China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the Department of Defense (DoD) has claimed.
The agency’s 2023 Cyber Strategy highlighted the People’s Republic of China (PRC) and Russia’s embrace of malicious cyber activity “as a means to counter US conventional military power and degrade the combat capability of the Joint Force.”
The DoD’s report noted that China has engaged in prolonged campaigns of cyber espionage, theft and compromise against US critical infrastructure, including the Defense Industrial Base (DIB). In the event of a war, the DoD believes China is likely to launch destructive cyber-attacks against the US Homeland in order to hinder military mobilization, sow chaos, and divert attention and resources.
The report also emphasized the cyber threats posed to the US and its citizens by other nation-states, such as North Korea and Iran, as well as financially-motivated transnational criminal organizations. These criminal groups are frequently aligned with nation states, increasingly threatening US national security, stated the report.
How to Address Current and Future Threats
As a result of these threats, the DoD said that cyberspace operations are indispensable to the military strength and integrated deterrence of the US and its allies. It set out four strategies it will pursue to address current and future cyber-threats:
1. Defend the Nation
The Department plans to identify malicious cyber activity in the early stages of planning development and work with other agencies to publicize this information to help organizations better defend their systems.
Other initiatives include working with law enforcement to disrupt threat actors and degrading their supporting ecosystems as well as developing a comprehensive approach for the protection and recovery of critical DIB elements.
2. Prepare to Fight and Win the Nation's Wars
The DoD said it will promote cyberspace operations among allies to achieve informational and military advantages, as well as deterring adversaries from taking coercive actions against the US.
It will also ramp up its defensive measures of the Department of Defense Information Network (DODIN), which contains data of mission-critical information technology and weapons systems. This includes modernizing cryptographic algorithms across weapons systems, data links and networks.
3. Protect the Cyber Domain with Allies and Partners
The Department aims to build the capacity and capability of allies and partners in cyberspace and expand avenues of potential cyber-cooperation. This involves illuminating malicious cyber activity on their networks and reinforcing responsible state behavior by encouraging adherence to international law and internationally recognized cyber norms.
4. Build Enduring Advantages in Cyberspace
Institutional reforms are required in the DoD to gain long-term advantages in cyberspace, according to the report. Among the approaches to be pursed are optimizing the organizing, training and equipping of the Cyberspace Operations Forces and Service-retained cyber forces.
The Department also expects every serving military personnel to be responsible for exercising cyber awareness and managing cyber risk.
Commenting on the report, Ted Miracco, CEO, Approov Mobile Security, welcomed the DoD’s ambition to enhance global security partnerships and cooperation. However, he said this requires a wider approach far beyond the DoD’s capabilities.
“This strategy's direction is right, but execution will determine whether it leads to meaningful improvement in cyber resilience as talk of information sharing and partnership is good, but only if it is backed-up by real, sustained commitments. The strategy's emphasis on sharing actionable intelligence to enable better private sector defenses, rather than just mopping up after the fact, is wise, but it will require overcoming cultural obstacles,” warned Miracco.