American cyber brass calls for retaliatory strikes against China, but is the US really ready?


In the wake of the Salt Typhoon attacks that compromised most of the major telecommunications providers in the US, many in the upper echelons of power are pushing for offensive cyber operations against China.
The move would model a tit-for-tat strategy, in that China has struck the US, so the US should strike China, and vice-versa until they stop.
The difficulty with that strategy, as legendary threat intelligence analyst Marcus Hutchins explains, is that the US is woefully under regulated and underprepared for any escalation of cyber warfare with China.
No scope for cyber war
Despite China’s claims that Volt Typhoon is actually a CIA asset, there is fairly reliable evidence to suggest that all of the ‘typhoon’ groups are Chinese state-sponsored actors, and it was Salt Typhoon that breached the US telecommunications networks by targeting and exploiting systems put in place under the Communications Assistance for Law Enforcement Act, (or CALEA for short).
This act, introduced in 1994, saw all major communications networks have ‘backdoors’ installed to monitor the communications of criminals.
However, as John Ackerly, CEO and co-founder of Virtru told me, “It’s the same doors that the good guys use, that the bad guys can walk through,” – and walk through they did.
Hutchins writes that while the US certainly has the capability to launch offensive cyber operations on China, and would likely see success, the US is not prepared for the retaliation-in-turn that would come next.
For example, US critical infrastructure is woefully underequipped to protect against cyber attacks and relies heavily on outdated tech that in some cases hasn’t received an update in over a decade.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
China and its Typhoons have been mapping this infrastructure for years, probing the defences and checking responses and recovery plans with small scale attacks in preparation for a much bigger strike that could be used should a hot conflict erupt between the two super powers.
But equally, Hutchins argues, this large scale attack would be just as effective as a response to US cyber offensives in China, and it can’t be patched any time soon.
Thanks to a lack of federal regulations governing cybersecurity in the US, the private sector has been largely left to its own devices to protect itself from cyber attacks, and Hutchins duly notes that its often cheaper for a company to ignore a cyber intrusion than it is to chase them down and evict them from the network.
It’s also cheaper to continue using outdated tech to run systems than to spend billions of dollars replacing everything and training your staff to operate new systems. Who could’ve guessed that the private sector wouldn’t regulate itself?
Now throw into the mix a smattering of federal bodies that, because they are modelled on the US separation of powers, must rely on each other to get anything done.
As Hutchins puts it, “Ultimately, cybersecurity in the United States feels like trying to put together a puzzle; except, there’s no picture on the box, each piece has been distributed to a random entity, half of the entities aren’t even willing to disclose that they have any puzzle pieces, and nobody is sure who’s actually supposed to be the one building the puzzle.”
What’s more, China’s own regulations for cybersecurity at both the state and private sector levels are fairly robust, and have been for many years more than the US can hope to catch up to.
Convincing an administration to establish a body with complete cyber-regulatory oversight in the age of DOGE is one thing, convincing the private sector to spend the ever increasing billions to give their networks even a fighting chance at being resilient is another.
“Personally, I think that trying to deter China through offensive cyber operations would not only be unsuccessful, but also a huge mistake,” Hutchins concludes. “I am not arguing that the US should bow down to China, or that it should not be able to defend itself, only that increasing offense[ive] cyber operations without the defencive capabilities to back them up, is a horrible idea.”
You might also like
In the wake of the Salt Typhoon attacks that compromised most of the major telecommunications providers in the US, many in the upper echelons of power are pushing for offensive cyber operations against China. The move would model a tit-for-tat strategy, in that China has struck the US, so the…
Recent Posts
- American cyber brass calls for retaliatory strikes against China, but is the US really ready?
- Here’s the world’s first mobile Wi-Fi 7 router, and I can’t believe how ridiculously cheap it is
- Thousands of federal health workers are losing their jobs in the US
- All of the updates about OpenAI
- Keanu Reeves is coming back for John Wick 5
Archives
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011
- August 2010