The Trump administration’s new cyber strategy declares China the United States’ primary cyber adversary and promises to “take the fight” to Beijing in cyberspace. On paper, it sounds like a decisive break from the past: more offense, more pressure, more focus on Chinese actors. In practice, the strategy risks doing the opposite of what it intends. It elevates offensive operations while loosening key defensive measures at home, leaving the United States rhetorically tougher but operationally more exposed.
A strategy that puts China front and center
The new approach, anchored in moves like Executive Order 14306, clearly and repeatedly names China as the “most active and persistent” cyber threat to U.S. government, private sector, and critical infrastructure. The administration’s messaging frames Chinese cyber activity as a strategic, long‑term campaign: intellectual property theft, political influence, data collection, and pre‑positioning in critical infrastructure for potential future conflict.
That clarity has value. It strips away euphemism and acknowledges that Chinese hacking is not just about discrete incidents; it’s a structural feature of China’s rise and its global competition with the United States. Framing the threat explicitly can help align agencies, budgets, and political attention.
But the way the strategy proposes to respond—by doubling down on offense—misunderstands what makes China such a difficult cyber adversary in the first place.
The ‘offense‑first’ trap
At the heart of the new strategy is a sharpened offensive posture. The administration emphasizes disruptive operations against Chinese infrastructure, “imposing costs” on Beijing and “taking the fight” to Chinese operators. This builds on years of “persistent engagement” doctrine but gives it more political backing and visibility.
The problem is scale, resilience, and incentives:
- China’s cyber apparatus is massive and state‑backed. It can rebuild infrastructure and reassign personnel faster than the U.S. can burn them down.
- Many Chinese operations are tied to core national objectives — economic development, regime security, and military advantage. Limited cyber‑on‑cyber retaliation is unlikely to change that calculus.
- Offensive operations can temporarily disrupt campaigns, but they rarely dismantle the underlying capability or political will.
In other words, offense can be useful tactically — especially against non‑state actors like ransomware groups — but it is not a substitute for a strategy against a major power with deep resources and clear long‑term goals. Treating offense as the main answer to China’s cyber threat gives a false sense of control while the structural balance continues to favor Beijing.
Pulling back on defense when China is already inside
The most worrying aspect of the new strategy is not what it adds, but what it quietly removes or de‑prioritizes on the defensive side.
Recent moves have:
- Paused or rolled back secure‑software attestation requirements for federal vendors, weakening incentives to bake security into the software supply chain that underpins federal systems.
- Softened parts of the previous digital‑identity and infrastructure‑hardening agenda, in the name of reducing regulatory “burdens” on industry.
- Created uncertainty and delay around incident‑reporting rules and baseline requirements for critical infrastructure, at the very moment Chinese operators are aggressively pre‑positioning in those networks.
If you believe, as most serious analysts do, that Chinese access is already widespread in U.S. critical infrastructure and sensitive networks, then the primary challenge is denial and resilience: making it harder for that access to translate into strategic effects in a crisis. That means patching, segmentation, logging, detection, and rehearsed incident response — all the unglamorous, expensive defensive work that never makes for good slogans.
Dialing back these efforts while championing more offensive operations is like upgrading your long‑range missiles while laying off half your firefighters.
Misaligned tools for a strategic adversary
Another fault line in the new strategy is how it connects (or fails to connect) cyber operations with broader China policy.
To meaningfully change Beijing’s behavior, cyber responses need to be integrated with:
- Trade and export controls that hit the sectors benefiting from stolen intellectual property.
- Diplomatic coalitions that raise the reputational and political cost of high‑impact campaigns.
- Investment screening and data‑protection rules that limit China’s access to sensitive information via legal and commercial channels, not just hacking.
Instead, the rhetoric leans heavily on “hitting back” in cyberspace, with less emphasis on these cross‑domain levers. That might be politically satisfying, but it underuses the tools that actually bite in Beijing’s calculus: markets, technology access, and diplomatic isolation.
There’s also a risk of escalation signaling. Highly visible offensive operations against China, coupled with a thinner defensive posture at home, can encourage Beijing to double down on pre‑positioning and coercive signaling in U.S. networks, especially around crises like Taiwan.
What a smarter China‑focused cyber strategy would look like
A more effective approach to China in cyberspace would almost invert the current emphasis. It would still use offense, but as a supporting tool, not the centerpiece. Three shifts stand out:
- Defense‑first, especially where China is already present
- Treat Chinese pre‑positioning in critical infrastructure as a national emergency for resilience planning.
- Prioritize hardening and monitoring in sectors where Chinese access would have the greatest wartime or crisis leverage: power, telecoms, logistics, defense industrial base, and key financial rails.
- Restore and refine — rather than discard — mechanisms like secure‑software attestations and strong baseline requirements for federal and critical‑infrastructure systems.
- Targeted offense, not performative offense
- Focus disruptive operations where they clearly change outcomes: dismantling specific campaigns, buying time during patch cycles, or protecting allies and partners facing acute Chinese pressure.
- Avoid burning high‑value accesses just to show activity; prioritize operations that meaningfully delay or degrade China’s ability to act at critical moments.
- Integrated China policy, not a siloed cyber fight
- Link major cyber incidents to tangible consequences in trade, tech access, or investment, so the message to Beijing is coherent and predictable.
- Work with allies on joint statements, coordinated sanctions, and shared defensive investments, especially where Chinese campaigns target multiple states simultaneously.
- Use cyber dialogues and crisis‑communication channels not as a concession, but as a tool to manage escalation and set expectations about thresholds.
Why this matters now
China’s cyber campaigns are not static. They are evolving with AI, cloud, and supply‑chain interdependencies, and they are increasingly intertwined with broader geopolitical competition. A U.S. strategy that overvalues offense and undervalues defense might be survivable against dispersed criminal groups. Against a peer competitor preparing for future crises, it is a structural vulnerability.
The core critique of the new U.S. cyber strategy is simple but consequential: it misreads the nature of the China challenge. It treats cyber as a domain where the United States can “win” by hitting harder, rather than as an environment where resilience, denial, and integrated statecraft are the only sustainable advantages.
For policymakers, practitioners, and observers, the key question is not whether Washington sounds tough on China in cyberspace. It is whether, when a real crisis comes, the United States has made itself harder to coerce, harder to disrupt, and harder to surprise. On that metric, the current balance between offense and defense is moving in the wrong direction.
Leave a comment