China and Russia are prepared to launch destructive cyber attacks on U.S. critical infrastructure to “sow chaos and hinder military mobilization” in the event of war breaking out, according to a new Pentagon cyber strategy released on Tuesday.
“The United States is challenged by malicious cyber actors who seek to exploit our technological vulnerabilities and undermine our military’s competitive edge,” the 2023 Department of Defense Cyber Strategy introduction reads. “They target our critical infrastructure and endanger the American people. Defending against and defeating these cyber threats is a Department of Defense imperative.”
While China poses a more serious and long-term threat, Pentagon officials are more immediately concerned with Russia.
Eastern Europe saw such attacks amid the ongoing war between Russia and Ukraine, where Russian military and intelligence units used a range of cyber attacks to disrupt Ukrainian military logistics, sabotage civilian infrastructure, and erode political will, the report reads.
POLITICO reported earlier this year that Russia launched 300 attacks against Ukraine’s security and defense sector, another 400 on various organizations ranging from commercial and financial to telecommunications and software, and 500 other attacks against government groups.
Although the efforts from Russian forces yielded limited results, the Pentagon report reads, it could make the U.S. and allied partners vulnerable to similar cyber attacks if Russia faces “a moment of crisis.”
DefenseNews reported that both countries have an arsenal of serious cyber threats toward national security. But a 2021 International Institute for Strategic Studies report placed China and Russia behind the U.S. in its cyber powerhouse rankings.
Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang told reporters that authorities identify China as the department’s “pacing challenge in the cyber domain and recognizes the significant threat that Russia poses in cyberspace,” but continues to monitor recent activities in Ukraine.
“I think prior to this conflict, there was a sense that cyber would have a much more decisive impact in warfare than what we experienced,” she said. “What this conflict has shown us is the importance of integrated cyber capabilities in and alongside other warfighting capabilities. And that is consistent with the approach in the [National Defense Strategy] on integrated deterrence and is an important lesson for us to think about — that cyber is a capability that is best used in concert with those others and may be of limited utility when used all by itself.”
The Chinese Communist Party sees superiority in cyberspace as core to its theories of victory, the report reads, adding that it has engaged in espionage and theft that compromised key defense networks and broader U.S. critical infrastructure.
In July, the Wall Street Journal reported that U.S. Commerce Secretary Gina Raimondo and senior officials at the State Department were victims of a Chinese hacking campaign that gained access to email accounts from roughly two dozen organizations that began on May 15 and went undetected until June 16.
During a conference in National Harbor in Maryland on September 11, retired Air Force brigadier general and former federal chief information security officer Gregory Touhill reportedly said that cyber and critical infrastructure issues everywhere — domestic and abroad — remain at the front and center of the minds of key senior leaders.
“We continue to see critical infrastructure as a target for cyber-enabled attacks, including things like denial-of-service, malicious software, ransomware, theft of intellectual property,” Touhill said. “We’re very concerned about that.”