Cyber operations are now a defining feature of modern warfare, as the war in Ukraine has demonstrated—and China is taking note. Russia’s invasion of Ukraine in 2022 has served as a testing ground for the integration of emerging technologies into hybrid warfare. Drawing from the lessons of the Ukraine war, China’s new military strategy establishes a joint and multi-domain doctrine that prioritizes a modernized wartime cyber approach, targeting key future conflicts such as a Taiwan contingency.

China’s Great Cyber Rejuvenation

Modern Chinese national military strategy seeks to leverage cyber power through constant readiness and information technology to enhance information dominance—the operational advantage gained from the ability to control, manipulate, and defend information to maximize warfighting effects. Starting in 2014, Xi Jinping began ambitiously envisioning China as a “cyber great power” capable of defending critical infrastructure from cyber intrusions, ensuring internal stability, and launching offensive operations against foreign adversaries. Critically, this shift affected People’s Liberation Army (PLA) military doctrine on cyber warfare.

The PLA’s focus on cyber power traces back to its study of the US military’s technological dominance in the Gulf War, primarily in information technologies, to control the battlefield. Cyber capabilities were subsequently incorporated into PLA doctrine and formally articulated in major policy documents such as the 2013 Science of Military Strategy, which emphasized the significant role of cyber in command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) systems. As military technology has advanced, Chinese military doctrine has become increasingly focused on information operations within the “three dominances” (三权), achieving superiority in the information, air, and sea domains, to determine the viability of a successful military operation, specifically against Taiwan, the United States, and its allies. In the 2020 Science of Military Strategy, the PLA states that cyberspace is the “basic platform for information warfare” because blinding cyberattacks on an adversary’s computer C4ISR networks can paralyze its combat processes at the outset of a conflict, thereby ensuring one’s own information dominance. To operationalize this strategy, the PLA advanced the doctrine of “peacetime-wartime integration,” a central principle under its military-civil fusion strategy. Designed to secure prepositioned information dominance, peacetime-wartime integration streamlines cyber operations by maintaining a constant state of readiness, ensuring these assets can be rapidly leveraged during wartime. Thus, the People’s Republic of China (PRC) has increasingly designated cyber as a central cornerstone of military power in attaining information dominance, soon accelerating these reforms based on lessons from the Ukraine war.

Yet, the PLA remains acutely aware of its greatest shortcoming: a lack of operational experience in a wartime climate. Given that the PRC has not fought a war since its limited war against Vietnam in 1979, Beijing is forced to rely on observations in other wars, resulting in an intense study of Russia’s efforts against a Western-equipped military. More critically, while China’s cyber forces remain sophisticated in espionage, intellectual property theft, and political influence, this weakness results in an unproven integration of these capabilities into multi-domain joint operational effectiveness, a task notoriously challenging for even experienced militaries. Without actual combat experience, China will continue attempting to learn from foreign conflicts while its military organization, doctrine, and capabilities remain speculative in wartime conditions.

Learning from Russia’s Cyber Failures

Russia’s failure to achieve information dominance in an effective, integrated, coordinated, and multi-domain military operation in its invasion of Ukraine has likely become a key focus for China, illustrating the decisive role of information warfare in modern conflict. Prior to its ground invasion, Russia fired the first shots in cyberspace by conducting a pre-emptive cyber campaign to set the stage for its kinetic operations. Russian cyber actors intended to cripple critical dual-use infrastructure such as Ukrainian government networks, ViaSat KA-SAT network, and energy grids. The invasion thus became known as the “world’s first full-scale cyberwar.” Before and during the invasion in February 2022, the Google Threat Analysis Group observed “more destructive cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years, with attacks peaking around the start of the invasion.” While Russia launched an aggressive cyber campaign during its invasion, its subpar performance is attributed to the inability to paralyze Ukraine’s command and control systems, partly resulting from a swift response from Western tech companies. In short, China identified Russia’s failure to achieve information superiority and to execute integrated joint military operations prior to its invasion as the most critical factor behind its unsuccessful campaign.

The PRC has learned from Russia’s strategy through cyber cooperation with Russia by sharing malware and exploit kits, enabling more sophisticated attacks, and conducting its own cyberattacks against Ukrainian military and nuclear facilities prior to the invasion. Most notably, the PRC’s ambitions run deeper with recent cyberattacks on Russia to seek further intelligence on Russian military activities, suggesting Beijing is dissatisfied with Russian intelligence sharing and seeks to extract its own direct insights against its “no-limits partner” with a key focus on software in cyber operations to inform its own preparation for future conflict. This failure made clear to Beijing that achieving information dominance is essential for military success, prompting concrete reforms that prioritize the integration of offensive cyber operations with kinetic military actions.

Adapted Cyber Military Power with Chinese Characteristics

While the PRC already prioritizes cyber warfare as central to its military operations, Beijing is now placing a greater emphasis on integrating cyber capabilities into coordinated wartime planning. Learning from Russia’s failure to secure information dominance in Ukraine and recognizing its weakness from a lack of wartime experience, the PRC not only expanded its cyber capabilities but also enacted a major restructuring of the PLA and redefining its military doctrine to further prioritize and define cyber’s role in information control. In April 2024, Xi Jinping ordered the establishment of the Information Support Force (ISF) and an independent Cyberspace Force (CSF) directly under the Central Military Commission. This restructuring followed the dissolution of the Strategic Support Force, which had fragmented cyber warfare responsibilities across multiple departments. The new framework effectively designates the ISF to cyber defense and CSF to offensive operations, centralizing and elevating the role of cyber warfare in PLA military planning and doctrine. Ultimately, these reforms have strengthened the PRC’s cyber military power by enhancing its ability to defend domestic networks, conduct preemptive offensive operations, and integrate cyber capabilities into joint, multi-domain military planning, anchored in the pursuit of information dominance.

As a result of this restructuring, Beijing’s cyber strategy improved operational discipline and focus by shifting cyber operations from obtaining intelligence to preparing the operational environment for war. This evolution is evident in its cyber typhoon operations. Whereas, prior to the reforms, PRC cyber operations focused on covert data theft, the PRC’s recent activity involves blatantly admitting to embedding potentially destructive malware in US critical infrastructure, including energy grids, gas pipelines, water facilities, telecommunications, and transportation systems. The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the National Security Agency, and the Five Eyes partners have warned that Chinese hackers have obtained the ability to shut down key infrastructure targets at will. The PRC is also positioned to enact major cyberattacks in the event of a Taiwan contingency. Taiwan has become the primary target of these attacks, facing nearly 2.4 million cyberattacks a day in 2024 and being targeted for long-term access to critical infrastructure. Chien Hung-wei, former head of Taiwan’s Department of Cyber Security, admitted “serious” breaches still occur, especially targeting critical systems. Japan has also been a target of PRC targeted cyberattacks with PRC-linked actor BlackTech embedding itself within infrastructure targets in Japan, prompting joint cyber action from Washington and Tokyo. This series of operations reflects the PRC’s strategy to attain information dominance by hampering the ability of the United States and its allies to respond to a crisis, including paralyzing Pacific supply lines, disrupting military coordination, and sowing domestic chaos through targeting civilian infrastructure.

Building an Allied Cyber Deterrence Strategy

With the rise of China’s cyber capabilities, strategies, and ambitions of becoming a “cyber great power,” the United States and its allies must develop a unified strategy of “layered cyber deterrence,” including policies to strengthen cyber offensive and defensive capabilities to achieve information superiority. This multilateral effort should draw from the comprehensive 2020 US Cyberspace Solarium Report and lessons from the war in Ukraine. One critical takeaway is the importance of denying the PRC information dominance in the Indo-Pacific before and during conflict, a failure that hampered Russia’s ability to disrupt Ukraine’s command and control systems. Taiwan has already begun to adapt by developing a state version of SpaceX’s Starlink to secure online connections for critical infrastructure and the military, recognizing that PRC-linked cyber actors have compromised its telecommunications systems. To meet this growing threat, the United States and its allies must transform these insights into actionable policies that strengthen cyber resilience, denial, and deterrence.

The United States and its allies must accelerate key overlapping priorities, including: hardening cybersecurity in dual-use critical infrastructure, operationalizing public-private cyber partnerships, and building a credible and powerful military cyber offensive force to defend forward. Achieving these goals will require enhanced investment and cooperation between the United States and its allies to counter adversaries’ growing cyber power, limit gray-zone aggression, and establish a credible offensive cyber force capable of achieving strategic objectives in integrated, multi-domain operations. With the PRC actively preparing a major cyber offensive, the threat is no longer hypothetical; it is imminent, demanding an urgent response by the United States and its allies to strengthen cyber deterrence.