U.S. attempts to build an anti-China coalition will compel Beijing to expand its cyber campaign, leading to more cyberattacks on regional governments and Western corporations, particularly in strategic tech sectors. Cyber industrial espionage and coercive cyberattacks will be essential in limiting the fallout from global tech restrictions against China and undermining U.S. alliance-building. China will flirt with information campaigns in its periphery, but may struggle to weaponize such campaigns with the same success as Russia due to its inexperience and limited cultural overlap with Western countries. 

• The Microsoft Exchange hack discovered in March is estimated to have affected around 250,000 servers, allowing China to gather loads of both government and corporate data for intelligence purposes. The attack has also brought China’s cyber strategy into Washington’s view, much like the Russia-linked SolarWinds hack did when it was discovered in December. 
• The administration of U.S. President Joe Biden’s tense first meeting with Chinese officials in March has set the tone for continued frosty relations.  

Cyberattacks give China a degree of plausible deniability, and are one of many tools it uses to meet its strategic objectives. Beijing's willingness to carry out specific types of cyberattacks depends in part on its relationships with the United States and the international community. Broadly, China uses cyberattacks in pursuit of six different goals: traditional intelligence gathering, industrial espionage, monitoring dissidents and Chinese nationals abroad, coercion against governments and corporations, information warfare, and pre-positioning access to critical infrastructure. Chinese state-sponsored activity is prolific, but largely focuses on less disruptive activities — namely, intelligence gathering, industrial espionage and dissident monitoring/coercion. U.S. and Western policy shapes Beijing's need to achieve these specific goals, such as its need to coerce a foreign government or steal a certain trade secret due to U.S. restrictions on tech exports to China. 

But China also has other diplomatic tools at its disposal due to its economic heft that limit its need to use more destructive (and thus more escalatory) cyberattacks. This contrasts with more economically or diplomatically isolated countries like Iran, North Korea and Russia, which have fewer ways to achieve some of their strategic goals outside of more disruptive cyberattacks. China is also extremely concerned about retaliation that could provoke political unrest at home, increasing its aversion to adopting cyber strategies similar to other prolific global actors.

Beijing's need to acquire technology through industrial espionage, including via cyberattacks, will increase due to higher U.S. restrictions on technology exports to China. By imposing more restrictions, the United States effectively cuts off China's access to technology through more legitimate means of acquisition, such as partnering with foreign firms for research and development, licensing U.S. technology and importing high-tech goods. Historically, China's industrial espionage has focused on dual-use technologies like jet engines, which have always had higher export controls limiting technological diffusion. With the widening use of U.S. export controls to other sectors, China will seek to expand its industrial espionage activities to other emerging technologies that the United States may cut off its access to. This will spark more indictments and legal challenges from the United States and the West against Chinese hackers and informants involved. 

• There is bipartisan support in the United States for a hard-line stance against China, as illustrated by the near-unanimous support in Congress for both restrictions on China’s tech sector, as well as actions against human rights issues in China. 
• The Biden administration will likely further limit China’s access to critical technology through more export controls and sanctions. Tariffs against China are also likely to remain largely in place for the foreseeable future, as U.S. Trade Representative Katherine Tai has stated that tariffs give the United States leverage. 
• The Biden administration is also likely to continue aggressive legal action against Chinese individuals involved in cyberattacks. This, however, will have little impact on Chinese behavior, as such individuals have little-to-no overseas assets. China would also accept such sanctions as a cost of business. 

Coercive cyber tactics may become a more important part of China’s strategy if it fails to undermine the United States’ ability to build effective coalitions. Beijing will use both incentives and disincentives when trying to prevent the United States and like-minded countries from building an anti-China coalition. Historical evidence suggests China prefers using other forms of coercive diplomacy often, such as trade measures, as evidenced by the ongoing Australia-China trade war. But this may shift amid the recent increase in anti-China sentiment in the West, which may eventually force Beijing to resort to cyber coercion by making its more traditional forms of leverage less effective. Such a shift toward cyber tactics would likely be seen first in China's near abroad (such as India, Taiwan, Southeast Asia and the Korean Peninsula).  

• The high pace of Chinese cyber activity aimed at Australia amid the two countries’ various political spats and trade disputes since 2018 can serve a dual purpose: intelligence collection and coercion. 
• The Biden administration will attempt to increase international pressure and build potential alliances against China through increased cooperation in the South China Sea and the Taiwan Strait. On April 16, Biden is scheduled to visit Japan — which has one of the most powerful militaries in the region and supports Washington’s rejection of China’s South China Sea claims — to meet with Prime Minister Yoshihide Suga, marking Biden’s first meeting with a foreign leader since taking office.

China's own expansionary policies, combined with the U.S. focus on its periphery, will compel Beijing to take a more active stance in information warfare and information campaigns. Compared with Russia, China has not been as prolific in using cyber-based disinformation campaigns as a political weapon, in part due to an unwillingness to interfere in other countries' domestic politics. China’s deeper cultural differences with the West also make it more difficult to pull off such campaigns in the United States, Canada and Europe. Beijing is thus likely to first start using more information warfare tactics in Taiwan, where its cultural affinities are the closest, to shape sentiment toward mainland China and undermine political actors perceived as close to the United States. China may also consider more sophisticated cyber campaigns in its countries with a large ethnic Chinese population, including those in Southeast Asia. 

China will continue to expand intrusion campaigns against critical infrastructure and financial infrastructure in the event of conflict, but is unlikely to carry out destructive attacks via its access. Cyberattacks against an enemy’s infrastructure has become a necessity in cyber warfare in order to secure pre-position access to that system in case of a conflict. Although there are no agreed-on norms for hacking infrastructure during peacetime, in practice many countries have adopted such policies. The Biden administration's "defend forward" cyber policy means that the United States is likely to continue such preemptive activities, reinforcing China's need to also carry out such cyberattacks. Such Chinese attacks, however, have so far only reflected an intent to gain access to U.S. infrastructure, as there are no examples to date of China’s breaches causing any physical disruption or destruction to compromised systems. 

• Chinese hackers appear to have gained access to networks controlling India’s power grid in 2020. The New York Times recently suggested that a link between the power grid hack and the October 2020 Mumbai power failure, but the cybersecurity company Recorded Future has said such a connection was not substantiated based on current information. 

Western companies will increasingly be caught in China's diplomatic disputes with their home countries, and will not be immune or protected from Beijing's coercive tactics. China is using heavy-handed tactics on companies backing foreign governments' policies against China. In one such recent incident, H&M and other Western apparel companies found themselves in the middle of a dispute in March over boycotting Xianjing-produced cotton. Although coercive cyber activities against companies in retaliation for corporate policy have been rare, it cannot be ruled out if such boycotts and disputes between China and the West become more frequent. In addition to those with direct economic ties to Xianjing’s cotton industry, companies most at risk of being targeted by Beijing’s cyber tactics include those involved in the semiconductor value chain, the internet and aerospace firms, media outlets and iconic American brands and companies, like Nike. 

• Since the U.S. campaign against China’s tech sector and exports began, Beijing has laid the legal groundwork to directly target foreign companies more systematically outside of just cyber attacks. This includes the creation of an unreliable entities list in September, a new export control law in October and a new blocking statute in January that targets companies implementing foreign countries’ sanctions and export controls.