The Great Firewall War: Deconstructing US-China Cyber Strategies

The ongoing cyber conflict between the US and China is getting worse. The US has stepped up its efforts to tackle the increasing cyber threats from China.

China’s advanced cyber capabilities come with huge dangers. They target crucial sectors in the US as they seek to access sensitive information and disrupt key operations. This situation has prompted the US to strengthen its cyber defences.

However, the US response to the cyber challenge posed by China is comprehensive. As these Chinese cyber tactics are getting complex, the US has adjusted its strategies. Now, they are focusing on defence and offence policy in the cyber landscape.

And it’s all aimed at maintaining national security as it contributes to the stability of the international cybersecurity landscape.

This article dissects the complex facets of the US-China cyber conflict. We’ll examine the evolving strategies employed by both nations. We’ll also analyze the tactical efforts being made by the US to combat these malicious attempts by Chinese hackers.

Now, let’s hone in on the details.

Recent U.S. Offensive Measures Against Chinese Hackers

• The US Department of Justice indicted four Chinese nationals affiliated with the Hainan State Security Department for hacking Equifax in 2017.
• Equifax is a credit reporting agency. The attack exposed the personal information of over 147 million Americans.
• The Treasury Department sanctioned two Chinese companies and one individual for their involvement in “malicious cyber activities” against critical infrastructure. The Treasury alleged the companies provided “critical infrastructure hacking tools and services” to state-sponsored actors.
• The Cyber Command conducted offensive cyber operations against Chinese APT groups responsible for attacks on Microsoft Exchange servers. The operation aimed to impair their capabilities.
• The NSA released a Cybersecurity Information Sheet. It details tactics and procedures used by Chinese state-sponsored cyber actors.
• The State Department collaborated with the UK and Australia to publicly attribute global ransomware attacks to a Chinese hacking group known as APT41

That was a rare occasion when the USA publicly named a specific Chinese actor.

Chinese ‘Volt Typhoon’ Hackers Target US Critical Infrastructure

Volt Typhoon is a Chinese state-sponsored cyber threat activity. This group targeted critical infrastructure across the United States and elsewhere, including Guam.

They targeted sectors like:

• communications,
• healthcare,
• manufacturing,
• utility,
• transportation,
• construction,
• maritime,
• government,
• information technology,
• education,
• And more.

Volt Typhoon attackers typically use “Living off the land” (LOTL) techniques to pre-position themselves on IT networks.

Basically, they aim for disruptive/destructive cyber activities against U.S. critical infrastructure during any major crisis between the two countries.

The Implications of Chinese Cyber Attacks on the USA

It’s quite known now that it’s part of a broader effort to infiltrate Western critical infrastructure i.e. naval ports, internet service providers, utilities, etc.

The campaign’s technique modifications have caused alarm among intelligence officials. It’s led to collaboration between the White House and the private sector to track and counteract this activity.

The hacking efforts could potentially enable China to disrupt important facilities in the Indo-Pacific region that support U.S. military operations. So, there are big concerns about U.S. readiness in case of a conflict over Taiwan​​.

FBI Director Christopher Wray highlighted the targeting of U.S. critical infrastructure by Chinese government-linked hackers. Wray emphasized the intention of these state-sponsored operations to cause “real-world harm” to Americans.

His words indicate that such cyber intrusions could serve as preliminary strikes in the event of a conflict. And, they could potentially undermine civilian infrastructure and military mobilization capabilities​​.

The U.S. Disrupts Botnet Chinese Hackers Used to Hide Hacking of Critical Infrastructure

The Volt Typhoon attacks compromised thousands of internet-connected devices. The Justice Department and the FBI obtained legal authorization to disable aspects of this hacking campaign.

To combat these threats, the US has adopted a dual approach.

First, it has enhanced its cybersecurity strategies. It’s now upgrading systems and processes to shield against sophisticated cyber attacks.

This involves deploying advanced technologies and fostering collaborations between government and private sectors.

As the ramifications of these attacks have extended beyond national security, these efforts are crucial in mitigating the global implications of cyber threats.

Second, the US is now taking offensive cyber measures. This proactive stance involves disrupting potential cyber-attacks before they can cause harm. Now, that’s a clear shift in the traditional defensive posture.

These actions illustrate the U.S. government’s proactive stance against cyber threats. They are making clear efforts to protect critical infrastructure from foreign espionage.

Why the US Response to Chinese Hacking Matters?

National Security Implications:

Targeting critical infrastructure i.e. communications, energy, water sectors, etc. directly threatens national security and public safety. It reflects the capability and intent of state-sponsored actors to disrupt essential services.

International Relations and Cyber Diplomacy:

Identifying Volt Typhoon as a China-sponsored initiative adds tension to complex U.S.-China relations.

It highlights the challenges in cyber diplomacy and the need for robust cybersecurity measures.

Public Awareness and Cybersecurity Posture:

The public disclosure of such cyber espionage activities increases awareness among critical infrastructure operators.

It underscores the importance of improving cybersecurity measures and sharing threat intelligence to defend against sophisticated cyber threats.

Unveiling US Counter-Hacking Strategies Against Chinese Cyber Threats

To address the Chinese cyber threats more effectively, the U.S. has employed a strategic mix of offensive measures and technological advancements. They are now using to bolster its cybersecurity posture, including

• Objective data,
• Quotes from officials,
• Specific technologies

Legal Framework:

The U.S. utilized all possible legal channels as officials stated the importance of lawful actions. The Justice Department and FBI received legal authorization for their operations.

Public-Private Collaboration:

The U.S. engaged with companies like Cisco and Netgear ( they were affected by the ‘KV Botnet’ malware). It demonstrates the collaborative efforts between the government and the private tech sector​.

Malware Eradication:

The FBI’s operation to remove ‘KV Botnet’ malware from compromised routers shows the use of advanced cybersecurity tools to cleanse infected devices. .

Jen Easterly, director of CISA, emphasized the need for robust device security and urged manufacturers to eliminate vulnerabilities. Indeed, it’s a considerable move to bolster the resilience of critical infrastructure against cyber intrusions​​.

Analyzing the Effectiveness of the U.S. Response

Proactive Measures:

The U.S. demonstrated a proactive approach by disrupting Chinese hacking operations, showcasing the effectiveness of offensive cyber actions in neutralizing immediate threats. This highlights the value of anticipatory measures in cybersecurity.

Legal and Ethical Frameworks:

The U.S. actions were grounded in legal authorization, underscoring the importance of adhering to legal and ethical standards in cyber operations. This approach ensures that responses are justified and sustainable over the long term.

Public-Private Partnerships:

The collaboration between the U.S. government and tech companies like Cisco and Netgear illustrates the strength of public-private partnerships. Leveraging the expertise and resources of the private sector can significantly enhance the effectiveness of cyber defense strategies.

U.S. Response to Chinese Cyber Threats: Global Cybersecurity Impact

The U.S. response to Chinese hacking activities has Broader Ramifications. This situation highlights the complexities of enforcing rules in cyberspace, where state and non-state actors often operate in a grey zone.

International Cooperation:

The incident emphasizes the importance of international cooperation in cybersecurity.

The U.S. engagement with private tech companies and the mention of collaborative efforts suggest a move towards more collective defence strategies. Such strategies involve national governments and global tech industry players.

Cyber Deterrence Strategies:

The proactive measures taken by the U.S. reflect a shift towards more aggressive cyber deterrence strategies.

By publicly disrupting significant hacking operations, the U.S. sends a clear message to adversaries about its capabilities. The nation has also conveyed its willingness to act against cyber threats.

Economic and Political Tensions:

The cybersecurity conflict between the U.S. and China is set against a backdrop of broader economic and political tensions. Issues like trade disputes and geopolitical rivalries could arise.

Cybersecurity incidents can exacerbate these tensions. They can lead to a more complex international landscape that affects diplomatic relations and global market stability.

Identifying Areas for Improvement in Future Cyber Defense Strategies

International Collaboration:

Sure, the U.S. has engaged domestically with specific companies. However, there’s room for expanding international collaboration.

They need to build a more coordinated global response to cyber threats to enhance collective resilience.

Transparency and Communication:

If they can build transparency about cyber threats and defence efforts, they can build public trust and improve stakeholder cooperation.

Clear communication about cyber risks and defence strategies is crucial for a unified response.

Continuous Learning and Adaptation:

The cyber threat landscape is constantly evolving. It necessitates ongoing learning and adaptation of defence strategies. Investing in research and development and continuous training of cybersecurity personnel can keep cybersecurity defences ahead of emerging threats.

Infrastructure Resilience:

Targeting critical infrastructure highlights the need for enhanced resilience across these systems.

Future strategies should prioritize securing infrastructure against cyber intrusions. There should be more robust security protocols and redundancy systems

Regulatory and Policy Frameworks:

Developing and refining regulatory and policy frameworks can provide clearer guidelines for cybersecurity practices. This can help ensure a cohesive approach to cybersecurity across different sectors and industries.

Cyber Hygiene and Awareness:

Promoting better cyber hygiene and raising awareness among the general public and within organizations are key areas for improvement. Educating users about cybersecurity best practices can reduce vulnerabilities and bolster overall defence.

Recap: U.S. Response to Chinese Cyber Threats & Global Cybersecurity Impact

• The U.S. took decisive action against Chinese cyber threats. The actions showcase a proactive and legal approach.
• Offensive cyber operations and public-private partnerships were crucial in disrupting hacker activities.
• The situation highlighted the importance of international cooperation and the need for a global cyber norm.

US Offensive Measures Against Chinese Hacking in 2024:

• The US Treasury Department sanctioned 5 Chinese individuals and 1 company linked to the WannaCry 2.0 ransomware attack. They were impacting critical infrastructure worldwide.
• The US House Armed Services Committee proposed a $7 billion increase in funding for offensive cyber operations. And, their main target for such operations is, of course, China.
• The Secretary of State Antony Blinken held a virtual meeting with his Chinese counterpart. He emphasized the cooperation on cybersecurity and expressed his concerns about “malicious cyber activities” from China.
• Reports from Politico suggest the US Cyber Command collaborated with European allies to disrupt a major Chinese hacking of financial institutions.
• The US Senate introduced the “Critical Infrastructure Security Act of 2024.”

The act aims to strengthen cyber defences of critical infrastructure sectors. Here, as well, China is implicitly implicated as a potential threat.

Key Cybersecurity Measures Every Company Must Implement

• Make sure all employees use complex passwords that are hard to guess.
• Keep all software updated with the latest security patches.
• Teach staff how to spot suspicious emails that could be phishing attempts.
• Use strong firewalls to block unauthorized access to company networks.
• Encrypt sensitive data so that even if hackers access it, they can’t read it.
• Regularly backup important data to a secure location in case of a cyber attack.
• Require multiple steps (like a password and a code sent to a phone) to access sensitive systems.
• Use software to constantly monitor for unusual activity on company networks.
• Have a plan for what to do if a cyber attack occurs, including who to contact and how to minimize damage.
• Work with other companies and cybersecurity experts to share information for dealing with cyber threats.

Wrapping it Up:

The U.S. response to Chinese cyber activities provides a foundation for assessing the effectiveness of current strategies for security enhancement.

We need to build on these lessons and strengthen our future cyber defence strategies. They have to be more robust and collaborative to ensure better preparedness against sophisticated cyber threats.

Security & Compliance Services: Windows Management Experts 

The evolving cyber threat landscape is threatening. As demonstrated by the recent U.S. actions against cyber threats, the importance of robust cybersecurity measures has never been more apparent.

As the cyber threats have become more sophisticated, government agencies can partner with WME for cybersecurity and compliance needs.

We ensure your organization is protected against current threats and prepared for future challenges.

With WME, you can focus on your core business activities with peace of mind that your cybersecurity and compliance needs are in expert hands. WME is at the forefront of providing top-notch cybersecurity and compliance services.

Windows Management Experts is Now A Microsoft Solutions Partner for:

✓ Data & AI

✓ Digital and App Innovation

✓ Infrastructure

✓ Security

The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.

Why Choose WME for Cybersecurity and Compliance Services:

• We boast a team of seasoned cybersecurity professionals with deep expertise in dealing with cyber threats and ensuring compliance with the latest regulations.
• We understand that each organization has unique needs. So, we offer customized cybersecurity solutions for your specific requirements and risk profile.
• We leverage the latest in cybersecurity technologies. We ensure your defences are always ahead of potential threats, much like the proactive measures highlighted in recent U.S. cyber operations.
• We navigate the complex landscape of regulatory compliance, which can be daunting. WME simplifies this process and ensures your organization adheres to all relevant regulations. This way, we help you mitigate legal and financial risks.
• Beyond immediate cybersecurity solutions, we provide ongoing support and education to your team. We ensure a culture of cyber awareness and resilience.