China Is the Top Long-Term Threat in Cyberspace

DD Images/Shutterstock.com

China is rising in economic and military might and presents the greatest long-term challenge to U.S. national interests—including in cyberspace. Three weeks ago, the current U.S. national security advisor, John Bolton, for the first time publicly attributed the hack of the Office of Personnel Management to China.

China is investing in military cyberspace forces and today’s cyber theft could be tomorrow’s influence operation or disruptive attack on infrastructure. So what should the United States do to prepare for the rise of Chinese power in cyberspace?

Prepare to “stop threats before they hit their targets.” The United States military is rightly focused on developing defensive means to disrupt an adversary’s offensive cyberspace infrastructure to stop attacks. To date, U.S. responses to Russian, Chinese, Iranian and North Korean operations have been limited to indictments or sanctions and it hasn’t stopped them from escalating in cyberspace. If the U.S government has indications and warnings of an incoming cyberattack from Russia, China or any other adversary, it needs to be able to block the operation and “stop threats from hitting their targets” as the new Defense cyber strategy says. The United States cannot allow a country to interfere in our election through cyberspace again, or turn off the lights on the electric grid as Russia did in Ukraine.

Secure U.S. critical infrastructure against breach. To deter China over the long term, the government may need to impose costs. But the country also needs to invest to deny attacks from causing damage. The fact is U.S. organizations haven’t effectively secured their data.

Consider the case of OPM. One of the smallest agencies of the U.S. government, OPM holds the personally identifiable information for the U.S. federal government workforce. In 2014-2015, China broke past OPM's perimeter defenses, moved laterally throughout the network, and as WIRED reported, “gained access to every nook and cranny of OPM’s digital terrain.” The data center doors at OPM were left open and the Chinese walked through the house and stole the personally identifiable information of 21.5 million employees across the U.S. federal government.

Beyond perimeter defenses like multi-factor authentication, organizations need to invest in security to prevent intruders from moving laterally within a data center or cloud environment. Segmenting networks and data is like putting the doors into a submarine: It prevents breaches from spreading throughout the hull. If every critical infrastructure owner in the United States used micro-segmentation, the Chinese would be frustrated and further deterred.

Harden U.S. weapons systems. The Pentagon declared (again) last month that nearly every U.S. weapons platform is vulnerable to cyber exploitation. The U.S. military retains a conventional advantage against China in Naval power projection (i.e., aircraft carriers) and air power projection (i.e., F-22s and F-35s)—but not if China uses cyberspace and electromagnetic capabilities to disrupt U.S. weapons platforms. Since World War II, the U.S. military has underwritten security and stability across the Asia-Pacific. For that trend to continue the Defense Department needs to focus intently on securing its most important weapons platforms.

Surpass China’s advanced Science and Technology capabilities. Advanced, stealth conventional weapons capabilities can help offset the asymmetric advantage of cyberspace. This is why the Defense Department initiated the Third Offset strategy previously: to ensure the United States retains its technological advantage over the long-term. Reports over the summer indicate that China may have already developed a rail-gun capable of firing electromagnetic projectiles at rapid speed and great distance; the United States needs to keep its foot on the innovation pedal to stay ahead and develop powerful weapons platforms to control escalation.

Establish adaptive diplomacy and alliances across Eurasia. China is using the Belt and Road Initiative to extend its technological influence across Eurasia. In the darkest story, a larger IT infrastructure could give China additional platforms for cyberspace operations. The U.S. government should work with private industry to alert its allies to the risks of Chinese influence and try to control risk.

China’s economic rise is good news: Chinese innovation and economic growth have raised millions out of poverty, and the United States and China should pursue a cooperative relationship that allows for mutual prosperity. This is not only possible but required as there is no real positive future in which these two great powers exist in a state of conflict. Yet there can be no doubt that China is expanding its military and technological strength, including in cyberspace. Cooperation and competition must exist in balance—and the public and private sector both have a role to play in managing cybersecurity risk over the long-term.

Jonathan Reiber is head of cybersecurity strategy at Illumio, a visiting scholar at Berkeley’s Center for Long-Term Cybersecurity and a former chief strategy officer for cyber policy in the Office of the Secretary of Defense.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.