an agreement reached before they got there but it was announced in the Rose Garden.

Our position was, hey, we don’t do that. We don’t steal intellectual property. As the leader at the time of the NSA and Cyber Command, two of the largest cyber organizations in U.S. government, we didn’t break into Chinese industrial systems for the purposes of extracting information and then sharing it with Boeing or Lockheed or fill-in-the-blank American company to say, ‘Look, here’s what you’re going to have to compete against.’ We don’t view cyber as a tool to provide competitive advantage to the private sector.
Both nations agreed we would stop this practice, which really meant the Chinese would stop what they were doing. We watched them. We did see some measure of significant downward levels of activity for about six months.
That’s all? Six months?
Then we watched them ramp it back up again. I told the president. ‘Sir, it appears to me Xi went back and said, ‘Look I’ve agreed to this for a broader strategic purpose. What I want you in the PLA and you in the security service who execute cyber activities to do is, number one, back off a little bit. But number two, I want you to raise your tradecraft.’

It was amazing. Prior to this agreement, it was almost as if the Chinese didn’t care if we were catching them. They were loud. They did not try to mask very much what they were doing.
President Obama was not a big fan of being publicly confrontational. He thought it was more effective to talk with them directly and privately. So, we would have some very direct private conversations with the Chinese government about cyber activity that concerned us.
We saw a period of three to six months where China’s activity was significantly lower. It looked like they definitely had been given strategic direction by their leadership. But we also watched a significant evolution in their trade craft. They got quieter. They got better. They seemed to be much more interested in masking or hiding what they were doing.
If that was the case, why didn’t the U.S. retaliate? Or did we?
My sense of President Obama’s view was, ‘Look, we were able to achieve some level of enhanced behavior once. Let’s keep working to see if we can do it using the same methodology’.
Former President Trump came in and had a very different view about U.S.-China relations. And while current President Biden was the vice president during that time in the Rose Garden, he has broadly continued along the line Trump had, that China needs to be very visibly confronted. We need to highlight what China is doing that we disagree with. And we need to take very public action.
…when China believes that it’s dealing with a broader coalition, or believes that an American viewpoint is gaining some level of consensus more broadly, they tend to step back and reassess at least.
Trump opted to do that largely with trade and tariff policy, combined with a focus on [Huawei’s role in] 5G. President Biden hasn’t dropped a single tariff Trump put in place. He too is very vocal about where the U.S. feels China is acting inappropriately. Biden has opted to use tech and semiconductors to show our displeasure and forestall the ability of China to compete in many of the technologies that are going to shape the economies and the national security of the 21st century.
It sounds like you think being more in their face is a better way to go.
I like the idea of being very upfront and very public. I also believe very strongly that a multilateral approach works really well. To me, the Chinese tend to back off if they think that there’s a broad coalition arrayed against them. Also, historically they like to avoid direct confrontation if they can do so while they think they can still achieve their strategic objectives. Their inclination historically has been, if they’re confronted, to back off and pivot a little bit. That doesn’t mean they lose the broad objective they’re trying to achieve.
But, fundamentally, have we been able to change Chinese behavior with respect to cyber? The answer is no.
We haven’t seen them shift their focus, their level of effort, or change the nature of their activity. They were literally going after almost everything. We haven’t seen them change that. Their target sets remain very wide. It wasn’t just a handful of industries; it was really broad. It was the private sector, government, the educational segment — going after research. We haven’t changed that dynamic.
What would you recommend that might change that dynamic?
Number one, we need to think about cyber more strategically. If you want to achieve an impact in cyber, think beyond cyber for the tools you want to use. All too often, we have tended to view cyber activity through the prism of cyber. If they’re doing this to us in cyber, we need to do something similar to them. While that can be a component of a strategy, I always thought the most effective way [to respond] is to look at all the capabilities we have — economic, political, military, informational. Let’s come up with a strategy that enables us to harness a lot of the advantages that we enjoy.
I’m not going to argue that there’s a silver bullet here. But when China believes that it’s dealing with a broader coalition, or believes that an American viewpoint is gaining some level of consensus more broadly, they tend to step back and reassess at least.

But if you’re sitting in Beijing, I assume you would think that Huawei or some of the state-owned companies are targets of U.S. intelligence. Why wouldn’t they think that if the U.S. is going through Huawei, why can’t we go through AT&T?
I’m not going to get into anything classified, but broadly, if you look at U.S. cyber activity, it is very much focused on a national security prism. Cyber is a tool to help us understand the national security challenges and implications of China and its activities. Almost any target we’re looking at, we’re trying to understand the national security dimensions.
Going after commercial activities so you can steal commercial intellectual property or gain a competitive market advantage — we don’t do that. Although it’s funny, I can remember on the margins of the Shangri-La dialogue [an annual defense conference in Singapore], I’d have some nations pulling me aside saying, ‘So why don’t you do that?’
The Wall Street Journal reported that in 2016, AT&T was thinking of using Huawei equipment for 5G. The story said that you and James Comey, the FBI director at the time, personally spoke to AT&T management about why this would be a bad idea. Presumably that was based on intelligence gathering.
No, that was much more about, just look at what the Chinese law says. Under the guise of national security, the Chinese government can compel any Chinese company to provide whatever information or access the government deems appropriate. Why would you want to run this kind of risk? Why would you want to embed [Huawei] software and hardware? Why would you want to create update mechanisms with an entity that must comply with nation-state direction to provide access.
FBI Director Christopher Wray discusses cyber threats, including NotPetya, at an event hosted by the Detroit Economic Club, March 22, 2022.Credit: Detroit Economic Club via YouTube
In 2020, you said in Australia that China might have an advantage in cyber because they’re willing to push the limits. Should the U.S. be pushing the limits? Should we go tit-for-tat?
The best example is to look at what the Russians did. The greatest global cyber event to date is the NotPetya [malware attack] of June 2017. This was a Russian attempt through a Ukrainian tax provider to manipulate software so that it was uploaded within core elements of the infrastructure in Ukraine. The malware started to take that infrastructure down, except the way they wrote the malware, it started proliferating globally. [Eventually it caused about $10 billion in damage globally.]
I thought to myself, if I ever pulled off an op that ended up proliferating globally, man, I would’ve been fired. And yet I’m watching the Russians and President Putin — they deny it and they just don’t care. I’m not trying to argue the U.S. is perfect, but the level of risk authoritarians are willing to run in terms of aggressiveness is really interesting to me.
But then there is the example of Stuxnex, designed to screw up Iranian centrifuges? [Stuxnex was a computer program purportedly designed by the U.S. and Israel that destroyed Iranian nuclear centrifuges but also caused other damage.]
Stuxnet is one thing I’m never gonna talk about. I can only tell you what I’ve read in the news.
How good is U.S. intelligence about China?
I have always felt broadly comfortable in my abilities as an intelligence professional to provide broad insight about China, whether it was to a senior military commander or with our nation’s political leadership. That doesn’t mean it’s perfect and it is never as much as you would like, but we weren’t blind.

There was an incident where China identified a lot of spies, which hurt the U.S. considerably. [The New York Times reported that Beijing had dismantled CIA operations starting in 2010 after killing or imprisoning more than a dozen U.S. sources.]
They have had some measure of effectiveness over time in gaining knowledge about our methodology and how we work. I would always tell my team, ‘Guys, that is the nature of our profession. You gain access and insight. The adversary becomes aware of that and changes their behavior. So, we lose access. Then we study, come up with new technology or a different approach and we regain it.’
How big an impact was Snowden on the U.S. intelligence? [In 2013, before Rogers became NSA chief, Edward Snowden, an NSA consultant, leaked classified material and revealed numerous U.S. surveillance programs, including some targeting U.S. allies.]
There is no doubt he compromised some of our technical capabilities. He eroded trust. And the biggest thing that I found frustrating was the fundamental premise he articulated that NSA is engaged in massive widespread illegal surveillance of U.S. citizens. That was his fundamental initial premise, which was total bullshit.

Credit: John Zangas via Flickr
Now, you can disagree with U.S. law. That’s fair. That’s every citizen’s right. But every review we’ve had subsequent to that came back and said NSA is fully compliant with the law. NSA has vigorous oversight of the execution of its mission within that legal framework.
We had intelligence capabilities compromised. We had tools that we lost. We had access we lost. I’m not going to go into specifics, but no one should think that this was an insignificant event that had no impact.
What about your ability to work with allies?
In at least two cases — two very large significant U.S. allies — when I was in their nation’s capital, I said to their leadership, ‘If it creates problems for you, no problem. We’ll stop the relationship. I’ll shut it all down.’ [The response] was like,’ ‘Oh, no, no, you can’t do that. You can’t do that.’
I said, ‘Look, the information that we share with you is much more than you share with us in most cases.’ Part of that is because of the volume, the size, the structure, and the U.S.-centric nature of the global telecommunications grid.
You mentioned the pivot to Asia. In the interview I had for this series with former Secretary of Defense Ash Carter, he said the Defense Department really did pivot, but the rest of the government, not so much. He didn’t name any official, but he was pretty clearly blaming the State Department under [former Secretary of State] John Kerry for that. What did you think of the effort and whether it succeeded?

Number one, it was easier for DOD than other areas [to shift]. Militarily there was very little disagreement about the greatest military challenges ahead. There was broad consensus that it was China. That doesn’t mean we’re going to be enemies or that we want to get into a fight.
Particularly as the ground wars in Iraq and Afghanistan started [diminishing] and the force levels started going down, we had more capacity we could shift. And culturally we’re a hierarchical organization. If the boss says, do it, that’s what we do. Other elements of the government don’t have the same hierarchical structure. Sometimes it takes bureaucracy a long time to execute a significant change.
You also have said China needs to pay a price for unacceptable behavior. What’s the price?
That price could be international isolation; or that they’re going to be less economically competitive; or that they’re going to lose access to either some capabilities or some partners.
Look, a strong China is in the world’s best interest. But can that strength be applied within the norms of behavior that we’ve established over the last 70 years, using the structures we’ve created, and following international law? That was always the challenge I thought there would be with China.

It wasn’t so much that, oh my God, they’re going to be the world’s biggest economy or they’re going to be the largest military in the world. My attitude was, if they were applied in the right way, those can be positives for the world. Think of the market that we potentially could gain access to. If we were to partner with them militarily, think of some of the great things we could do to help the broader world around us. There are some real positives.
I am not one who believes that China becoming stronger is a danger to the United States in and of itself or is inherently a bad thing.
What about their closeness now to Russia? China is talking about a partnership without limits.
First, we need to separate rhetoric from reality. China has talked about a partnership without limits. Well, there clearly is a limit. For example, the Chinese have been unwilling to provide the Russians with direct military capacity for the war in Ukraine. Clearly China has said, ‘Look, that’s a bridge too far. We’re not going down that road with you guys.’ So, despite the rhetoric, it is not a partnership without limit.

The Chinese have come to the conclusion that a relationship with Russia offers a good counter to U.S. dominance. That creates challenges for the United States and that is in China’s best interest.
The question to me is, how long does a relationship like this remain in China’s best interest? My view is that it isn’t going to stand the test of time. If I was a betting man, I don’t think China and Russia are going to be in the same place 10, 15 years from now.
So how do you encourage a coming together of the U.S. and China again? For years and years, the U.S. tried engagement — wrapping the U.S. and China together through economic bonds.
Let’s go back to when we were trying to get the Chinese into the WTO. I would argue U.S. policy was built around three hopes. Hope number one: If you bring them into the global infrastructure, they will become adherents and supporters of that structure. They will see the value that it generates, and they in fact will become advocates for it. How’s that hope worked out for us? [Rogers makes a sound like a buzzer signaling a foul.] It didn’t go anywhere.
Second hope: If you bring them into the global economy, the Chinese government will see the value that more open societies are able to generate economically. And the Chinese government will come to the conclusion that perhaps a little bit more open society is in the best interest of their nation. How’s that hope going so far? [Another buzzer.]
We need to work hard to make sure that we don’t become implacable enemies who constantly view each other not as competitors, but as adversaries.
And the third hope was that if we open China to the broader world, its citizens will see the benefits of more open, more democratic societies. And its citizens will pressure the government to change. How’s that working out? [A third buzzer.]
We had this hope that we would fundamentally change them to something that looked more like us. I think that has proven to be a total bust. Going forward, the objective should not be, let’s figure out how to make them more like us. The objective should be, how can we show them the benefits, as they define it, from participating in the structures, norms of behavior, and international legal frameworks that we’ve created.

What is a concrete example that would illustrate what you mean?
Let’s start with areas where we’ve got potentially some commonality. Climate. Cybersecurity. Can we look at ensuring the defense of our governments as well as our private sectors? That’s in both our best interests.
And then you see whether we can show that we did things together that benefited both of us, without forcing either of us to fundamentally become like the other. Then can we then expand that into something broader?
Economics is also an area where there is a mutual benefit. It doesn’t have to be one gains and the other loses. In terms of global economic activity, the pie is big enough. We can both achieve strong economic performance without trying to do it at the expense of the other.
For the next several years we need to work hard to make sure [the U.S.-China relationship] doesn’t get any worse — that we don’t decouple. We need to work hard to make sure that we don’t become implacable enemies who constantly view each other not as competitors, but as adversaries.
At the moment, it’s like when you have a bad situation at home with your wife, but you both still want to live together. You get through it. Each of you is frustrated, but you don’t want to get to the point where one of you decides that’s it, it’s over.
That’s where we are right now. I expect this to continue for some number of years. I hope not a decade, but I don’t see this changing in the next two or three years.

Let’s talk about infrastructure. It’s a weakness obviously.
One of the challenges in a democratic society is that most of the infrastructure is owned by the private sector, not the government. Even in outer space, we’re building constellation sizes in orbit now that will number in the thousands. And those are all commercial.
Look at water, look at power, look at finance, look at energy, look at generation and transmission. The infrastructure is all owned in the private sector. So, you’ve got to make sure you have a strong partnership between the private sector and government.
What about on the satellites? Is it a plus or a minus in terms of security that there are so many being launched.
Greater proliferation and increases in capacity are definitely a risk mitigation tool.
If you step back, the virtual world has proven to be much more resilient than the physical world. Look at the aftermath of a hurricane or a tornado. It takes months and years to totally restore and rebuild. Look at cyber. NotPetya, as I said earlier, is probably the greatest global [cyber] event. That impact was uneven, and it was mitigated largely in a matter of days to weeks.

What would you advise ordinary people to do to protect themselves online?
Number one, be a lot more discerning. The bias cannot be that if it’s in my inbox, it’s gone through [virus] filters and security checks, so it must mean it’s okay for me to open it. We’ve got to be a whole lot more discerning. Have I seen something from this individual before? Is this something this individual would normally send to me? Does the phraseology in the email make sense? Does it sound like it’s actually written by this person or is it who they purport to be?
Number two, in some cases, I will say to myself, if I’m not sure it’s valid, I’m not going to access it. If it’s valid, they’ll come back. If it’s somebody with a legitimate purpose, they’ll come back. I tend to be pretty conservative and err on the side of caution.
Also make sure you’ve got a good virus checker. I’m a proponent of more than one. I generally like to go with two. Make sure that you’re using technology to encrypt and protect your link. Use a VPN, for example. There are things you can do that are not expensive or technically complex, that can increase the probability that you will have a minimal impact from the efforts of others to penetrate your emails or networks.

Bob Davis, a former correspondent at The Wall Street Journal, covered U.S.-China relations beginning in the 1990s. He co-authored “Superpower Showdown,” with Lingling Wei, which chronicles the two nations’ economic and trade rivalry. He can be reached via bobdavisreports.com.