The Dangerous War We Don't See | Opinion

On Monday, the Biden administration formally blamed China for a massive cyberattack against Microsoft's email software that impacted tens of thousands of U.S. businesses, government offices and schools.

In response to this attack, the Biden administration opted for the "name and shame" approach by calling out China and publicizing an advisory list of more than 50 different tactics Chinese hackers use to target the United States. One can imagine Xi Jinping and his dictatorship were not very shaken by being "named and shamed." They will accept that swap of action for words any day.

During Monday's press conference, President Biden revealed how weakly he is responding to the real threat of cyberwarfare—and that he fundamentally misunderstands what the United States is up against.

President Biden said, "The Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it and maybe even accommodating them being able to do it."

First, let's be clear: citing senior officials, the Wall Street Journal reported on Monday that "The U.S. government has high confidence that hackers tied to the Ministry of State Security, or MSS, carried out the unusually indiscriminate hack of Microsoft Exchange Server software that emerged in March." China's Ministry of State Security is the equivalent of a combined CIA and FBI that is under the control of the Chinese Communist Party (whose power supersedes the government). There is no systematic activity happening in China that contradicts the wishes of Xi and the Chinese Communist Party.

Second, President Biden's overt response to this attack is not proportionate to the severity of the breach. After the SolarWinds attack gave Russia's Foreign Intelligence Service hackers access to as many as 18,000 SolarWinds customers, including nearly a dozen U.S. government agencies, President Biden responded with sanctions and the expulsion of Russian diplomats.

But this more recent Microsoft hack was significantly more serious than the SolarWinds infiltration. Speaking to the Wall Street Journal, Dmitri Alperovitch, chairman of Silverado Policy Accelerator, said "The Microsoft Exchange hacks by MSS contractors is the most reckless cyber operation we have yet seen from the Chinese actors—much more dangerous than the Russian SolarWinds hacks."

Certainly, there could be covert operations underway that may never be made public, but the Biden administration has effectively told the American people it will not treat China's attack the same way it treated Russia's. Couple this double standard with Biden's list of 16 sectors that are off limits to hacking (creating the assumption that everything else is fair game) and the result is a weak and confusing public-facing cybersecurity policy.

According to a February Gallup poll, 82 percent of Americans see cyberterrorism as a critical threat—a higher percentage than for any other issue, including the development of nuclear weapons in North Korea and Iran.

SolarWinds logo
The SolarWinds Corp. logo is seen on a sign at the headquarters in Austin, Texas on April 15, 2021 in Austin, Texas. - The United States announced sanctions against Russia and the expulsion of 10 diplomats in retaliation for what Washington says is the Kremlin's US election interference, a massive cyber attack and other hostile activity. The White House said the sanctions likewise respond to "malicious cyber activities against the United States and its allies and partners," referring to the massive so-called SolarWinds hack of US government computer systems last year. SUZANNE CORDEIRO / AFP/Getty Images

As I write in my upcoming book, Beyond Biden (out in November), Americans' concerns are well warranted considering the scope, scale and severity of cyberattacks against the United States in recent months—and the direct impact these attacks have had on Americans.

In May, the Russian DarkSide ransomware attack took the Colonial Pipeline offline. The pipeline accounts for about 45 percent of the fuel supply on the East Coast. That same month, the Russian group responsible for the SolarWinds hack targeted 3,000 email accounts from 150 organizations as part of a "continuation of multiple target government agencies involved in foreign policy as part of intelligence gathering efforts," according to Microsoft.

In June, Russian hackers also forced the shutdown of nine beef plants in the U.S. and launched another attack against Kaseya in July, infecting nearly 1,500 organizations around the world. Experts noted that in the Kaseya attack, "The gang used a level of planning and sophistication closer to high-level, government-backed hackers, rather than a mere criminal operation."

President Biden can stand at the podium and attempt to make subtle distinctions between rogue cyber gangs and government-sponsored cyberattacks. But we must ask ourselves a question: in two countries ruled by dictators—whose power is ultimately secured through surveillance, control and suppression of dissent—how likely is it that such sophisticated cyber criminals act independently of the regimes?

To address the ongoing cyber threat, the U.S. must recognize that China's and Russia's approaches to warfare are fundamentally different from our own. For example, in the 1999 publication Unrestricted Warfare, two Chinese military colonels concluded that there are "virtually infinite" new battlefields in modern warfare that erase the lines between soldiers and civilians. Similarly, according to a U.S. Army assessment, we have not identified an effective counter strategy to Russia's gray zone warfighting doctrine (or hybrid warfare) which operates between the zones of war and peace.

As the world becomes more digitally interconnected, and because high-value infrastructure targets reside within the private sector, the cyberwarfare threat to America is increasingly dangerous, especially in the context of the changing geopolitical landscape.

This summer, Beijing and Moscow reaffirmed their strategic cooperation by extending their 20-year-old friendship treaty. Russia also agreed to sign on to China's data security initiative, an effort that was launched in response to the Trump administration's moves to restrict Chinese technologies that pose national security risks. Further, Russia and China agreed to cooperate on information security and to "continue to promote the construction of a global system."

The goals of General Secretary Xi and President Vladimir Putin to weaken and supersede the United States are clearly aligned. President Biden's inability to respond firmly to these cyber acts of war only empower the Chinese and Russian dictatorships.

It's time we get serious about fighting this invisible war.

To read, hear, and watch more of Newt's commentary, visit

The views expressed in this article are the writer's own.