The General Electric Case: When a Flaw in the Corporate System Fuels Beijing’s Arsenal

The Consent Agreement signed on April 14-17, 2026, between the U.S. Department of State and General Electric (GE) is not merely a $36 million penalty, but a testament to a strategic vulnerability that granted China access to invaluable technological secrets. For years, GE was unwittingly transformed into a reservoir of technical information for the People’s Republic of China (PRC) due to internal controls that authorities described as “systematically deficient.”

The Course of the Violation and the Penalty

The State Department charged GE with 116 violations of the ITAR (International Traffic in Arms Regulations). The penalty reflects the severity of the breach: an immediate fine of $18 million and an additional $18 million "suspended," which the company is required to reinvest to strengthen its security systems. Investigations revealed that GE had been operating with procedures that were over a decade old, lacking automated control systems, which allowed data leaks regarding advanced military engines such as the F-35, F110, F118, and F414.

China’s Tactics: Exploiting Western Negligence

Chinese intelligence and industry did not need sophisticated cyberattacks to infiltrate GE; all they had to do was wait for the company to make human and procedural errors:

• Physical access via academic deception. In April 2018, a GE employee took a laptop to China containing 45 critical files on the design and power of the F-35 and F414 engines. During a presentation at a Chinese university—a setting typically used by Beijing for “non-traditional collection” activities—the employee left the device unattended for 90 minutes, providing a perfect window of opportunity for data cloning.

• Regulatory confusion as a lever. In January 2021, China obtained technical drawings of the F118 engine simply because GE staff were unable to distinguish between civilian (EAR) and military (ITAR) data. Beijing exploits these loopholes by sending technical requests that appear to be commercial, knowing that unprepared employees will export military secrets without the necessary licenses.

• Logistical interception. GE allowed interactive engineering technical manuals (IETMs) for the F110 engine to physically transit through China during shipments to third countries. China monitors these routes and takes advantage of the lack of restrictions on couriers to view or intercept secrets that should never touch its soil.

What China Steals, How Much It’s Worth, and How It Operates

The Commission on the Theft of Intellectual Property estimates that the theft of American intellectual property amounts to approximately $600 billion annually—a figure that approaches the Pentagon’s entire annual defense budget. In the case of GE, what has been compromised is the United States’ “technological edge” on crucial platforms such as the F/A-18, F-15, and F-16 fighter jets and the U-2 reconnaissance aircraft. Obtaining data on the testing and design of high-pressure turbines allows Beijing to save decades of research and billions of dollars, accelerating the production of its own military engines that it would otherwise be unable to develop.

According to U.S. government advisors, Beijing’s illicit gathering of industrial secrets is organized around four main areas, with cyberespionage identified as the most damaging channel. This form of intrusion, carried out on a global scale through ad hoc programs, allows Chinese companies—acting under the direction or with the assistance of the Chinese Communist Party (so-called state cyberespionage)—to access proprietary operations, project funding information, and intellectual property. These coordinated campaigns target strategic sectors such as oil, energy, steel, and aviation, serving both as a means to steal science and technology and as a method of gathering intelligence for potential attacks against the military and government technical systems of target countries. As concluded by a White House panel of experts, China has perpetrated “the largest illicit transfer of wealth in human history.”

This digital threat is accompanied by equally sophisticated human and procedural tactics:

• Exploitation of “non-traditional collectors” and short-term visits. Beijing funds exchanges in which foreign professionals are invited to give presentations or seminars. During these “short-term visits,” which serve as cover for state espionage, technicians may be approached by intelligence officers to obtain sensitive data.

• Physical access and unwitting trust. During visits to Chinese universities or research centers, even the slightest distraction is exploited. In the GE case, an employee left a laptop containing 45 critical files on the F-35 and F414 engines unattended for 90 minutes, providing a perfect window for data cloning.

• Pressure on Vulnerable Employees. Chinese intelligence identifies Western employees frustrated by personal crises or career setbacks and entices them to steal source code and intellectual property in exchange for financial stability.

• Joint Ventures and "Strategic Withdrawal." Through initial commercial agreements, China obtains sensitive details and training for its engineers. Once the know-how is acquired, Chinese companies often withdraw from the agreement, leaving the Western company with its competitive advantage wiped out.

• Open-Source Research and Joint Research Centers. Thousands of people work to index foreign patents and technical standards without regard for copyright. Additionally, the Chinese military (PLA) sponsors military scientists to study abroad, often concealing their affiliation to work in areas such as hypersonic missiles and navigation technologies.

• Logistics Interception and Procedural Negligence. China monitors international shipping routes. GE admitted to having shipped technical manuals for the F110 engine through Chinese territory due to gaps in shipping procedures.

• Hybrid Espionage. A new type of threat that combines cyber and human intelligence, making it increasingly difficult for companies to distinguish between normal business interactions and coordinated intelligence operations.

Defense: What Companies Must Do

The 2026 agreement mandates a new mandatory defense strategy for GE (and sets an example for all companies in the sector):

• Automated Compliance. Eliminate human error. Every file sent and every shipment must be validated by automated systems that block exports to high-risk destinations such as China.

• External Oversight (Designated Official). Companies must undergo independent, government-approved monitoring that reports directly to the authorities on the actual effectiveness of controls.

• Rigorous Logistics Control. Shipping routes must be secured. No data or military materials must be allowed to transit through or remain in restricted jurisdictions.

• Training and Review. Constantly update product classifications and train staff to recognize Chinese enticement techniques, which often hide behind scientific exchanges or offers of collaboration.

The conclusion of the GE case is a stark warning: in the current geopolitical context, an outdated corporate procedure is not merely a bureaucratic error, but a direct threat to national security and the economic survival of the company.