Thought for the week: On the US intelligence community's annual threat assessment

To begin your week, I recommend reading the 2026 Annual Threat Assessment of the U.S. Intelligence Community. In particular, the section on China-Taiwan on page 22 caught my attention. Here are some of the key passages:

"The IC assesses that Chinese leaders do not currently plan to execute an invasion of Taiwan in 2027, nor do they have a fixed timeline for achieving unification. However, China publicly insists that unification with Taiwan is required to achieve its goal of 'national rejuvenation' by 2049—the 100th year anniversary of the founding of the People's Republic of China (PRC). Beijing almost certainly will consider a variety of factors in deciding whether and how to pursue military approaches to unification, including PLA readiness, the actions and politics of Taiwan, and whether or not the U.S. will militarily intervene on Taiwan's behalf."

"Chinese officials recognize that an amphibious invasion of Taiwan would be extremely challenging and carry a high risk of failure, especially in the event of U.S. intervention."

"A conflict between China and Taiwan may disrupt U.S. access to trade and semiconductor technology critical to the global economy. If the U.S. were to intervene, it probably would face significant but recoverable disruptions to its transportation sector from Chinese cyber attacks. Even without Washington's involvement, U.S. and global economic and security interests would face significant and costly consequences, with tech supply chains disrupted and investor fear across markets. In addition, a protracted war with the U.S. risks unprecedented economic costs to the U.S., Chinese, and global economies."

A few observations 

First, I hope the IC is right. I don't even want to contemplate the humanitarian, economic and other consequences of a China invasion of Taiwan in 2027. I’m glad that the official word is that is not expected.

Second, I find it interesting about what is not mentioned in this report, which are all the activities short of invasion. For context, the Brookings Institute explains that China possesses a wide range of "gray zone" coercive options that are below the threshold of armed conflict. At a time when the West's attention is focused on kinetic conflict in the Middle East and in Russia-Ukraine, should we realistically expect that China would not press some of these initiatives? Such activities could include incursions into Taiwan airspace and waters, economic sanctions against Taiwan firms and sectors, cyber incidents against Taiwan's information space, and more.

And, third, if the West's attention is on other parts of the world right now, what happens when Washington, D.C., again focuses more directly on the China-Taiwan issues, particularly if it considers that the situation has worsened with such gray zone activities while its attention was elsewhere?

Looking around the corner on data, cyber and AI

While I do not believe anyone can predict with perfect accuracy the geopolitical events in today's climate, I will say the IC assessment resonates with me that China wouldn't execute an invasion of Taiwan in 2027.  I don't think they would need to do that to make meaningful progress on their goals of national rejuvenation by 2049. The unknowns for business include how far would China press these gray zone activities, and at what point and in what ways would Washington respond. This could end up resulting in a gradual increase in temperature up and down over many months and years, or could also quickly escalate into more of a boil, depending on various factors. Several indicators to pay attention to in the coming months from a data, cyber and AI perspective.

• Enforcement of existing data, cyber and AI laws or regulations. China, the U.S. and other nations have various data, cyber and AI laws and regulations that can be dialed up or down in regards to enforcement. Enforcement actions, such as restrictions on outbound transfer of data or criminal enforcement actions, would be a signal that the temperature may be increasing.
• Adoption of new laws or regulations motivated by national security concerns. The adoption of new laws or regulations, or amendments of existing requirements, motivated by national security considerations, could be an indicator of increased tension.
• Cyberattacks. We should also remain attentive to the volume and the nature of cyberattacks, including whether there are indicators of more destructive attacks as opposed to threats that involve acquisition of company data.

To do this justice, I would also point out that the absence of meaningful enforcement of existing laws, the lack of new laws, and an overall decrease in cyberattacks, would all signal a reduction in tension. I certainly hope that proves to be the trend, but in the meantime, companies should pay close attention to developments and make thoughtful risk decisions to prepare for potential downside in the months ahead.