Battlefield Cyber

1. Cyber Warfare is a "Digital Gray Zone" Exploiting Openness.

Unlike Western democracies, which closely adhere to international norms in cyberspace, these adversaries understand cyberspace for what it truly is: a battlefield.

A new battlefield. Cyberspace has become a primary arena for geopolitical competition, with China and Russia exploiting its digital highways to undermine American democracy and national security. These authoritarian regimes view cyberspace as a battlefield, not a realm for international norms, engaging in espionage, data theft, and positioning for future attacks on critical infrastructure. Their strategies are carefully calibrated to operate in a "digital gray zone," below the threshold of armed conflict, making a forceful U.S. military response difficult.

Subtle, persistent attacks. Adversaries avoid overt assaults like a "cyber Pearl Harbor" in favor of a long-term, numbing strategy. They establish "persistent access" within American systems, sometimes for years undetected, aiming to disrupt and colonize. Russia often makes more "noise" and seeks to disrupt, while China is "completely embedded" and aims to colonize, reflecting distinct but converging strategies to erode faith in democratic institutions.

Exploiting openness. The inherent openness of democracies, a core vulnerability, is actively exploited. Adversaries use social media to deepen ideological divides, fan ethnic tensions, interfere in elections, and sow confusion on critical issues like COVID-19 origins or human rights abuses. This multi-pronged approach, including massive propaganda spending on U.S. platforms, aims to subvert the very concept of democracy.

2. Ransomware and Digital Proxies Weaponize Cybercrime.

One thing is clear: We are at war—a new kind of war we have been slow to comprehend.

Ransomware pandemic. Ransomware has become a prolific form of cyberattack, with Russian-affiliated groups responsible for the vast majority of global incidents and revenue. These groups, like Conti, operate with a "ransomware-as-a-service" (RaaS) model, providing tools and platforms to affiliates (from script kiddies to state-sponsored actors) in exchange for a percentage of the ransom. This gig economy approach to cybercrime allows relatively unsophisticated hackers to conduct devastating attacks.

Dark web ecosystem. The dark web, accessible via tools like Tor, hosts forums and marketplaces where RaaS groups recruit affiliates, exchange information, and sell illicit cyber tools. This anonymous environment facilitates the initial compromise of networks, often through spear phishing or exploiting weak authentication. Once inside, attackers patiently exfiltrate critical data before deploying ransomware, maximizing pressure for payment.

State-sponsored proxies. Russia, in particular, integrates criminal enterprises into its strategic cyber warfare campaigns, offering protection from law enforcement in exchange for aligning with Kremlin objectives. This "letters of marque and reprisal" model allows Russia plausible deniability while inflicting significant economic and sociopolitical damage. The increasing targeting of critical infrastructure by these groups, sometimes with advanced state-developed malware, elevates ransomware from a criminal threat to a national security concern.

3. China's IP Theft and Data Collection Fuel Global Hegemony.

The Chinese government, in particular, is also engaged in a massive campaign of technology theft targeting American companies and organizations.

Systematic IP theft. China's cyber espionage, exemplified by the Nortel Networks hack, represents the "greatest transfer of wealth in history." Through persistent network penetrations, human espionage, and predatory investments, Chinese entities—including the People's Liberation Army (PLA) Unit 61398 and the Ministry of State Security (MSS)—systematically steal intellectual property and trade secrets. This allows Chinese companies like Huawei to leapfrog Western technological development, saving immense R&D costs and gaining a competitive edge.

Data as the new oil. China's Digital Silk Road strategy centers on massive data collection, viewing data as a strategic commodity. Hacks like those on the Office of Personnel Management (OPM), United Airlines, Marriott, and Equifax have compromised personal information of millions of Americans, including security clearance details, travel records, and financial histories. This data is used to:

• Construct detailed profiles of prominent individuals.
• Identify intelligence officers and military personnel.
• Understand "pattern of life" and financial vulnerabilities for recruitment or blackmail.

Exploiting legal frameworks and tech. China's Multi-Level Protection System (MLPS 2.0) compels foreign companies operating in China to grant the government unfettered access to their networks and data. Chinese apps like TikTok and WeChat, with their Chinese-written algorithms and server access, collect vast amounts of user data, including biometrics and keystrokes, which are accessible to Chinese intelligence services. This systematic collection, combined with advanced AI and machine learning, aims to provide real-time insights into American decision-making and societal dynamics, cementing Chinese control over global data flows.

4. Software and Cloud Vulnerabilities Are Systemic Weaknesses.

The internet is a house of cards, to be perfectly frank.

Inherent software insecurity. America's software is "unequivocally, no" safe, a consequence of prioritizing "nifty cool" usability over security. The internet's borderless nature and the rush to market have led to systems built on a patchwork of open-source code, often with known vulnerabilities. Software developers routinely borrow code from public repositories, making the entire ecosystem susceptible to "repository poisoning" or supply-chain attacks like Log4j, SolarWinds, and Microsoft Exchange.

The "Log4Shell" crisis. The Log4j vulnerability, Log4Shell, exposed how a single piece of widely used open-source logging software could create a "nuclear bomb exploding in cyberspace," affecting millions of devices and critical services. This incident highlighted:

• The pervasive use of unowned, volunteer-maintained open-source components.
• The difficulty of patching vulnerabilities across complex, interconnected systems.
• The speed with which adversaries (like Chinese hackers) exploit newly discovered flaws.

Cloud computing's false promise. While cloud computing offers efficiencies and improved security for many organizations, it is not a panacea. Public clouds, where multiple "tenants" share resources, can harbor "cross-tenant vulnerabilities" that allow attackers to "hop" from one company's system to another. The cloud is only as secure as its weakest link, often the user's access point, making it a highly attractive target for adversaries who can subscribe to services and operate within the cloud's perimeter.

5. Malign Influence Campaigns Exploit Societal Divisions.

Adding just a little bit of kerosene to the flame can ignite massive social disruption.

Weaponizing social media. Russia and China masterfully use social media to sow discord, undermine trust in institutions, and exacerbate existing societal divisions. Algorithms designed to keep users engaged in echo chambers inadvertently amplify extreme views, making populations more susceptible to foreign influence. Adversaries create fake accounts, bots, and even opposing personas to fan the flames of partisan conflict, as seen in the 2016 U.S. election and the Women's March.

Russia's "active measures." Russia's Internet Research Agency (IRA) and intelligence services employ "active measures" to spread disinformation, targeting "wedge issues" like gun control, race relations, and abortion. They craft narratives to diminish U.S. influence and promote Russian interests, often finding common cause with right-wing media personalities. This strategy aims to deepen polarization, weaken the U.S. economy, and erode faith in government, with Russian state television openly discussing plans to "amplify the divisions" in American society.

China's "global discourse." China seeks to "tell China's story well" and replace Western narratives with its own, often amplifying Russian propaganda. Chinese government entities use fake accounts, bots, and paid influencers on platforms like Twitter and Facebook (which are banned in China) to:

• Promote pro-Beijing narratives (e.g., Winter Olympics, Uighur "happiness").
• Discredit critics (e.g., COVID-19 origins).
• Manipulate search engine rankings ("black-hat SEO").
• Potentially mobilize real-world protests, as seen in experiments targeting Asian Americans.

6. America's Defense Supply Chain is Deeply Compromised.

Our military superiority is under direct attack from our most sophisticated adversaries—nations whose cyber actors continuously target the very industry that powers the U.S. military’s technological advantage.

Eroding military advantage. The U.S. defense industrial base (DIB), comprising over 300,000 companies, faces "sustained and increasing threats of intellectual property theft, economic espionage, and ransomware hacks." China, in particular, has systematically targeted the DIB to modernize its military, acquiring weapons "five to six times" faster than the U.S. Department of Defense. This has led to China fielding near-carbon copies of advanced U.S. weapon systems.

"Military-civil fusion." China's "military-civil fusion" strategy means that any technology or information developed or possessed by Chinese entities, whether state-owned or private, can be leveraged by the People's Liberation Army (PLA). This centralized approach allows the PLA to bypass R&D phases, rapidly commercialize stolen ideas, and integrate them into its military. Examples include:

• The Fujian aircraft carrier, resembling the U.S. Gerald R. Ford class, with electromagnetic catapults.
• Fifth-generation fighters like the J-20 and J-31, based on stolen F-35 and F-22 designs.
• The Y-20 military transport, a copy of the C-17 Globemaster III.

Vulnerable supply chain. The Pentagon's inability to audit its vast, multi-tiered supply chain, especially smaller subcontractors, creates critical vulnerabilities. Chinese hackers exploit these weaknesses to insert backdoors into military technologies, potentially enabling cyberattacks against U.S. ships, aircraft, and communications systems during a conflict. The use of Chinese telecommunications equipment near U.S. military bases and the pervasive use of apps like TikTok by service members further expose sensitive information and troop movements.

7. Corporate America's Addiction to China Undermines Security.

If your market in China is bigger than it is in the United States, which is the case for many major U.S. multinationals, and the China market is much more of a future market than others, Xi Jinping may be more important to you than Joe Biden from a business standpoint.

The Faustian bargain. Decades of globalization have deeply entrenched American companies in China, creating an "addiction" to its vast market and manufacturing capabilities. Many CEOs prioritize short-term profits and market access over national security concerns, often complying with Chinese government demands for censorship, data access, and technology sharing. This creates a profound conflict of interest, as companies like Apple have made compromises that make it "nearly impossible...to stop the Chinese government from gaining access to the emails, photos, documents, contacts, and locations of millions of Chinese residents."

Strategic vulnerabilities. This dependence creates strategic vulnerabilities for the U.S. in critical sectors like semiconductors. China, the largest market for chip equipment, actively seeks to acquire advanced manufacturing capabilities and design tools. U.S. companies, driven by profit, have invested in China's semiconductor industry, inadvertently helping it advance. This "dual use" nature of technology means civilian sales can directly benefit the PLA, making it difficult to control the flow of sensitive tech without exiting the Chinese market entirely.

The cost of "rebalancing." While a "retreat from globalization" is not feasible, a "rebalancing" is necessary to ease dependence on China. This involves:

• Diversifying manufacturing footprints (e.g., Apple's slow shift to Vietnam and India).
• Rigorous enforcement of laws like the Uyghur Forced Labor Prevention Act, which could disrupt global supply chains.
• Re-evaluating the "total cost of ownership" to account for geopolitical risks, logistics, and coordination costs, making reshoring more attractive.

8. Reining in Big Tech Requires Accountability and Regulation.

If you tell an industry you’re not going to be held liable for any known harms on your platform, we shouldn’t be surprised that they behave irresponsibly.

Accountability deficit. Social media giants, despite their immense influence, operate with a significant accountability deficit. Section 230 of the Communications Decency Act, originally intended to foster internet growth, now provides broad immunity to platforms for user-generated content, even when they fail to address foreseeable harms. This has allowed the proliferation of fake accounts, hate speech, and foreign disinformation campaigns, as platforms prioritize user growth and advertising revenue over content integrity.

Reforming Section 230. To address this, Section 230 needs reform. Options include:

• Requiring platforms to take "reasonable steps" to protect users, allowing courts to define "reasonable" based on tort law.
• Mandating mechanisms for users to voluntarily authenticate their identities, allowing market forces to favor verified accounts.
• Embracing "middleware" tools like NewsGuard that give users more control over their content feeds.
• Enacting legislation like the SAFE TECH Act to hold platforms accountable for cyberstalking, harassment, and discrimination.

Curbing foreign influence. The Foreign Agent Registration Act (FARA) should be enforced on the internet, requiring clear labeling of foreign government advertising and content on social media. This would counter the imbalance where Chinese and Russian state media propagate misinformation on U.S. platforms while their own citizens are blocked from accessing American media. Furthermore, Chinese social media platforms like TikTok and Zoom, which are tools for espionage and surveillance, should be banned from the American market on national security grounds.

9. Re-architecting Security Demands a "Zero Trust" Mindset.

The perimeter is everywhere. Every user presents a risk, every device presents a risk, every data transaction presents a potential risk, and it’s all transiting an inherently dangerous environment.

Beyond perimeter defense. The traditional "castle and moat" model of cybersecurity, focused on defending a network perimeter, has "categorically failed." With ubiquitous internet access, mobile devices, and cloud computing, the perimeter has evaporated. A new approach, "zero trust," is essential: no person, device, or network should be inherently trusted. Instead, every entity must be continuously verified and secured.

Micro-segmentation and isolation. The new architecture requires breaking down computing systems into smaller, isolated "micro-segments." This means:

• Each entity (person, device, data) is enveloped in "secure cocoons" with individual security controls.
• Limiting lateral movement for attackers even if they breach one segment.
• Reducing the "attack surface" by minimizing points of contact with the open internet.

Secure software development. A fundamental shift is needed in how software is built. Developers must prioritize security from the outset, eliminating known vulnerabilities before products are released. This requires:

• Moving away from "monolith" software to more secure "microservices" architectures.
• Instituting a licensing system for software engineers to ensure adherence to high standards.
• Rethinking the inclusion of administrative tools like PowerShell as default features, as they are often exploited by attackers "living off the land."

10. Government Needs Sweeping Organizational and Legal Reforms.

The federal government is tying itself in knots trying to determine which agency has the lead role and what information can be shared with whom—greatly hindering any sort of “real-time” government support.

Fragmented cyber efforts. The U.S. federal government's cybersecurity efforts are fragmented across over 100 departments and agencies, leading to inefficiencies, information silos, and redundant missions. This organizational construct, designed for the physical world, is ill-suited for the borderless cyber domain. Agencies compete for funding, and critical cybersecurity priorities are often under-resourced or overlooked, especially in non-cyber-focused departments.

Proposed organizational overhaul:

• Elevate CISA to a cabinet-level Department of Digital Services, led by the National Cyber Director. This would consolidate national strategy, oversight, and enforcement, absorbing roles from NIST, CFIUS, and Commerce's export controls. It would also establish a federally chartered venture-capital firm for critical technologies and manage a National Digital Reserve Corps.
• Establish a U.S. Cyber Force, with an active component modeled on the Coast Guard and a reserve component (Cyber National Guard) akin to the National Guard. This force would possess combined military, law enforcement, and intelligence authorities to respond to cyber threats, both domestically and abroad, without the current jurisdictional limitations.

Legislative imperatives. Congress must shift its focus from annual defense budget riders to comprehensive cyber legislation. Key areas include:

• Workforce development: Extend and amend the Cybersecurity Workforce Assessment Act for better data, establish a Digital Services Academy for continuous training, and address compensation disparities.
• Digital equity: Combat "digital redlining" by requiring internet service providers to report coverage and rates, and subsidize high-speed internet access in underserved communities.
• International law: Aggressively pursue modernization of international cyber law with techno-democracies, allowing for the "accumulation of events theory" to justify more forceful responses to persistent gray-zone cyber warfare.

11. Collective Defense Requires Unprecedented Public-Private Partnership.

The belief that everyone can work unilaterally through their own mechanisms to secure their individual networks is not only unrealistic but also incredibly dangerous.

A "War Production Board" for cyber. The scale of the cyber threat demands a national mobilization akin to the World War II War Production Board, fostering unprecedented public-private collaboration. The current slow progress in information sharing and joint defense planning is unacceptable, as the government and private sector are inextricably linked in cyberspace. The SolarWinds compromise starkly demonstrated that independent network security is a dangerous illusion.

Bridging the information gap. Effective collaboration requires:

• Rapid, two-way information exchange: Beyond unclassified data, a process for sharing classified threat intelligence with trusted private-sector analysts is crucial. Government has "insight into what an adversary is doing," while the private sector has "insight into why they're doing it."
• Joint collaborative environments: Initiatives like CISA's Joint Cyber Defense Collaborative (JCDC) are a start, but need to move beyond mere discussion to real-time data exchange and joint threat analysis.

Incentivizing private sector action. The private sector, driven by profit, needs new incentives beyond patriotism. Government should:

• Establish a "marketplace" of certified cybersecurity vendors: This would set heightened standards for DIB and critical infrastructure cybersecurity, ensuring vendors can handle sensitive data and share threat information with the government. This leverages market forces to improve national cybersecurity.
• Fund critical infrastructure resilience: Where redundancy (e.g., in power grids) is vital for national security but not commercially viable, the government should co-fund its construction, with the private sector maintaining it.

12. Education and Political Cohesion Are Essential for Future Resilience.

This is the existential question of our generation: can the American democratic capitalist system, along with its techno-democratic allies, prevail over an authoritarian axis?

Preparing for the metaverse. The coming technological surge, driven by AI, augmented reality, and virtual reality, will create a "fully immersive biophysical and psychological environment" in the metaverse. This new frontier presents unprecedented opportunities for foreign penetration, disinformation, and psychological manipulation, with no existing policy framework or "guardrails." Preparing for this requires proactive policy development and public awareness.

Rebooting education. A national reboot of the American educational system is critical to building cyber resilience. This includes:

• Cyber literacy: Integrating coding, cybersecurity skills, and digital citizenship into K-12 curricula.
• Critical thinking: Teaching students to discern reliable information from disinformation, especially on social media.
• Workforce development: Shifting resources towards vocational and community colleges for technical training, enhancing foreign language programs, and fostering interest in STEM fields among underrepresented groups.

Restoring the political center. America's political polarization, exacerbated by social media and foreign adversaries, hinders its ability to take rational action on national security. Recent bipartisan efforts, such as the CHIPS and Science Act and NATO expansion, offer hope that a political center can be reestablished. This requires:

• Political leaders dedicated to solutions over wedge issues.
• Less corruption and undue corporate influence in Congress.
• A unified understanding that national security, including cybersecurity, transcends partisan divides.

Last updated: September 2, 2025