Analysis: China and Russia Leverage U.S. Cyber Policy Flaws for Strategic Gain
A recent report from the McCrary Institute for Cyber and Critical Infrastructure Security argues that the United States needs to adopt a more aggressive stance against the growing cyber threats from China and Russia. The analysis critiques Washington’s current strategies as inadequate for the realities of ongoing cyber competition.
According to the institute, the U.S. is not fully equipped to contend with sustained, offensive cyber operations from these adversaries. The report highlights a need for a fundamental shift in U.S. cyber policy, which has evolved too gradually and reactively. As a result, the operational frameworks and legal authorities in place are mismatched with a landscape characterized by unceasing competition.
The authors assert that both Beijing and Moscow perceive cyberspace as a battleground for national interests. While the U.S. remains tied to frameworks designed for episodic engagements, the report emphasizes that China is particularly strategic in its cyber efforts, focusing on long-term access to vital U.S. infrastructure for potential disruption during crises.
“In a domain where speed and ambiguity prevail, delays and gradual changes are strategic decisions in themselves,” the researchers warned. The report suggests that the future of U.S. cyber capabilities hinges on immediate choices regarding organizational hierarchy and operational doctrine.
Russia has demonstrated operational ambition by integrating cyber tactics into its military activities, especially during its invasion of Ukraine, utilizing disruptive cyber attacks alongside misinformation campaigns. This operational integration reflects a broader trend where adversaries are actively defining the cyber landscape to their advantage.
Moreover, the report raises concerns about America’s risk of remaining in a reactive posture while adversaries manipulate the cyber domain as they see fit. It cites long-standing tensions between military and intelligence agencies as obstacles complicating the planning and execution of cyber operations.
The document also points out the intertwined responsibilities of the National Security Agency (NSA) and U.S. Cyber Command, describing this dual-hat arrangement as a source of significant synergies but also notable friction that complicates mission prioritization and resource allocation.
The authors advocate for modernizing the legal frameworks governing cyber operations. They believe that a comprehensive overhaul would enable the U.S. to establish greater unpredictability and operational costs for adversaries, who currently enjoy disproportionate advantages in the cyber realm.
The report emphasizes that simply adopting a defensive posture is insufficient in a landscape where adversaries maintain the initiative and exploit asymmetries to their benefit. In financial terms, the economic implications of cyber threats are increasingly significant, calling for immediate and robust action from U.S. stakeholders.
