Follow us on social

Risks are higher than ever for US- China cyber war

Risks are higher than ever for US- China cyber war

As Beijing's capabilities grow, both sides need to establish trust and a dialogue for real crisis management

Analysis | Asia-Pacific

Last month the Justice Department published a press release announcing that seven Chinese nationals have been charged with “conspiracy to commit computer intrusions and conspiracy to commit wire fraud.”

This announcement came on the heels of warnings from Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and National Cyber Director Harry Coker that Chinese hackers are making a strategic shift to target critical infrastructure, are likely able to launch cyberattacks that could cripple that infrastructure, and are increasingly exploiting Americans’ private information.

It’s apparent then that a conflict between China and the United States would include disruptive, dangerous cyberwarfare. Indeed, as U.S.-China military-to-military communications restart, cyber needs to become a key part of these conversations to develop bilateral crisis management mechanisms.

Unfortunately, cyber crisis management is still in its infancy. The United States and China have engaged in multiple bilateral and multilateral dialogues on cyber-related issues in the past. For example, the 2015 summit between President Obama and Xi Jinping created a series of agreements — tacit and explicit — on cyber espionage, the joint investigation of cybercrimes, and a process that eventually produced the U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues.

However, direct U.S.-China official dialogues have not led to substantial cooperation. President Biden warned Xi during a recent call against China using cyberattacks to target sensitive infrastructure, but no solutions nor potential dialogues appear to have been brought up.

There is no dearth of unofficial dialogues, and some have proposed discrete steps that would enhance U.S.-China cyber relations and crisis management mechanisms, such as coming to mutual definitions of cyber terms, strengthening bilateral communications, and promoting restraint in cyber usage. Unfortunately, despite the many attempts at facilitating U.S.-China cyber dialogues and improved relations, no concrete standards or guidelines on cyber usage in a potential conflict have been adopted, nor have U.S.-China cyber relations appeared to improve.

Both Washington and Beijing are familiar with the potential harm cyber can do when expertly implemented. Stuxnet, a malicious computer worm known to be created and implemented by the United States and Israel, damaged the centrifuges Iran used for its nuclear-enrichment program. China’s cyberespionage campaigns to steal sensitive technologies and designs from American businesses have led to strategic vulnerabilities — like with the theft of designs for the F-35 Joint Strike Fighter’s self-diagnostic system in 2009.

Concerns about cyber espionage have been a defining feature of U.S.-China technology and business relations since the early 2000s, extending into the rhetoric to ban TikTok. Cyber exploits could cut off power grids, like in Ukraine in 2015 and 2016, cripple wastewater treatment facilities, or render sources of vital information useless — as witnessed in the ongoing Russian invasion of Ukraine.

If a conflict were to break out between the United States and China, wherever and however it might, the reality is that cyber will be a key weapon in a well-rounded arsenal of traditional and emerging weaponry. Fortunately, there may be some space for negotiation. A RAND study — built upon “insights from interviews with leading Chinese and American cyberspace policy experts across [their] governments, militaries, think tanks, and academic communities” — found that China may be more likely to come to a bilateral agreement wherein both the United States and China agree not to cyberattack each other and limit the targeting of critical infrastructure.

There is also some precedent which would suggest that the Chinese government thinks that cyberattacking critical infrastructure should be off-the-table. In 2015, China participated in the drafting of and signed a note by the Secretary General as a member of a United Nations group of governmental experts, in which the participants recommended that states not target critical infrastructure with cyber. Further emblematic of this willingness to find common ground on cyberthreats is China’s 2015 agreement with Russia to not cyberattack one another. However, the RAND study also found that trust was one of the main impediments to creating such an agreement with the U.S. Neither the U.S. nor Chinese interviewees knew if they could fully trust the other side to adhere to any agreements against this kind of cyberespionage and exploitation.

Thus, any agreement like the China-Russia cyber “non-aggression pact” would need to foster transparency and trust between the relevant Chinese and U.S. parties. The agreement would need to be paired with bilateral channels designed to communicate information on cyber events, both mundane and arising from a crisis. Transparent forums between the U.S. and Chinese military, with a focus on cyber elements, is an absolutely vital step to navigate crises effectively and promote a restraint-based foreign policy and defense strategy, especially given the pervasive nature of cyber threats.

Luckily, in recent months, Washington and Beijing have re-established military-to-military communications, expressed continued interest in establishing dialogues on the use of artificial intelligence (AI), and have otherwise collaborated in the United Nations on a resolution establishing principles for AI development. While it is not cyber-specific, AI and cyber are conjoined issues. It shows that there may be space for U.S.-China collaboration on emerging technologies, which could lead to more robust dialogues and crisis management mechanisms. These could be vital trust-building exercises that lead to further cooperation on issues related to cybersecurity.

Ultimately, there is a path forward for the United States and China to come to an understanding on cyberwarfare in at least some domains. To this end, both sides need to create new bilateral forums to discuss and advance crisis management coordination on these issues of common concern about cyberwarfare.


shutterstock/Lightspring

Analysis | Asia-Pacific
Trump Putin
Top image credit: President Donald Trump and Russian president Vladimir Putin participate in a joint press conference in Anchorage, Alaska, Friday, August 15, 2025. (Official White House Photo by Daniel Torok)

Could bioweapons be center of gravity for US-Russia talks?

Latest

The deep freeze in U.S.-Russia relations shows occasional, promising cracks. It happened recently not on the primary issue of conflict — the war on Ukraine — but on a matter of mutual survival. During the United Nations General Assembly President Donald Trump announced an initiative to address one of arms control's most intractable problems: verifying compliance with the Biological Weapons Convention (BWC).

"To prevent potential disasters, I'm announcing today that my administration will lead an international effort to enforce the biological weapons convention by pioneering an AI verification system that everyone can trust,” Trump said. He framed this as an urgent priority, claiming "many countries are continuing extremely risky research into bioweapons and man-made pathogens."

The proposal found immediate endorsement in Moscow. Russian presidential spokesman Dmitry Peskov offered unusually direct support, calling the initiative "brilliant in itself" and declaring that "Moscow supports it." Crucially, Peskov proposed concrete next steps, suggesting the U.S. proposal should be negotiated and formally codified in international agreements.

keep readingShow less
Donald Trump Africa trade
Top photo credit: global shipping (Shutterstock/APChanel); Donald Trump (Wirestock Creators/Shutterstock)

Trump's surprising swing in favor of sweeping 'duty free' Africa trade

Africa

In an unexpected move, the Trump administration has announced publicly that it supports renewing the African Growth and Opportunity Act (AGOA) for one year, and is interested in considering entering discussions on the long-term renewal of AGOA.

AGOA, which expired on September 30, was originally passed by Congress in 2000 and signed into law by President Bill Clinton. The legislation allows sub-Saharan African countries duty-free access to American markets, and gives the U.S. president the power to suspend countries that he believes fail to meet AGOA’s requirements, particularly as they relate to governance issues, human rights standards, and a failure to provide American companies beneficial access to African markets. It was last renewed in 2015.

keep readingShow less
Nigeria
Top image credit: A U.S. Army soldier (2R) trains Nigerian Army soldiers at a military compound in Jaji, Nigeria, February 14, 2018. To match Special Report NIGERIA-MILITARY/INTERNATIONAL Capt. James Sheehan/U.S. Army/Handout via REUTERS

US arming Nigeria is becoming a crime against humanity

Africa

The very week the United States’ Defense Security Cooperation Agency notified Congress of a $346 million arms sale to Nigeria, the U.S. State Department also released its 2024 Country report on human rights practices in the West African country.

The report, which has previously affected the country’s eligibility for security assistance, confirmed what civil society groups have been saying for years: that the security forces of Nigeria, Washington’s most significant ally in Sub-Saharan Africa, habitually operate with impunity and without due regard for human rights protection — a key condition for receiving U.S. security cooperation.

keep readingShow less

LATEST

QIOSK

Newsletter

Subscribe now to our weekly round-up and don't miss a beat with your favorite RS contributors and reporters, as well as staff analysis, opinion, and news promoting a positive, non-partisan vision of U.S. foreign policy.