Follow us on social

Risks are higher than ever for US- China cyber war

Risks are higher than ever for US- China cyber war

As Beijing's capabilities grow, both sides need to establish trust and a dialogue for real crisis management

Analysis | Asia-Pacific

Last month the Justice Department published a press release announcing that seven Chinese nationals have been charged with “conspiracy to commit computer intrusions and conspiracy to commit wire fraud.”

This announcement came on the heels of warnings from Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and National Cyber Director Harry Coker that Chinese hackers are making a strategic shift to target critical infrastructure, are likely able to launch cyberattacks that could cripple that infrastructure, and are increasingly exploiting Americans’ private information.

It’s apparent then that a conflict between China and the United States would include disruptive, dangerous cyberwarfare. Indeed, as U.S.-China military-to-military communications restart, cyber needs to become a key part of these conversations to develop bilateral crisis management mechanisms.

Unfortunately, cyber crisis management is still in its infancy. The United States and China have engaged in multiple bilateral and multilateral dialogues on cyber-related issues in the past. For example, the 2015 summit between President Obama and Xi Jinping created a series of agreements — tacit and explicit — on cyber espionage, the joint investigation of cybercrimes, and a process that eventually produced the U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues.

However, direct U.S.-China official dialogues have not led to substantial cooperation. President Biden warned Xi during a recent call against China using cyberattacks to target sensitive infrastructure, but no solutions nor potential dialogues appear to have been brought up.

There is no dearth of unofficial dialogues, and some have proposed discrete steps that would enhance U.S.-China cyber relations and crisis management mechanisms, such as coming to mutual definitions of cyber terms, strengthening bilateral communications, and promoting restraint in cyber usage. Unfortunately, despite the many attempts at facilitating U.S.-China cyber dialogues and improved relations, no concrete standards or guidelines on cyber usage in a potential conflict have been adopted, nor have U.S.-China cyber relations appeared to improve.

Both Washington and Beijing are familiar with the potential harm cyber can do when expertly implemented. Stuxnet, a malicious computer worm known to be created and implemented by the United States and Israel, damaged the centrifuges Iran used for its nuclear-enrichment program. China’s cyberespionage campaigns to steal sensitive technologies and designs from American businesses have led to strategic vulnerabilities — like with the theft of designs for the F-35 Joint Strike Fighter’s self-diagnostic system in 2009.

Concerns about cyber espionage have been a defining feature of U.S.-China technology and business relations since the early 2000s, extending into the rhetoric to ban TikTok. Cyber exploits could cut off power grids, like in Ukraine in 2015 and 2016, cripple wastewater treatment facilities, or render sources of vital information useless — as witnessed in the ongoing Russian invasion of Ukraine.

If a conflict were to break out between the United States and China, wherever and however it might, the reality is that cyber will be a key weapon in a well-rounded arsenal of traditional and emerging weaponry. Fortunately, there may be some space for negotiation. A RAND study — built upon “insights from interviews with leading Chinese and American cyberspace policy experts across [their] governments, militaries, think tanks, and academic communities” — found that China may be more likely to come to a bilateral agreement wherein both the United States and China agree not to cyberattack each other and limit the targeting of critical infrastructure.

There is also some precedent which would suggest that the Chinese government thinks that cyberattacking critical infrastructure should be off-the-table. In 2015, China participated in the drafting of and signed a note by the Secretary General as a member of a United Nations group of governmental experts, in which the participants recommended that states not target critical infrastructure with cyber. Further emblematic of this willingness to find common ground on cyberthreats is China’s 2015 agreement with Russia to not cyberattack one another. However, the RAND study also found that trust was one of the main impediments to creating such an agreement with the U.S. Neither the U.S. nor Chinese interviewees knew if they could fully trust the other side to adhere to any agreements against this kind of cyberespionage and exploitation.

Thus, any agreement like the China-Russia cyber “non-aggression pact” would need to foster transparency and trust between the relevant Chinese and U.S. parties. The agreement would need to be paired with bilateral channels designed to communicate information on cyber events, both mundane and arising from a crisis. Transparent forums between the U.S. and Chinese military, with a focus on cyber elements, is an absolutely vital step to navigate crises effectively and promote a restraint-based foreign policy and defense strategy, especially given the pervasive nature of cyber threats.

Luckily, in recent months, Washington and Beijing have re-established military-to-military communications, expressed continued interest in establishing dialogues on the use of artificial intelligence (AI), and have otherwise collaborated in the United Nations on a resolution establishing principles for AI development. While it is not cyber-specific, AI and cyber are conjoined issues. It shows that there may be space for U.S.-China collaboration on emerging technologies, which could lead to more robust dialogues and crisis management mechanisms. These could be vital trust-building exercises that lead to further cooperation on issues related to cybersecurity.

Ultimately, there is a path forward for the United States and China to come to an understanding on cyberwarfare in at least some domains. To this end, both sides need to create new bilateral forums to discuss and advance crisis management coordination on these issues of common concern about cyberwarfare.


shutterstock/Lightspring

Analysis | Asia-Pacific
Kim Jong Un
Top photo credit: North Korean leader Kim Jong Un visits the construction site of the Ragwon County Offshore Farm, North Korea July 13, 2025. KCNA via REUTERS

Kim Jong Un is nuking up and playing hard to get

Asia-Pacific

President Donald Trump’s second term has so far been a series of “shock and awe” campaigns both at home and abroad. But so far has left North Korea untouched even as it arms for the future.

The president dramatically broke with precedent during his first term, holding two summits as well as a brief meeting at the Demilitarized Zone with the North’s Supreme Leader Kim Jong-un. Unfortunately, engagement crashed and burned in Hanoi. The DPRK then pulled back, essentially severing contact with both the U.S. and South Korea.

keep readingShow less
Why new CENTCOM chief Brad Cooper is as wrong as the old one
Top photo credit: U.S. Navy Vice Admiral Brad Cooper speaks to guests at the IISS Manama Dialogue in Manama, Bahrain, November 17, 2023. REUTERS/Hamad I Mohammed

Why new CENTCOM chief Brad Cooper is as wrong as the old one

Middle East

If accounts of President Donald Trump’s decision to strike Iranian nuclear facilities this past month are to be believed, the president’s initial impulse to stay out of the Israel-Iran conflict failed to survive the prodding of hawkish advisers, chiefly U.S. Central Command (CENTCOM) chief Michael Kurilla.

With Kurilla, an Iran hawk and staunch ally of both the Israeli government and erstwhile national security adviser Mike Waltz, set to leave office this summer, advocates of a more restrained foreign policy may understandably feel like they are out of the woods.

keep readingShow less
Putin Trump
Top photo credit: Vladimir Putin (Office of the President of the Russian Federation) and Donald Trump (US Southern Command photo)

How Trump's 50-day deadline threat against Putin will backfire

Europe

In the first six months of his second term, President Donald Trump has demonstrated his love for three things: deals, tariffs, and ultimatums.

He got to combine these passions during his Oval Office meeting with NATO Secretary General Mark Rutte on Monday. Only moments after the two leaders announced a new plan to get military aid to Ukraine, Trump issued an ominous 50-day deadline for Russian President Vladimir Putin to agree to a ceasefire. “We're going to be doing secondary tariffs if we don't have a deal within 50 days,” Trump told the assembled reporters.

keep readingShow less

LATEST

QIOSK

Newsletter

Subscribe now to our weekly round-up and don't miss a beat with your favorite RS contributors and reporters, as well as staff analysis, opinion, and news promoting a positive, non-partisan vision of U.S. foreign policy.