top of page

Why CMMC Exists: China’s Defense Surge Is Fueled by Data We’ve Failed to Protect

  • mike08242
  • 14 hours ago
  • 3 min read

In our latest Bourbon & Bytes episode, Mackenzie Eaglen laid out a reality that too few people in the Defense Industrial Base (DIB) are willing to confront:

ree

China’s real military investment isn’t just large—it likely eclipses U.S. spending, potentially reaching $1 trillion annually.


And a disturbing portion of that advantage comes not from innovation…


…but from us.


Specifically: from stolen U.S. data, U.S. designs, U.S. R&D, and U.S. intellectual property siphoned out of the Defense Industrial Base through espionage.


This is why CMMC exists.This is why safeguarding Controlled Unclassified Information (CUI) is non-negotiable. This is why “good enough” security is no longer good enough.



China Isn’t a Near-Peer Competitor. They Are a Direct Competitor.


In the discussion, Mackenzie walked through her open-source reconstruction of China’s defense budget. Even using conservative assumptions, her findings were blunt:


  • The old talking point—“the U.S. spends more than the next 12 countries combined”—no longer holds water.

  • China’s real spending likely exceeds $700B and may approach $1T when you include hidden subsidies, market manipulation, dual-use industrial investment, and accelerators not counted in traditional defense budgets.

  • China gets “more bang for their buck” because they fight locally while we fight globally.

  • And most importantly: They are accelerating their rise by stealing from us.


As Mackenzie put it, the espionage is “eye-opening.” Chinese military modernization is powered not only by massive investment but by decades of theft—from American defense contractors, subcontractors, universities, and small businesses dispersed across the DIB.


This is the part most people miss.


China isn’t just out-spending us.


They are out-stealing us.


CUI Is the Front Door to America’s Military Advantage


Not the top-secret programs.

Not the black-budget weapons platforms.


The soft underbelly is the data we label “unclassified but sensitive”—the engineering drawings, logistics schedules, materials specs, component tolerances, communications, and design details that grease the wheels of U.S. military capability.


And for years, adversaries didn’t need to hack the Pentagon.

They just hacked the small contractor supplying the part supplying the part supplying the prime.


CMMC is the first meaningful attempt to close that door.


Why Adversaries Target CUI


Because stealing CUI is cheap, quiet, and brutally effective.

1. It shortcuts decades of R&D

Why spend billions when you can steal it?


2. It accelerates China’s “fast follower” advantage

They let us innovate → then copy → then mass-produce cheaply.


3. It eliminates Western competition

Mackenzie referenced China’s $60–$100B in annual market-stabilization funds used to subsidize industries until Western competitors collapse.

Now imagine that combined with stolen U.S. IP.


4. It helps China dominate strategically important industries

Once an industry is hollowed out, there’s no American supplier left to call—military or otherwise.


5. It erodes U.S. military readiness without firing a shot

Why fight the U.S. military if you can quietly sabotage the industrial base that sustains it?


This is not hypothetical.


This is the playbook.


CMMC Is Not a “Compliance Program.” It’s a Counter-Espionage Strategy.


When you view CMMC through the geopolitical lens Mackenzie articulates, the purpose becomes unmistakable:


CMMC is an attempt to stop the bleeding.


If you hold CUI, you must protect it.If you can’t protect it, you can’t participate.

This isn’t punishment. It’s survival.


The Defense Industrial Base Is a Target—Not a Concept


Mackenzie’s analysis makes this painfully clear:


  • China’s military ascension is fueled by stolen U.S. intellectual property.

  • Their industrial base is subsidized to the point of near-limitless production.

  • Their technological gains are not independent—they’re derivative.

  • And every time a U.S. contractor loses CUI, the strategic gap widens.


CUI leakage is not an IT issue. It’s not a compliance issue. It is a national security issue.

Every breach, every compromise, every outdated control…opens another door we can’t afford to leave unlocked.


Safeguarding CUI Is National Defense


The conversation with Mackenzie wasn’t about compliance. It was about reality.


A geopolitical reality where:

  • Your data is a battlefield

  • Your systems are entry points

  • Your vulnerabilities become China’s advantages

  • And the line between cyber and physical warfare continues to blur


This is why the DoD is enforcing CMMC. This is why contractors must take CUI seriously. This is why the DIB must harden itself—not someday, but now.


Because while the U.S. debates compliance checklists, China is building capacity, expanding influence, subsidizing entire industries, and accelerating military growth at unmatched scale.



Recent Posts

See All

Comments

bottom of page