When John Demers came in to lead the Justice Department's national security division, the United States was grappling with the fallout from Russia's cyberattack on the 2016 election.
Now, as he and the Trump administration prepare to leave office, the U.S. is dealing with another massive hack that American officials have again pinned on Moscow.
"Well, there is a certain symmetry to all of this," Demers said in an interview with NPR as his time at the Justice Department draws to a close.
Those bookends illustrate how the threats the U.S. is facing have shifted since his last stint at the department, during the George W. Bush administration.
"A big difference in my time here, the first time and the second time, is the rise of a nation state threat actors and in particular, their use of cyber to protect their nation state interests and their power," Demers said. "So it's fitting, I think, that we began with a significant election interference hack ... and then here we are at the end dealing with a different kind of cyber activity."
This year a number of U.S. government agencies, including the State Department and the Pentagon, have been compromised by another vast intrusion. Demers said he agrees with Secretary of State Mike Pompeo's statement that Russia appears to be behind the breach.
The government is still scrambling to understand the breadth of the damage, Demers said, but so far it appears to be limited to the unclassified systems.
"A lot still to be analyzed in terms of both the scope and depth of this hack," he said. "But as you know, there's a lot of confidential and sensitive information that is transmitted and stored on unclassified systems, a lot of information that would be of interest to a foreign state who was trying to learn about our intentions and our planning."
An adversary not only can snoop on what a government agency is doing that's not classified but also not public. It also can pair what it learns with what it's gleaning from other sources, including related to secret information or from human spies.
From what he's seen so far, Demers said the hack appears to be different from Russia's cyberattack and social media campaign against the 2016 U.S. election, when the Kremlin wanted to sow chaos and undermine American democracy.
"This looks more like what a nation state would traditionally try to do through human means, through spies, but trying to do it through technical means and cyber intrusions," he said.
China, China, China
While Russia has grabbed headlines for much of the Trump administration, Demers spent a lot of his time and energy on another foreign adversary — China.
Trump administration officials have tagged China as the primary long-term threat to the United States. U.S. officials have accused China of waging a relentless campaign to steal American intellectual property, government secrets and academic information to try to supplant the U.S as the world's preeminent power.
To try to counter that threat, the department launched what it calls the China Initiative. Demers has led that effort, and from that depth of knowledge he says China stands alone in its plundering of American corporate secrets.
"We do see some other countries engaging episodically in economic espionage, but none of them on the scale and sophistication and persistence of the Chinese government," he said.
Russia, for example, also has tried to steal sophisticated technology that is used in military equipment, and the Justice Department has charged such cases.
China's economic theft, in contrast, is much broader than that, and targets everything from biotechnology to engineering and aerospace.
"It really is an effort to develop the Chinese economy and Chinese companies under this rubric of rob, replicate and replace," he said.
It's an accusation that Demers and other U.S. officials have made before --allegations that China denies.
U.S. officials say the Chinese steal the technology, replicate the product and then aim to replace the American or European company first in China's market and then on the global market.
The scale of the problem is reflected in the Justice Department's workload.
Eighty percent of the department's industrial espionage cases involve the Chinese government, while two-thirds of its trade theft cases involve a Chinese company, Demers said.
In the past few years alone, the Justice Department has unsealed one indictment after another related to China.
Prosecutors have charged American and Chinese researchers and business people for allegedly stealing everything from high-tech wireless design to turbine technology.
The government also has brought cases against U.S. academics for failing to disclose ties to the Chinese government. The prime example of that is an indictment against the chair of Harvard University's chemistry and chemical Biology Department.
And then there are the cases of political espionage. At least three former U.S. intelligence officers have been convicted of spying for China, while a fourth is facing charges of doing so.
The department's crackdown hasn't brought an end to China's efforts, and it won't. But that doesn't mean it isn't having an effect, Demers said.
"These prosecutors are not silver bullets that are going to make the problem go away," he said. "The Chinese are persistent. The will is there and the resourcing is there. But we're going to call attention to and we're going to shine a light on it and we're going to make their job harder and harder."
Disrupting tradecraft
The indictments do so, he says, by disrupting China's activities. He pointed to the case of a Chinese intelligence officer who was extradited to the U.S. from Belgium in 2018 for allegedly trying to steal jet fan blade designs from GE Aviation.
"The significance of that wasn't just a disruption of that avenue of economic espionage," Demers said. "The other significance was making the Chinese think twice — and more than twice — about using Europe as a safe place to meet Americans who they were trying to co-opt."
Chinese intelligence officers don't like coming to the U.S. for clandestine work because of the chance of arrest, while Americans considering providing sensitive information to the Chinese often are reluctant to travel to China early on in their relationships with handlers, Demers said. For that reason, Europe often served as a mutually acceptable place for them to meet.
Demers said the arrest and extradition from Belgium sent a signal to the Chinese intelligence services that Europe was no longer a safe place for such operations, which was "very important in terms of disrupting their tradecraft."
As Demers' time winds down at the DOJ with the looming change in administration, he said he expects his successor will build on what he's done much as Demers built off of his predecessors.
There are two areas — both related to China — that he'd focus on if he were sticking around.
One is finding a way to better protect Chinese students at U.S. universities from what he calls "surveillance and intimidation by their own government."
"I think that's an issue we need to look at. I know that's an issue that a number of universities have paid careful attention to," he said.
The other, he said, is on China's foreign influence efforts, which are focused on swaying U.S. policy makers to allow China to pursue its interests at home and abroad, such as silencing criticism of Beijing's actions in Hong Kong or Tibet.
"We see them less sort of broadly thinking that they need to undermine democracy and more specifically, focusing on issues that are near and dear to their hearts and not tolerating any criticism of their behavior."
Copyright 2020 NPR. To see more, visit https://www.npr.org.