WASHINGTON — China and Russia are prepared to unleash a flurry of cyberattacks on U.S. critical infrastructure and defense networks should war break out, according to a Pentagon strategy unveiled this week.
Such tactics, meant to sow chaos, divert precious resources and paralyze military mobilization, were observed in Eastern Europe during Russia’s invasion of neighboring Ukraine, a conflict that colors the Pentagon’s new 2023 Cyber Strategy. An unclassified summary of the document was made public Sept. 12.
“The United States is challenged by malicious cyber actors who seek to exploit our technological vulnerabilities and undermine our military’s competitive edge,” its introduction reads. “They target our critical infrastructure and endanger the American people. Defending against and defeating these cyber threats is a Department of Defense imperative.”
Defense officials have long considered China and Russia national security hazards. While China poses the most-serious and long-term threat, they say, Russia presents more-immediate concerns. Both countries wield serious cyber arsenals. An International Institute for Strategic Studies report in 2021 placed China and Russia in tier two of its cyber powerhouse rankings. The U.S. sat in first.
The strategy, which supersedes a 2018 version, describes China as a “broad and pervasive” cyber espionage threat, one capable of absconding with defense trade secrets and monitoring U.S. citizens. It further labels Russia an online manipulator and harasser of critical infrastructure such as pipelines, hospitals and transportation.
“Cyber issues everywhere — in critical infrastructure, domestically and abroad — are something that’s front and center on the minds of our key senior leaders,” Gregory Touhill, a retired Air Force brigadier general and former federal chief information security officer, said Sept. 11 at a conference in National Harbor in Maryland. His comments came before the publication of the strategy’s summary.
“We continue to see critical infrastructure as a target for cyber-enabled attacks, including things like denial-of-service, malicious software, ransomware, theft of intellectual property,” he added. “We’re very concerned about that.”
The Pentagon’s strategy cleaves with the White House’s digital defense plans, which were rolled out in March. In them, the Biden administration vowed to employ “all instruments of national power” to disrupt and dismantle malicious cyber actors near and far.
Doing so will require significant collaboration with foreign governments, industry leaders and more.
“The nation’s constellation of diplomatic and defense relationships represents a foundational strategic advantage,” the Pentagon strategy reads. “In cyberspace, the capabilities of allies and partners combine with those of the United States to enable timely information sharing and interoperability as well as contribute to our collective security.”
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.