China’s cyber-attacks are getting out of hand. Cyber-attacks are conducted for crime, espionage, and political signaling – by state and non-state actors – to access, disrupt, and destroy information and physical systems. The more we depend on the electromagnetic spectrum, the higher our vulnerability. That is why defense and deterrence are both critical. Biden just sanctioned Russia, trying to deter future attacks. Why not China?
Here is the nub. While US cyber-defenses are complex, bridge administrations, and perpetually evolve, political actors, play a role. They must prioritize cyber-defense, as physical outcomes increasingly depend on cybersecurity, and send clear signals – deterrent signals – when state actors violate established, unspoken norms, as Russia and China have recently done.
Russia – through a massive hack called Solar Winds – spent months penetrating nine federal agencies, roughly 100 US companies. China masterminded a major hack – not their worst, the Obama-era theft of 20 million sensitive security files, but a major hit affecting 30,000 organizations across the US, rippling far wider. See, e.g., https://www.csmonitor.com/USA/Politics/2021/0416/How-Biden-is-boosting-cyber-defenses-against-Russia-and-China; https://www.sify.com/finance/how-solarwinds-cyber-attack-forced-us-to-sanction-russia-news-topnews-veqiyxefgfcdd.html.
Late last year, China also shut down India’s power grid in Mumbai, affecting 20 million, aimed at affecting a China-India border. China threatened a blackout of US Navy ships in the South China Sea, while Russia blacked out Ukraine in 2020, and Israel reportedly just blacked out Natanz, Iran – focus of Iran’s nuclear enrichment. All this portends “cyber-blackout wars.” See, e.g., https://www.washingtontimes.com/news/2021/apr/14/natanz-blackout-a-harbinger-of-future-war-with-ira/.
The main point is more immediate. Defensive cyber-activity, espionage, and political signaling are one thing, offensive cyber-attacks another. Biden’s national security team sanctioned Russia for the 2020 Solar Winds cyberattack, effects lingering into 2021. Biden has yet to sanction China for their major 2020 attack, with effects continuing into 2021. Why not?
Imposing public sanctions on Russia – sending a deterrent signal tied to the damage done – was right. But China is no less culpable, arguably more aggressive in pressing Communist aims through offensive cyber-attacks. Their recent attack nobbled European agencies, including the European Banking Authority.
If China is willing to penetrate, steal from, and disrupt major US companies – and historically, US agencies – plus blackout major cities for political advantage, threaten to blackout US Navy ships, hit agencies managing international finance, and become as aggressive in cyberspace as imprisoning millions of Uighurs, militarizing artificial islands in trade routes, suppressing Hong Kong, threatening Taiwan, and – most recently – suppressing Western media in China and Hong Kong, while also starting a pandemic, is it not time for Biden to sanction their cyber-audacity? If not now, when? See, e.g., https://www.tulsatoday.com/2021/03/19/lessons-of-the-china-india-blackout-war/; https://www.wearethemighty.com/mighty-trending/navy-cyber-siege-chinese-hackers; https://www.express.co.uk/news/world/1422278/South-China-Sea-news-beijing-taiwan-military-jets-increasingly-aggressive-war-ont.
While Biden did sanction China for human right violations, retains some Trump trade restrictions, and is using export controls, the only way to deter cyber-war with China – an aggressive, unapologetic promotor of offensive cyber-attacks that disrupt global trade, safety, and security – is to say “enough.” The time has come to sanction China in a serious way for major cyber-attacks. See, e.g., https://www.nytimes.com/2021/04/13/us/politics/china-national-security-intelligence-report.html; https://nam12.safelinks.protection.outlook.com.
Historically, Biden has been weak on China. Most understand why, but the stakes are changing – fast. The importance of deterrence is growing – in every venue, especially cyberspace. China has made no secret of its aspirations, willingness to push the envelope, challenge America. As the stronger economy, military, and moral power – based on freedom, not fear – we must respond. See, e.g., https://news.yahoo.com/mcfarland-biden-historically-very-weak-190517281.html; https://www.msn.com/en-us/news/politics/nearly-4-in-10-americans-say-biden-is-weak-on-china-new-insider-poll-shows/ar-BB1dUCw4; https://townhall.com/tipsheet/mattvespa/2021/04/08/bidens-weakness-allows-china-to-surround-taiwan-with-air-and-sea-military-exercises-n2587582.
Targeted, credible, no-nonsense sanctions against China for their cyber-attacks are overdue. Boldly working – in public and private – to deter cyber-aggression will also deter other bad acts. That is what is needed now, as China continues smashing world security norms, running roughshod over Western values, and promoting Communist ideology the way it smashes printing presses in Hong Kong. https://cpj.org/2021/04/masked-men-ransack-epoch-times-printer-in-hong-kong/.