On Dec. 3, the White House backed away from sanctioning China’s spy agency, the Ministry of State Security (MSS), that carried out one of the most extensive hacking campaigns in U.S. history against critical infrastructure. The administration reportedly halted these sanctions to preserve a trade truce that U.S. President Donald Trump and Chinese General Secretary Xi Jinping struck at the Busan summit in October.
This sends the wrong message to Beijing, as well as to U.S. allies in the Indo-Pacific caught in China’s cyber crosshairs. Trump’s new National Security Strategy (NSS) explicitly calls for burden-sharing, arguing that allies must “assume primary responsibility for their regions,” while the United States serves as a “convener and supporter” in regional defense. Backing away from sanctions after a major China-linked hacking campaign undercuts that logic: burden-sharing collapses if the United States is not willing to bear economic or political costs itself. If the world’s largest economy will not confront China’s cyber operations, how can it credibly ask Indo-Pacific allies — who have far less leverage over Beijing — to step up?
There is still time to recalibrate. To counter Beijing’s cyberattacks and operationalize burden-sharing, the United States must use its unique leverage to impose costs on China while enabling Indo-Pacific allies to lead cyber defense in the region.
Beijing Exploits Cyber Weakness Across the Indo-Pacific
The U.S. intelligence community identifies China as the most persistent and active cyber threat to U.S. networks. In 2024, the Chinese state-sponsored hacking group Salt Typhoon carried out one of the most severe breaches of U.S. telecommunications companies. Just weeks before Trump met with Xi in October, the United States uncovered another major China state-backed cyber intrusion of the cybersecurity vendor F5, triggering an emergency directive from the lead U.S cyber agency. Yet, the cyber threat to Washington extends far beyond the homeland. China’s cyber operations have already infiltrated networks supporting U.S. forward deployed forces across the Indo-Pacific, targeted export controls on critical technologies, and spread disinformation campaigns designed to erode trust in U.S. alliances.
U.S. regional partners also bear the full brunt of Beijing’s cyber coercion. In Taiwan alone, China-linked hackers target critical infrastructure and government networks roughly 2.8 million times a day — a 17 percent jump from last year. Over the past five years, Chinese hacking groups have targeted Japan’s national security and critical technology data over 200 times.
Indo-Pacific cyber defenses are not keeping pace with threats from China. The region is experiencing rapid digitalization — often without matching investments in cybersecurity. In Southeast Asia alone, the digital economy could reach up to $1 trillion in gross merchandise value by 2030. This surge in connectivity is fueling growth, but it also expands the attack surfaces that state-backed hackers, and other malign cyber actors, can exploit — underscoring the urgent need for collective investments in cyber defenses.
The lack of cybersecurity personnel in the region emboldens Beijing’s hackers. When breaches occur, scant cyber workforces struggle to root out China’s hostile activity. Identifying the attackers takes weeks — if it happens at all — and allied cyber defense resources often arrive after the damage is done. The numbers are stark. There are only around 200 highly certified cybersecurity professionals in the Philippines, and Japan’s cyber workforce shortfall nearly doubled between 2022-2023. At the same time, China operates a hacking program larger than that of every major country combined.
Beijing’s economic leverage is also blunting efforts to counter China’s cyber operations. For example, the Philippines made no official attribution statement against its largest trading partner, China, when Beijing-backed attackers infiltrated the government and stole sensitive military data earlier this year. The same story plays out in South Korea, Japan, and Taiwan — leaders condemn cyber espionage in vague terms but hesitate to call out Beijing specifically when trade is on the line.
To counter Beijing’s cyber operations across the Indo-Pacific, Washington should lead its treaty allies in building a new “Cyber Shield” for the region. In this proposed framework, Washington would provide strategic capacity-building resources while allies commit to measurable investments in their own cyber defenses — enabling greater regional integration and capability to defend against cyber threats. This framework would also define options for a collective response to move away from ineffective, ad hoc reactions that only embolden China.
Toward an Indo-Pacific Cyber Shield
While an Indo-Pacific Cyber Shield will not stop Beijing’s cyber aggression, it will certainly raise the cost for China. The recommendations below operationalize the proposed Cyber Shield across three pillars — joint resolve, joint resources, and joint response.
Joint Resolve
Countering Beijing’s cyber operations starts with conveying the joint resolve of the United States and its Indo-Pacific allies. Washington and its regional partners should issue a joint statement condemning China’s cyber activity and commit to a significant collective response if Beijing’s cyber operations continue. Such a statement would undercut Beijing’s denials of its cyber operations. It would also help signal resolve and bolster awareness by publicly highlighting Beijing’s hostile cyber operations. A joint advisory — issued by the FBI and European allies in August — offers a model to replicate. The United States and its allies should increase the cadence of these alerts following major China-backed infiltrations.
Joint Resources
Increasing joint cyber defense capabilities will be the most critical component of countering China’s cyber aggression. To operationalize the Cyber Shield, U.S. capacity building resources should scale with greater partner investments in cyber defenses. This reflects the National Security Strategy’s burden-sharing model in practice. Regional allies must improve the technical capacity to identify evidence of Chinese hacking when a breach occurs, quickly patch vulnerabilities, and bolster resilience of critical networks to thwart future intrusions. The United States is making important progress on cyber defense capacity building in the region. U.S. Cyber Command has deployed more than 85 times to over 30 countries in partner-enabled missions to hunt for hostile activity on networks. The U.S. Cybersecurity and Infrastructure Security Agency has also conducted several capacity-building exercises, including with Japan in 2024 on maritime cybersecurity.
For their part, Indo-Pacific allies and partners participate in multiple U.S.-led military exercises that have a cyber component, including the annual Cyber Flag exercise hosted by the U.S. Cyber Command. The United States has also prioritized negotiating an intelligence sharing agreement with the Philippines, and both countries approved a major intelligence sharing upgrade in 2024. The United States should leverage these engagements to share cyber threat intelligence and provide a clear roadmap for how allies can receive greater cyber defense support from Washington.
Critically, U.S. allies in the Indo-Pacific need to invest in their own cyber defenses. In exchange for access to U.S. cyber defense resources and information, allies should modernize military and intelligence cyber capabilities, upgrade and strengthen intelligence systems, and provide a clear legal pathway for U.S. Hunt Forward operations — defensive operations conducted by U.S. Cyber Command at the request of a host nation — to root out hostile activity on partner networks. Most importantly, allies should remove insecure ICT infrastructure, especially from companies like Huawei and ZTE, that pose a significant cyber espionage risk.
Joint Response
If a breach occurs, the United States and its regional allies must be ready to impose costs on Chinese state-backed hackers. In addition to bolstering domestic cyber defenses, the United States should develop a joint escalation ladder with its regional allies outlining a variety of responses to state-backed cyber aggression. The European Union’s Cyber Diplomacy Toolbox shows what a coordinated diplomatic response to malign cyber activity can look like. While U.S. Indo-Pacific allies are not as politically or institutionally integrated as the European Union, the region can apply similar tools while leveraging the multiple existing cyber coordination channels between the United States, Japan, South Korea, and the Philippines.
Legal action is an important but underutilized tool in the cyber context. The United States has indicted China-linked hackers multiple times, including two hackers linked to the Chinese Ministry of State Security in 2018, and employees of i-Soon — a company that carried out cyber operations on behalf of the Chinese government — last March. Indo-Pacific allies are beginning to take similar steps, albeit less frequently. In 2021, for example, Japanese law enforcement investigated a Chinese hacker over alleged involvement in cyberattacks on about 200 companies, including the Japan Aerospace Exploration Agency. The United States should work with Indo-Pacific allies to develop frameworks to prosecute China-linked hacking, especially for threat groups like Salt Typhoon, that target both the United States and the Indo-Pacific.
The Cyber Shield framework would also encourage its members to levy economic sanctions against known Chinese cyber threat actors. Despite the reported White House walk-back, the United States has sanctioned China-backed hackers multiple times, including Zhou Shuai, a Shanghai-based cyber actor, last March. Similarly, the United States, Australia, and the United Kingdom jointly issued sanctions against Aleksandr Ermakov, a Russian hacker who breached Australia’s largest private health insurance provider, in January 2024. The United States should coordinate similar sanctions regimes with its Indo-Pacific allies after significant cyberattacks, especially if the threat actor targets multiple allied countries.
Finally, the United States and its regional allies should prepare to respond with offensive cyber operations when necessary and legal to make China-backed hackers pay. Seoul and Tokyo are already honing their offensive cyber capabilities: South Korea’s 2024 National Cybersecurity Strategy calls for intelligence and military agencies to “preemptively and offensively respond to threats,” while Japan’s new active cyber defense legislation authorizes the neutralization of adversary servers. This further aligns Indo-Pacific allies with Washington’s Defend Forward cyber posture, which calls for disrupting adversary cyber threats before they reach domestic networks. The United States should take advantage of this alignment in strategy by prioritizing the development of joint offensive cyber capabilities during military exercises like Cyber Flags.
* * *
Without a new framework to counter China-backed cyber operations in the region, Beijing and other state-backed cyber groups will continue escalating their cyber operations to spy, steal, and sabotage with near impunity. A new Cyber Shield would translate the National Security Strategy’s burden-sharing concept to Indo-Pacific cyber defense, enabling allies to take greater responsibility in countering state-backed cyber threats. A Cyber Shield will not eliminate Beijing’s cyber intrusions, but it will finally enable the United States and its Indo-Pacific allies to act faster, coordinate responses, and impose costs on China.
FEATURED IMAGE: A U.S. hacker sitting opposite of a Chinese hacker (via Getty Images)
Great Job Morgan Peirce & the Team @ Just Security Source link for sharing this story.
