James A. Lewis is the Dirctor of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS) in Washington, D.C. He recently penned a white paper which aligns with the concerns expressed by CISA Director Jen Easterly in her “Stark Warning” about the high probability of, lack of preparation for and severe impact of cyberattacks on U.S. Critical Infrastructure.

Cyberattack on Civilian Critical Infrastructures in a Taiwan Scenario

“The broad calculus for China’s decisionmaking will likely involve weighing the relative military advantage gained from cyberattacks on critical infrastructure against the probability that such attacks would provoke a harsh U.S. response or expand the conflict.”

“Expressions of surprise that the Chinese military targeted critical infrastructure in Guam for cyber reconnaissance are misleading. Of course the People’s Liberation Army (PLA) is conducting cyber reconnaissance; China has been probing U.S. critical infrastructure networks for vulnerabilities since the Obama administration, if not before. From a military perspective, this is the kind of reconnaissance any capable nation would engage in against a potential opponent to identify targets and possibly prepare them for cyberattack.

What was misleading in these reports is that critical infrastructure in Guam was not the primary target. The primary targets, particularly those that would support U.S. forces in any engagement over Taiwan, are located in the United States. China is engaged in a major cyber reconnaissance effort against them. If China is willing to accept the risk of broadening a conflict over Taiwan, it may decide that cyber actions against civilian infrastructure in the United States could usefully disrupt communications and the flow of material needed for military operations.

Chinese decisionmaking on the use of offensive cyber operations against civilian critical infrastructure will be shaped less by the likelihood of detection and attribution and more by a desire to manage escalation and retaliation. China may decide not to use wide-scale cyber disruption and reserve its efforts for espionage. A decision on how and where to use cyberattacks will also be shaped by the progress (or lack thereof) in any Chinese offense; a lack of success could lead to more aggressive cyber actions. The broad calculus for China’s decisionmaking will likely involve weighing the relative military advantage gained from cyberattacks on critical infrastructure against the probability that such attacks would provoke a harsh U.S. response or expand the conflict.” (1)

For the full white paper from the CSIS, go to this link:  Cyberattack on Civilian Critical Infrastructures in a Taiwan Scenario by James E. Lewis 

https://oodaloop.com/archive/2023/08/15/at-defcon31-cisas-easterly-once-again-offered-astark-warning/

https://oodaloop.com/archive/2023/08/01/ransomware-attacks-in-u-s-and-cyberattacks-in-pacific-islands-are-battlefields-in-global-cyber-war/

https://oodaloop.com/archive/2021/11/22/scenario-planning-for-global-computer-chip-supply-chain-disruption-results-of-an-ooda-stratigame/

https://oodaloop.com/archive/2022/08/02/with-the-u-s-delegation-in-asia-we-revisit-our-ooda-stratigame-insights-about-taiwan/