Escalation in the Cyber Domain: U.S. Strategizes Deterrence Amid Chinese Infrastructure Intrusions

Executive Summary

The Senate Armed Services Committee has directed the Department of Defense to develop a full-spectrum strategy to deter Chinese cyber operations targeting U.S. critical infrastructure. This move reflects growing alarm over China’s increasingly aggressive cyber posture, especially activities by Volt Typhoon and Salt Typhoon, which threaten not only espionage but preemptive sabotage in the event of conflict over Taiwan.

Strategic Analysis

The United States is entering a new phase in cyber conflict as China escalates hybrid operations that shift from information theft to physical disruption. In response, the Senate Armed Services Committee has inserted a provision into the 2026 National Defense Authorization Act (NDAA) mandating the Department of Defense develop a robust deterrence strategy against cyberattacks on American infrastructure. This legislative push stems from the understanding that current deterrence frameworks are insufficient to counter the breadth and sophistication of Chinese cyber intrusions.

Chinese threat actors have evolved their tactics and objectives. Volt Typhoon, a state-backed group, infiltrated U.S. networks using “living off the land” techniques to burrow into infrastructure without detection. Their primary targets—water systems, ports, energy grids, and communications—suggest that China is not merely stealing data but preparing for digital warfare aimed at disabling U.S. mobilization capabilities in a future Taiwan conflict. Similarly, Salt Typhoon has infiltrated telecommunications networks, reportedly accessing the phones of senior U.S. officials, campaign staff, and millions of citizens. These acts represent strategic positioning in peacetime for control in wartime.

FBI Director Christopher Wray and other intelligence officials have issued dire warnings, calling China’s campaign “broad and unrelenting.” Officials cite evidence that these cyber actors are not only numerous—outnumbering FBI cyber agents 50 to 1—but are also patient, stealthy, and deeply embedded. These cyber units operate under both civilian and military umbrellas, blurring lines of attribution and accountability.

Compounding the threat, investigations from private cybersecurity firms such as Sophos reveal five years of persistent intrusions targeting edge network devices, firewalls, and cloud infrastructure, including novel malware and stealth persistence techniques. Chinese hackers have even been observed preparing firmware-level sabotage—indicating not just espionage, but capability to trigger kinetic effects through cyber means.

The broader implication is that China is laying digital landmines in the U.S. homeland, designed to detonate in the event of geopolitical escalation. Pre-positioning malware inside critical infrastructure—especially in Guam and the West Coast—suggests China’s strategy includes delaying or degrading the U.S. ability to respond to regional aggression in Asia. This concept of cyber preemption, long warned about by defense planners, is now manifesting in observable behavior.

In response, Congress is pushing for an integrated deterrence approach that involves offensive cyber capabilities, interagency coordination, and greater partnerships with the private sector. Officials have stressed that deterrence requires clear consequences—not just defensive hardening. The Trump administration’s cyber leadership, along with legislative allies, are advocating more aggressive cyber rules of engagement and operational readiness.

As this evolves, the stakes are rising. The question is no longer whether the U.S. can defend against cyber intrusions—but whether it can deter a peer adversary whose strategy views cyberspace as a primary domain of pre-conflict competition. Without a credible, visible, and enforceable deterrent policy, U.S. infrastructure remains vulnerable not only to intrusion, but to paralyzing disruption at the time of China’s choosing.

Sources

• DefenseScoop – Senate panel pushing DOD on strategy to deter Chinese cyber activity on critical infrastructure

• FBI – Chinese Government Poses ‘Broad and Unrelenting’ Threat to U.S. Critical Infrastructure

• Homeland Security Committee – China Attacked Us With Hackers. We Need to Hit Back Hard

• Industrial Cyber – Sophos Reports Five-Year Investigation into China-Based Cyber Threats

• Politico – DOJ announces charges, sanctions against 12 Chinese hackers for Treasury breaches