I guess my question would be How did they know it was copied unless they have put something on the laptop as a marker in the information that echelon picked up.
Probably got detected trying to do a remote entry spoofing the copied laptop's MAC and IP address. While the IP address can change, the MAC is like a fingerprint, unique to the machine. You can burn a stolen MAC onto a blank chip but a trace back on the hack probably identified the DoC user and debriefing him identified a recent trip to China and the moment(s) of IT insecurity.
I vote for not taking the laptop with you at all. An encrypted external hard drive might help. But unguarded laptops are also prime candidates for installation of keystroke logging and other spy software. Your otherwise "clean" laptop could be set to gather ID and password information and to connect back to them surreptitiously whenever an Internet connection is detected.
Unfortunately, government officials cannot be unconnected any more, so they will probably end up with two laptops: one for domestic use and travel and one they check out from the security office exclusively for foreign travel. Complete the package with an encrypted external hard drive that is really small; small enough that you have absolutely no reason at all not to have it with you at all times.
This is just the tip of the Chinese asymmetric warfare iceberg. I don't think anyone who thinks about the massive inflow of mainland Chinese as visitors, students, and immigrants in recent years would be surprised to learn that there is a substantial intelligence gathering capability buried among them. Unfortunately, there is probably also a substantial 5th column combat capability among them as well. If things get ugly with the PRC, expect damaging sabotage and commando actions here in the United States from the beginning.