New Biden Cyber Strategy Takes Aim at China as ‘Most Persistent Threat’

The Biden administration’s new cybersecurity strategy takes aim at China’s communist regime and other authoritarian powers for subverting the international order through malign cyberactivity.

The 2023 National Cyber Strategy, released on March 2, says that communist China and other regimes are attempting to export their own forms of authoritarianism through the use of technology.

“The governments of China, Russia, Iran, North Korea, and other autocratic states with revisionist intent are aggressively using advanced cyber capabilities to pursue objectives that run counter to our interests and broadly accepted international norms,” the strategy states.

“Their reckless disregard for the rule of law and human rights in cyberspace is threatening U.S. national security and economic prosperity.”

China in particular is threatening U.S. interests and dominating emerging technologies critical to global development with the intent of reshaping the world order, the document states.

“[China] now presents the broadest, most active, and most persistent threat to both government and private sector networks and is the only country with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do so.”

This new posture, according to the strategy, will integrate cyber, diplomatic, military, intelligence, law enforcement, and other capabilities to target threat actors and remove them from play.

“The United States will use all instruments of national power to disrupt and dismantle threat actors whose actions threaten our interests,” the strategy states.

“These efforts may integrate diplomatic, information, military (both kinetic and cyber), financial, intelligence, and law enforcement capabilities.”

Such integration will bring the United States’ cybersecurity strategy to more closely resemble the whole-of-society approach being implemented by China and other powers.

The purpose of such an expansive and integrated system, the document says, is to ensure that malign actors are “incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States.”

Likewise, the strategy seeks to expand the role of the federal government in other ways, including taking a more assertive role in directing the market by federalizing some spending and increasing security regulations and liability laws.

To that end, the strategy is deliberately crafted as an evolution of the cyber framework first established by the Trump administration’s strategy in 2018 and “continues momentum on many of its priorities, including the collaborative defense of the digital ecosystem.”

As such, the strategy seeks to take a more aggressive stance on cyber threats to national security and will now classify ransomware attacks as national security threats as opposed to mere criminal challenges, paving the way for a greater range of responses to such threats, including through coordination with international partners.

The strategy will likewise make fundamental changes to the minimum security requirements for technologies and systems used by vital sectors such as oil and natural gas pipelines, aviation, railways, and water systems.

Moreover, by leveraging international coalitions and partnerships among like-minded nations and working with allies on shared standards of security, reliability, and privacy, the strategy says, the United States can effectively counter the CCP and other malign actors while promoting a more free technosphere.

“We must make fundamental changes to the underlying dynamics of the digital ecosystem, shifting the advantage to its defenders and perpetually frustrating the forces that would threaten it,” the strategy states.

“People and technology are increasingly linked, further enabling the very best, as well as the worst, of humanity.”