In 2023, unknown hackers conducted a sophisticated cyber-espionage campaign known as “Operation Triangulation,” and infiltrated iPhones used by high-value targets within the Russian government. Apple patched the underlying vulnerability, and the case seemed closed—but in late February, a former employee at a U.S. defense contractor was. to be judged up to 87 months in prison for supplying a Russian broker malware connected for the Trinity campaign. The same hacked infrastructure was used for many criminal campaigns.
This episode shows the reality of cyber conflict: Even the best cyber capabilities are rarely controlled, and once exposed, they move quickly through contractors, brokers, and criminal networks. Previous leaks of suspected US-made cyber tools—and Shadow Brokers group and others—have shown how quickly sophisticated capabilities spread among rival intelligence services and criminal networks.
In 2023, unknown hackers conducted a sophisticated cyber-espionage campaign known as “Operation Triangulation,” and infiltrated iPhones used by high-value targets within the Russian government. Apple patched the underlying vulnerability, and the case seemed closed—but in late February, a former employee at a U.S. defense contractor was. to be judged up to 87 months in prison for supplying a Russian broker malware connected for the Trinity campaign. The same hacked infrastructure was used for many criminal campaigns.
This episode shows the reality of cyber conflict: Even the best cyber capabilities are rarely controlled, and once exposed, they move quickly through contractors, brokers, and criminal networks. Previous leaks of suspected US-made cyber tools—and Shadow Brokers group and others—have shown how quickly sophisticated capabilities spread among rival intelligence services and criminal networks.
Still six pillars of US President Donald Trump national internet strategyreleased on March 6, twice under this risk, lift offensive internet activity as Washington’s main deterrent. It is a risky gamble-that Beijing, which has emerged as a game the arch enemy of the internet for the United States, it will not only be seen as an increase but also as a justification of its weakening posture.
Finally, the strategy risks spreading dangerous capabilities to more countries and non-state actors; increases the likelihood of wrongdoing and retaliation based on misunderstandings; and makes the global network more aggressive, congested, and unstable.
China has been changing his willingness to take risks through cyber activity—and his ability to withstand the ensuing retaliation—for more than a decade. In recent years, however, Chinese cyber activities have taken on an increasingly strategic nature, moving beyond the theft of intellectual property towards political or military predation and signaling. Chinese cyber actors are entrenched in critical US national infrastructure and supply chains, ready to use their weapons if tensions escalate.
The “Hurricanes“—hacker groups within the Chinese government and military—have demonstrated this strategic shift in cyber operations. Between 2021 and 2023, the “Volt Typhoon” group, linked to the People’s Liberation Army (PLA), infiltrated US naval bases in the Pacific, gaining real-time access to US counterintelligence and signaling a disruption of US capabilities in response to events in Beijing. on Taiwan Western officials they say Chinese diplomats have just given weak denial of PLA involvement, underscoring Beijing’s growing confidence that it can operate in cyberspace with impunity.
The Ministry of State Security (MSS), China’s foreign intelligence arm, pursued a similar approach through the “Salt Typhoon,” a collection of hacker groups believed to be under its federal command. Its ongoing cyber operations have infiltrated US communications networks, giving MSS the ability to disrupt data flows and exfiltrate sensitive customer information. Salt Cyclone has it too affected US congressional staff, which MSS can use for counterintelligence on US political discourse. Taken together, the Hurricanes show that Beijing is using cyber operations not only for espionage, but also to signal that it has a growing ability to compromise, distort, and reshape Washington’s political and military goals.
As a result, the first pillar of Trump’s new cyber strategy – called “Shape Adversary Behavior” – attempts to restore deterrence through offensive cyber operations by creating a “real threat to adversaries who wish to harm” the United States. But Beijing already sees the Internet as a strategic competitive arenaand a tougher US stance will only strengthen the model China has been building for years.
And, most importantly, the strategy reflects a misunderstanding of how deterrence works in the current environment. Conventional deterrence, developed in the nuclear age and based on the idea that clearly expressed threats of retaliation can deter adversaries from taking action, works best when adversaries are visible and threats are credible. These conditions are rare in cyberspace, where threats travel through an interdependent, supply chain where delivery is static and no single actor controls escalation or consequences. As a result, the classic blocking model breaks down.
The second pillar of the US cyber strategy, called “Promoting Common Sense Control,” is even more attractive to Beijing. Expressing a desire to “improve” cyber and data regulations to “reduce compliance burdens, address liabilities, and better plan regulators and industries around the world,” what is presented as “common sense regulation” is a calculated appeal to the private sector that sees cyber security as an endless cost with limited revenue. By signaling an abandonment of mandatory and strict compliance systems, the administration is offering a regulatory relief that doubles as a national security risk.
Internet control needs to be simplified. The regulatory landscape is complex, fragmented, and prohibitively expensive for small and medium-sized businesses that pay regulatory fees as a “license to operate” while being excluded from competition for government contracts. But deregulation, if that’s what “common sense” intends, is no guarantor of better cyber security. There is no evidence that the savings promised by “common sense” will be invested in cyber security. Left to the interpretation of the private sector, the second pillar of the Internet strategy risks the trade-off of long-term structural stability for short-term political and economic goodwill from business.
In practice, therefore, this second pillar weakens internal defenses just as the first pillar invites aggression. While some sectors will jump at the opportunity to deregulate, and others will be left to determine their own bottom line in the absence of lower compliance burdens, Trump’s approach will have to contend with the uncomfortable reality that sectors and industries are connected through large, complex, and interdependent technology supply chains, where one weakness in the less powerful. Hackers only need to compromise industries with lax cyber regulations or companies that are no longer responsible for following basic security practices. From there, integrated technology supply chains give them a place in the rest.
Nowhere has this lesson been clearer than in 2020 The SolarWinds breach. What started as an actor linked to the Russian government disrupting a small supplier ended up targeting thousands of high-value targets, including Microsoft. But SolarWinds demonstrated a long-term strategy: The MSS hacker system has been targeting supply chains in general since at least 2013. Beijing learned that prioritizing more stealthy and scalable attacks through supply intermediaries was the best way to achieve multiple targets at the same time. Since then, this pattern has only grown, and many of the service providers that manage most of the US business have been facing constant upheavals.
While the rest of Trump’s strategy seems to point to this trend, it fails to recognize its extent. The third and fourth pillars acknowledge the need to modernize government technology and protect critical infrastructure. The fifth takes the familiar tone of power projections, announcing the goal of protecting the “national intellectual interest,” American artificial intelligence, and the administration’s bets on cryptocurrency and blockchains; the sixth focuses on talent and skill base building. These last two pillars will be of particular interest to Beijing, which has created a national ecosystem in recent years.
The results extend beyond bilateral tensions between Washington and Beijing. Abandoning the cyber regulations that the United States has spent decades developing is a signal to both emerging nations that are expanding their cyber capabilities and the multi-trillion cybercrime industry. As Washington adjusts to an offensive-first strategy, rising powers will seize the opportunity to emulate this in their operations. The power of the exposed internet, used for government-level operations and worth hundreds of millions, will expand beyond government control through an ecosystem of ransomware gangs, brokers and moonlighting spies.
Operation Triangulation has exposed this volatile cyberspace over the past three years; The new internet strategy only fuels this volatility.
For sure, it’s hard not to sympathize with the hawks in the administration who want to “cheat.” Despite the Department of Justice prosecution, restrictions, Internet crime deals, diplomatic exchangeand doctrinal changeWashington has so far failed to curb China’s cyber activities.
The hurricanes, however, were a missed opportunity for Washington to recognize the magnitude of the threat and prioritize the stability of critical US infrastructure. A bold cyber strategy could put any first-strike stance in a strategic context—continuing to limit the gains Beijing could make from cyber aggression while undermining MSS’s confidence in the long-term viability of its hacking system. But such an approach requires a defensive base to be successful.
Perhaps the biggest tragedy of this new Internet strategy is that this regime already has the necessary elements for its first mistake – to have a real bite. Cyber security has become an industry triumph, with the US cyber security industry dominating part of the global market and predicted to more than double in size by 2034.
The administration also inherited a large share of talent. It shot itself in the foot, however, by cleaning the dam. The now-defunct Cybersecurity Review Board has not been replaced. The new head of the National Security Agency and America’s Cyber Command was confirmed in March. Top internet experts have been kicked out of office. The Cybersecurity and Infrastructure Agency is a shadow of its former self, and others two thirds of its employees being fired or fired. And the new Internet strategy was overseen by National Internet Director Sean Cairncross, a former CEO of the Republican National Committee with little Internet knowledge. A few voices are now stressing the importance of cyber security above.
Washington believes that offensive cyber power will restore deterrence. But in practice, especially when combined with a push for deregulation, it could increase the proliferation, complexity, and strategic instability that adversaries such as China have already learned to exploit.
