China’s Trojan horse could be on your roof. Last month, that was the warning from engineers in American solar farms, who found “kill switches,” a mechanism designed to shut down or disable a device, in Chinese-made solar parts when doing a security check. These parts are already embedded in homes, businesses, and utilities across the country. They could be used to sabotage our electrical infrastructure from the inside.

It’s not just about spying. It’s about control. Through parts like these, Beijing could cripple key parts of the American economy without firing a shot. And these solar components are just one example of a much larger, more dangerous problem.

Recommended Stories

• America must get real about its uranium crisis
• Congress should quickly approve Trump's rescission legislation
• What part of 'no enrichment' does the world’s media not understand?

From commercial cloud infrastructure and payment terminals to supply chain software and port logistics, Chinese technology is laced through the systems Americans use every single day. These are systemic weaknesses, and they’ve been cultivated deliberately by a foreign adversary that plays the long game.

Earlier this month, a media report revealed that PAX Technology, a Chinese company that makes payment terminals widely used by U.S. banks and retailers, has ties to CCP leadership. It has also been subject to an FBI raid and a U.S. Treasury Department investigation, which confirmed PAX sent encrypted data to unknown third parties. That kind of behavior should be disqualifying, yet somehow, PAX is still in business on American soil.

PAX is not an isolated case. In March, the U.S. Department of Justice charged 12 Chinese nationals for running a decadelong cyber espionage operation targeting U.S. federal agencies, media outlets, and critics of the CCP. The FBI says China’s Ministry of Public Security has been paying hackers for hire to target Americans. Let that sink in: China’s government is bankrolling criminal cyber gangs to go after U.S. citizens. 

We also can’t ignore that China has national programs dedicated to disrupting our critical infrastructure. It hacked our phone providers to target our presidential candidates. The U.S. is even conducting a criminal antitrust investigation into pricing strategies by TP-Link Systems Inc., a California-based router maker with links to China, whose equipment now dominates the American market.

Every one of these examples proves the same point: China is laying the groundwork to monitor, disrupt, or disable America’s systems from the inside. It’s what military planners call pre-positioning. And if this were happening with missiles or troops, we’d call it what it is: an act of aggression.

If foreign adversaries can cut the lights and disable our supply chains with a keystroke, that’s not just a cybersecurity issue. That’s a national emergency. So what can be done?

First, we need to stop buying Chinese-controlled tech in critical sectors. That means cutting off CCP-linked firms from our ports, energy grid, financial systems, and telecom networks. Give trusted U.S. vendors the edge with procurement preferences, smart deregulation, and a level playing field. No more handing China the keys to our infrastructure just because it’s cheap.

Second, the public and private sectors need to work together before the damage is done, not after. That means rewarding American companies that design secure systems up front. It means funding audits, red-team testing, and real-time visibility tools that can detect foreign compromise before it spreads.

Third, we need a wartime approach to mapping digital risks. That includes tracking what foreign-owned tech is embedded in U.S. infrastructure, simulating catastrophic failures, and naming names when we find hostile actors in our networks. No more hiding behind NDAs and industry silence. If a company is linked to the Chinese Communist Party, it shouldn’t be anywhere near American infrastructure.

We’ve got to give Americans, and American businesses, a clear alternative. That means making sure U.S. companies can compete without getting undercut by CCP-subsidized hardware. We should never force businesses to choose between what’s cheap and what’s safe.

TRUMP PREVIEWS MORE TRADE TALKS WITH CHINA AFTER PHONE CALL WITH XI

Finally, we’ve got to be honest about where we’re vulnerable. That means calling out the risks, not covering them up. Because if we keep pretending the system isn’t compromised, we’re just giving Beijing more time to get into position.

In cyber, the country that moves first wins. China is already moving. The U.S. can’t afford to wait.

Rob Joyce is a cybersecurity leader with more than 34 years in the intelligence community. Previously, he served as acting homeland security adviser and special assistant to the president on the U.S. National Security Council.