Follow us on social

Risks are higher than ever for US- China cyber war

Risks are higher than ever for US- China cyber war

As Beijing's capabilities grow, both sides need to establish trust and a dialogue for real crisis management

Analysis | Asia-Pacific

Last month the Justice Department published a press release announcing that seven Chinese nationals have been charged with “conspiracy to commit computer intrusions and conspiracy to commit wire fraud.”

This announcement came on the heels of warnings from Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and National Cyber Director Harry Coker that Chinese hackers are making a strategic shift to target critical infrastructure, are likely able to launch cyberattacks that could cripple that infrastructure, and are increasingly exploiting Americans’ private information.

It’s apparent then that a conflict between China and the United States would include disruptive, dangerous cyberwarfare. Indeed, as U.S.-China military-to-military communications restart, cyber needs to become a key part of these conversations to develop bilateral crisis management mechanisms.

Unfortunately, cyber crisis management is still in its infancy. The United States and China have engaged in multiple bilateral and multilateral dialogues on cyber-related issues in the past. For example, the 2015 summit between President Obama and Xi Jinping created a series of agreements — tacit and explicit — on cyber espionage, the joint investigation of cybercrimes, and a process that eventually produced the U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues.

However, direct U.S.-China official dialogues have not led to substantial cooperation. President Biden warned Xi during a recent call against China using cyberattacks to target sensitive infrastructure, but no solutions nor potential dialogues appear to have been brought up.

There is no dearth of unofficial dialogues, and some have proposed discrete steps that would enhance U.S.-China cyber relations and crisis management mechanisms, such as coming to mutual definitions of cyber terms, strengthening bilateral communications, and promoting restraint in cyber usage. Unfortunately, despite the many attempts at facilitating U.S.-China cyber dialogues and improved relations, no concrete standards or guidelines on cyber usage in a potential conflict have been adopted, nor have U.S.-China cyber relations appeared to improve.

Both Washington and Beijing are familiar with the potential harm cyber can do when expertly implemented. Stuxnet, a malicious computer worm known to be created and implemented by the United States and Israel, damaged the centrifuges Iran used for its nuclear-enrichment program. China’s cyberespionage campaigns to steal sensitive technologies and designs from American businesses have led to strategic vulnerabilities — like with the theft of designs for the F-35 Joint Strike Fighter’s self-diagnostic system in 2009.

Concerns about cyber espionage have been a defining feature of U.S.-China technology and business relations since the early 2000s, extending into the rhetoric to ban TikTok. Cyber exploits could cut off power grids, like in Ukraine in 2015 and 2016, cripple wastewater treatment facilities, or render sources of vital information useless — as witnessed in the ongoing Russian invasion of Ukraine.

If a conflict were to break out between the United States and China, wherever and however it might, the reality is that cyber will be a key weapon in a well-rounded arsenal of traditional and emerging weaponry. Fortunately, there may be some space for negotiation. A RAND study — built upon “insights from interviews with leading Chinese and American cyberspace policy experts across [their] governments, militaries, think tanks, and academic communities” — found that China may be more likely to come to a bilateral agreement wherein both the United States and China agree not to cyberattack each other and limit the targeting of critical infrastructure.

There is also some precedent which would suggest that the Chinese government thinks that cyberattacking critical infrastructure should be off-the-table. In 2015, China participated in the drafting of and signed a note by the Secretary General as a member of a United Nations group of governmental experts, in which the participants recommended that states not target critical infrastructure with cyber. Further emblematic of this willingness to find common ground on cyberthreats is China’s 2015 agreement with Russia to not cyberattack one another. However, the RAND study also found that trust was one of the main impediments to creating such an agreement with the U.S. Neither the U.S. nor Chinese interviewees knew if they could fully trust the other side to adhere to any agreements against this kind of cyberespionage and exploitation.

Thus, any agreement like the China-Russia cyber “non-aggression pact” would need to foster transparency and trust between the relevant Chinese and U.S. parties. The agreement would need to be paired with bilateral channels designed to communicate information on cyber events, both mundane and arising from a crisis. Transparent forums between the U.S. and Chinese military, with a focus on cyber elements, is an absolutely vital step to navigate crises effectively and promote a restraint-based foreign policy and defense strategy, especially given the pervasive nature of cyber threats.

Luckily, in recent months, Washington and Beijing have re-established military-to-military communications, expressed continued interest in establishing dialogues on the use of artificial intelligence (AI), and have otherwise collaborated in the United Nations on a resolution establishing principles for AI development. While it is not cyber-specific, AI and cyber are conjoined issues. It shows that there may be space for U.S.-China collaboration on emerging technologies, which could lead to more robust dialogues and crisis management mechanisms. These could be vital trust-building exercises that lead to further cooperation on issues related to cybersecurity.

Ultimately, there is a path forward for the United States and China to come to an understanding on cyberwarfare in at least some domains. To this end, both sides need to create new bilateral forums to discuss and advance crisis management coordination on these issues of common concern about cyberwarfare.


shutterstock/Lightspring

Analysis | Asia-Pacific
Trump and Keith Kellogg
Top photo credit: U.S. President Donald Trump and Keith Kellogg (now Trump's Ukraine envoy) in 2017. REUTERS/Kevin Lamarque TPX IMAGES OF THE DAY

Trump's silence on loss of Ukraine lithium territory speaks volumes

Europe

Last week, Russian military forces seized a valuable lithium field in the Donetsk region of Ukraine, the latest success of Moscow’s grinding summer offensive.

The lithium deposit in question is considered rather small by industry analysts, but is said to be a desirable prize nonetheless due to the concentration and high-quality of its ore. In other words, it is just the kind of asset that the Trump administration seemed eager to exploit when it signed its much heralded minerals agreement with Ukraine earlier this year.

keep readingShow less
Is the US now funding the bloodbath at Gaza aid centers?
Top photo credit: Palestinians walk to collect aid supplies from the U.S.-backed Gaza Humanitarian Foundation, in Khan Younis, in the southern Gaza Strip, May 29, 2025. REUTERS/Hatem Khaled/File Photo

Is the US now funding the bloodbath at Gaza aid centers?

Middle East

Many human rights organizations say it should shut down. The Israeli Defense Forces (IDF) have killed hundreds of Palestinians at or around its aid centers. And yet, the U.S. has committed no less than $30 million toward the controversial, Israel-backed Gaza Humanitarian Foundation (GHF).

As famine-like conditions grip Gaza, the GHF says it has given over 50 million meals to Palestinians at its four aid centers in central and southern Gaza Strip since late May. These centers are operated by armed U.S. private contractors, and secured by IDF forces present at or near them.

keep readingShow less
mali
Heads of state of Mali, Assimi Goita, Niger, General Abdourahamane Tiani and Burkina Faso, Captain Ibrahim Traore, pose for photographs during the first ordinary summit of heads of state and governments of the Alliance of Sahel States (AES) in Niamey, Niger July 6, 2024. REUTERS/Mahamadou Hamidou//File Photo

Post-coup juntas across the Sahel face serious crises

Africa

In Mali, General Assimi Goïta, who took power in a 2020 coup, now plans to remain in power through at least the end of this decade, as do his counterparts in neighboring Burkina Faso and Niger. As long-ruling juntas consolidate power in national capitals, much of the Sahelian terrain remains out of government control.

Recent attacks on government security forces in Djibo (Burkina Faso), Timbuktu (Mali), and Eknewane (Niger) have all underscored the depth of the insecurity. The Sahelian governments face a powerful threat from jihadist forces in two organizations, Jama‘at Nusrat al-Islam wa-l-Muslimin (the Group for Supporting Islam and Muslims, JNIM, which is part of al-Qaida) and the Islamic State Sahel Province (ISSP). The Sahelian governments also face conventional rebel challengers and interact, sometimes in cooperation and sometimes in tension, with various vigilantes and community-based armed groups.

keep readingShow less

LATEST

QIOSK

Newsletter

Subscribe now to our weekly round-up and don't miss a beat with your favorite RS contributors and reporters, as well as staff analysis, opinion, and news promoting a positive, non-partisan vision of U.S. foreign policy.