Securing the Digital Future
PRC stakes its cyber strategy on disruption; Allies and Partners counter with cooperation
FORUM Staff
Modern warfare won’t be limited by borders or conventional military maneuvers. With computer keystrokes, skilled hackers can bring down telecommunications networks, water and sewage systems, airports, highways, hospitals, and other critical infrastructure in mere minutes, experts warn.
In recent years, cyberattacks linked to the People’s Republic of China (PRC), in particular, have increased and Beijing has expanded its cyber targets to include critical infrastructure, according to analysts and high-ranking security officials. Chinese Communist Party (CCP) General Secretary Xi Jinping, often working through commercial Chinese hacking firms, has also increased the volume of cyberattacks on governments and industry in the Indo-Pacific, such as in Japan and Taiwan, and countries that dispute the PRC’s territorial claims in the South China Sea.
“The whole point to make about all of this is that China is obviously adopting a much more muscular stance,” David Tuffley, a senior lecturer in cybersecurity at Griffith University in Australia, told The Guardian newspaper in March 2024. “It knows it doesn’t have the military capability to defeat the Americans, the British, Australians, Japanese and Koreans in a hot war. So they are most unlikely to take it to that point.”
Instead, the PRC is striving to cause instability in targeted countries and “perhaps a loss of confidence in the operational abilities of that target,” Tuffley said. The attacks are also a way for the PRC to test the effectiveness of its cyber capabilities against adversaries, he said.
The United States and its Allies and Partners are opposing such gray-zone cyber tactics with a collective voice. In September 2023, Japanese cybersecurity and law enforcement organizations partnered with U.S. government agencies to warn multinational corporations of cyberattacks linked to the PRC. The hacker group known as BlackTech had compromised internet routers to access tech company and government networks in Japan and the U.S., officials reported.
In February 2024, the U.S. Department of Justice and the FBI reported disabling parts of another vast, PRC-sponsored cyber spying operation dubbed Volt Typhoon, which Microsoft identified the previous year. The campaign was likely “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and [the] Asia region during future crises,” according to the U.S. tech firm. In response, cybersecurity agencies from Australia, Canada, New Zealand, the United Kingdom and the U.S. issued an advisory that detailed the PRC’s tactics, techniques and procedures and offered a playbook for “network defenders” to detect and mitigate the threats.
“Over the last two years, we have become increasingly concerned about a strategic shift in PRC malicious cyber activity against U.S. critical infrastructure,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said in written testimony to U.S. lawmakers in early 2024.
An increasing focus on cyber disruption does not replace Beijing’s decadeslong espionage campaign in the digital domain, warned James Lewis, a researcher at the Washington, D.C.-based Center for Strategic and International Studies.
“I see it as an addition,” he told FORUM. “It makes for a much more volatile situation to have China not just spying on you and stealing commercial secrets but also penetrating your critical infrastructure to look for possible areas of attack.”
In conflict, Beijing could attempt cyberattacks aimed at severing communications between its target and any partner forces. Virtual strikes on software-dependent infrastructure could turn off electricity, shut down pipelines or disrupt port and airport operations, Lewis noted. Targets would likely include military and civilian logistics, telecommunications, and other critical systems in the Indo-Pacific and beyond as the People’s Liberation Army (PLA) attempted to disconnect its target from the world.
As the PRC stakes its strategy on disruption, however, the U.S. and its Allies and Partners rely on cooperation. That advantage manifests in information sharing and collaborative cybersecurity research, Lewis said. He cited efforts to raise awareness of Beijing’s malign cyber activities with collective announcements, such as the BlackTech and Volt Typhoon advisories, and increasing cooperation in detecting and neutralizing cyber threats within critical networks. “All of this is still relatively new, but we’re building partnerships in this new space and, eventually, that will give us a big advantage over China,” he said.
Cooperative efforts have already succeeded in identifying CCP-linked perpetrators, security analysts said. Ally and Partner defense officials disclosed more than a decade ago that members of a specialized PLA unit have orchestrated hacks of U.S. and other nations’ corporations, organizations and government agencies, but only recently publicly revealed the extent of the CCP’s hacking network.
“Some of the hacking groups are information security firms contracted to Chinese intelligence units to carry out attacks on specific targets,” Che Chang, of the Taiwan-based cyber threat analysis firm TeamT5, told The Guardian newspaper in March 2024. For example, CCP authorities contracted the Chinese cybersecurity firm I-Soon to hack networks across Central and Southeast Asia, Hong Kong, and Taiwan, as well as government agencies in Malaysia, Mongolia and Thailand, The Wall Street Journal reported in February 2024. The newspaper reviewed documents leaked from I-Soon that revealed the firm was one of several private companies the CCP uses to propel global spying operations.
TeamT5 tracked an increase in “constantly evolving” hacking efforts by Chinese groups in the Pacific region and Taiwan over the past three years. “We believe that their purpose is to infiltrate specific targets and steal important information and intelligence, whether it be political, military or commercial,” Chang told The Guardian.
The PRC is not alone in its hostile cyber activity, according to security researchers. Iran, North Korea and Russia employ similar tactics to steal intellectual property, generate revenue, and harm regional and international competitors. From 2005 to 2023, those four regimes likely sponsored more than 75% of all suspected cyberattacks, according to the Council on Foreign Relations, a U.S.-based think tank.
The U.S. collaborates with like-minded countries to build cybersecurity capacity worldwide, harnessing military capabilities and drawing on experts from private industry, academia, law enforcement and diplomatic agencies. Aimed at creating resilient networks and dynamic national strategies, the programs help Allies and Partners deter and hunt malign actors, expel threats from digital networks and prosecute cybercriminals.
In the defense sphere, the Cyber National Mission Force, part of the U.S. Cyber Command (USCYBERCOM), has deployed across the globe to hunt for malicious activity, sharing insights with international industry and interagency partners to strengthen cybersecurity posture. USCYBERCOM also conducts training, such as its International Coordinated Cyber Security Activity (INCCA) in late 2023, which officials said enhanced interoperability, cooperation and support for partners.
The Australian Defence Force (ADF) said its cyber experts joined U.S. and other counterparts at INCCA to search for malware and improve shared processes, readiness and coordination. The ADF hosted its first classified-level cyber exercise, Cyber Sentinels, with the U.S. in Canberra in late 2023. Participants, including personnel from the U.S. Fleet Cyber Command and the U.S. Marine Corps Forces Cyberspace Command, defended assets against simulated cyberattacks with observers from Canada, New Zealand and the U.K. Teams from Canada, France, Germany, New Zealand, Singapore, the U.K. and the U.S. also have joined the ADF’s Cyber Skills Challenge to bolster proficiency and share techniques.
Meanwhile, multilateral military exercises are increasingly incorporating cyber drills. In early 2024, the Thailand-U.S.-sponsored Cobra Gold involved multinational cyber defense teams from Australia, Indonesia, Japan, Malaysia, the Republic of Korea, Singapore, Thailand and the U.S. Participants worked toward interoperability on a “cyber range” system, which simulates real-world networks, and were challenged to identify and protect key terrain, defend critical infrastructure, fuse intelligence, and integrate remote multinational partners. Teams also confronted the outcomes of cyber-compromised emergency services and land, sea and air transportation infrastructure.
In Japan, where officials say CCP-backed cyberattacks increasingly target telecom carriers, internet providers and other critical infrastructure, exercise Yama Sakura has involved personnel from Australia, Japan and the U.S. Participants incorporated cybersecurity elements for the first time in 2023 and will do so again, Capt. Masahito Nakajima, the Japan Maritime Self-Defense Force cyber operations chief, told FORUM during Cobra Gold. “We have our methods and procedures of how to deal with cyber incidents, but it is not only one way,” he said. “When we come here, together, we are able to gather information and expertise and new ways for us to deal with cyber incidents.”
The Japan-U.S. Keen Edge, a biennial command and control exercise that also included Australia in 2024, integrated cyber operations into joint force drills. Pacific Endeavor, a multilateral humanitarian aid and disaster relief exercise, has included training with international partners, U.S. agencies, nongovernmental organizations and United Nations entities to help participants safeguard digital networks and detect and respond to cyberattacks.
International Cooperation
More than 60 nations signed the 2022 Declaration for the Future of the Internet, which calls for an open, free, global, interoperable and secure digital future. Building coalitions that uphold that vision is a pillar of the U.S. Department of Defense’s (DOD) cyber strategy, which calls global Allies and Partners “a foundational strategic advantage.”
Partnerships such as AUKUS, the security and technology pact among Australia, the U.K. and the U.S., create frameworks for improving cyber coordination and sharing advanced capabilities. AUKUS members are strengthening cyber capabilities, including protecting critical communication and operations systems, the nations’ defense ministers said in 2023.
The Quad partnership, comprising Australia, India, Japan and the U.S., agreed to expand cyber cooperation in 2022, with information sharing as a first step. The nations are working to enable respective cyber agencies to immediately share reports on cyberattacks and the resulting damage, particularly to critical infrastructure, the Nikkei Asia newspaper reported. Armed with details about cyberattack methods and sources, partners can more rapidly deploy defenses.
The four countries are also working toward adopting shared safety standards for software used by government agencies, which could enhance collaboration during emergencies, according to the newspaper.
Quad members have pledged to equip like-minded nations with tools to detect and deter cyber threats. Its members “are among the world’s leaders in advancing digital technology, connectivity and resilience and are undertaking efforts to provide capacity building in the Indo-Pacific region to strengthen the ability to defend their government networks and critical infrastructure from cyber disruptions,” the partnership’s Senior Cyber Group said in a statement.
In February 2024, Japan conducted its inaugural cybersecurity exercise with nations of the Blue Pacific. Participants trained in cyberattack response and rehearsed defending against malware attacks targeting critical infrastructure, the Kyodo News agency reported. Government officials and communications providers from Kiribati, the Marshall Islands, Micronesia, Nauru and Palau attended, with Fiji and Tonga joining as observers. The U.S. sent an instructor to the event in Guam and provided training materials.
“Hackers could attack government networks and crucial infrastructure of Japan and Taiwan, for example, via these countries,” Hideyuki Shiozawa, who works with Blue Pacific nations at the Sasakawa Peace Foundation, a Tokyo-based think tank, told Kyodo News. “Giving these countries technical training and providing them with antivirus software and other cybersecurity tools will also reduce security risks in other parts of the Indo-Pacific.”
He called the exercise the “launch of Japan’s cyber diplomacy” in the region. Tokyo is also partnering with Australia and the U.S. to fund a $95 million undersea cable that will expand internet connectivity for Kiribati, Micronesia and Nauru.
Japan’s cyber outreach includes financial support and technical expertise for the Association of Southeast Asian Nations (ASEAN)-Japan Cybersecurity Capacity Building Center, which has provided cyber training to more than 1,500 government personnel and critical infrastructure providers since opening in Thailand in 2018, the Bangkok Post newspaper reported.
South Korea and the U.S. also are teaming up to manage cyber threats. CISA and Seoul’s National Intelligence Service agreed in late 2023 to collaborate on strengthening supply chains for cyber infrastructure and to establish training and cyber exercises. The cooperation follows a pledge by South Korean President Yoon Suk Yeol and U.S. President Joe Biden to expand the allies’ mutual defense treaty into the digital domain. Also in 2023, during their inaugural summit, the leaders of Japan, South Korea and the U.S. announced a plan to counter North Korea’s malicious cyber activities, including the digital theft that funds Pyongyang’s banned nuclear and ballistic weapons programs.
Other partnerships expanding throughout the Indo-Pacific include:
The India-U.S. Cyber Security Initiative, which unites experts to minimize threats and promote stability.
Enhanced cooperation between Indonesia and the U.S., whose leaders have committed to countering cyber threats from state and nonstate actors.
Philippines-U.S. defense guidelines to “secure critical infrastructure and build protection against attacks emanating from state and non-state actors by strengthening interoperability.”
A memorandum of understanding between Singapore and the U.S. to strengthen information sharing and foster cybersecurity exchanges.
A pledge by Thailand and the U.S. to deepen technology collaboration to ensure criminals are prosecuted and critical infrastructure is protected.
Cybersecurity talks between Vietnam and the U.S., along with Hanoi’s planned collaboration with U.S. experts to combat cybercrime and other digital threats.
The DOD’s cyber strategy emphasizes supporting Allies and Partners globally to build cyber capacity, enhance workforces and expand access to secure infrastructure — all central to digital deterrence and resilience. “The United States’ diplomatic and defense relationships represent a force multiplier that extends into cyberspace, enabling rapid coordination and awareness of emerging threats,” the strategy states. “To this end, we will improve our effectiveness and security in cyberspace by fostering a community of cyber-capable nations with shared interests and values.”