Why China Is Now a Peer Competitor to the United States in Cyberspace

It is no longer enough to believe that the United States is unrivaled in cyberspace. At a time when Mythos-like capabilities are emerging, and when China has been especially brazen in its cyber operations against the United States, the United States cannot afford for China to accelerate its edge even further. Although economic prosperity may be President Donald Trump’s primary national security goal, this should not come at the expense of U.S. superiority in national security arenas such as cyberspace. Cybersecurity is central to economic prosperity; a weak hand in cyberspace risks undercutting whichever economic gains result from President Trump’s state visit to Beijing.

China has systematically evolved and matured its cyber capabilities over the last 15 years (if not longer), to such an extent that it sets it apart from other U.S. adversaries in cyberspace. Across the full levers of statecraft, whether intelligence, diplomacy, military, economic, or societal levers, China demonstrates an ability to mobilize a whole-of-society approach to dominating cyberspace. And in some specific areas, such as offensive cyber (OC) capabilities, China even outpaces the United States, making it no surprise that the Dutch Military Intelligence and Security Service recently labeled China as being “on an even footing” with the United States in OC. Seen through the “4S” framework—that is, China’s sophistication, scale, stealth, and strategy—China should firmly be regarded as a peer competitor to the United States in cyberspace.

The “4S” Framework, Explained

This commentary sets out four components that offer a lens to understand China’s rise in cyberspace—and where the United States risks losing its edge.

1. Sophistication

   China has eclipsed other U.S. adversaries in cyberspace, seen through its approach to targeting, persistence, and technical capabilities. First, China has thoroughly and deeply penetrated U.S. critical infrastructure across sectors—whether energy, transport, or water—and at state and municipal levels. It has thoroughly compromised the U.S. public sector, including the U.S. Treasury,  National Guard, and sensitive systems used by law enforcement for wiretapping.

   The most egregious campaigns were by China’s Salt Typhoon group, which demonstrated an intelligence penetration and persistence into U.S. telecommunications networks so thorough that two years on, the United States cannot confidently assert that the actors have been booted out. China’s Volt Typhoon campaign—by military cyber actors—infiltrated U.S. military installations overseas in a highly strategic attack, showing an ability to sabotage U.S. military nodes and capabilities. In a contested domain, this reflects not only China’s positioning of itself to “dominate the digital battle space,” but to do so by reaching into the heart of the U.S. apparatus by targeting its most critical assets—and retaining the ability to disrupt these assets in the event of geopolitical conflict.

   Salt Typhoon was most revealing as to how far China’s technical capabilities have developed. The actors were able to sift through the mass volumes of data accessed in this attack down to a nuclear level to identify specific individuals (including then-candidates Donald Trump and JD Vance)—suggesting the pairing of collection capabilities with large language models to achieve highly advanced targeting. Moreover, suggestions that China may have developed its own version of Mythos Preview a few years ago—one that is more scalable and autonomous—is of even greater concern. It implies not only that China’s AI tooling for finding technical vulnerabilities is more technically advanced than that of the United States, but years ahead, leaving the United States playing the wrong game.

2. Scale

   The scale of China’s talent pipeline is increasingly hard to ignore, and underlines China’s whole-of-society approach to mobilizing in cyberspace. China has a rich history of cultivating hacking talent through capture the flag competitions, universities, and ranges that train its future hackers across offensive and defensive cyber skills, and cyber militia units. This is bolstered by China’s network of research institutes that conduct technical research and development into cyber capabilities, and directly supply the Chinese state and its export of technology overseas. Together, these constitute a direct talent pipeline into China’s state institutions, including the Ministry for State Security (MSS) and the People’s Liberation Army (PLA)—at a scale that reaches into the hundreds of thousands.

   This scale is only amplified by the role that China’s private sector plays in this ecosystem, particularly in relation to hunting for 0-days (technical vulnerabilities that are critical access vectors to victims). Technical vulnerabilities are effectively a strategic resource and site of contestation between China and the United States in cyberspace; their value lies in the undetected access they provide to systems, making the speed of their discovery (and exploitation) critical to OC operations. China has successfully invested in transforming its OC supply chain over the past decade, both through cultivating a thriving—if chaotic—supply of private sector companies that hunt for vulnerabilities, and by implementing legislation that companies compels to feed vulnerabilities directly into the Chinese state apparatus once found. This use of multiple levers of statecraft to shape this industry lends the Chinese ecosystem a speed, scale, and agility that far out-rivals the United States’ rigid OC supply chains, but also means that China’s distributed ecosystem can reconstitute faster than the United States can disrupt it.

3. Stealth

   Stealth has become an important component of China’s approach in cyberspace—albeit contrasted with the brazenness that characterizes China’s behavior. This stealth can be understood through a shift in tactics by China’s cyber operators, including: increasingly targeting edge devices (e.g., routers, firewalls, and gateways) to gain access to victims; using “living-off-the-land” techniques (exploiting legitimate tools within victim systems); targeting cloud environments; and using covert networks at scale to disguise operational traffic. So widespread is China’s use of covert networks that recently, a broad international coalition (including the United States and the United Kingdom) issued an advisory notice to industry, warning of the malicious practice.

   Alone, this might not seem like such a significant factor. But what sets China apart is its scale; deployed by thousands of actors, these methods heavily undercut traditional network defense methods, making it far harder to identify and attribute China’s cyber operations. Considered against China’s appetite for global access to networks, this lack of visibility becomes especially troubling; it means that the United States and allies do not have a confident view of which of their systems China holds at risk.

4. Strategy

   China’s strategic approach has proved more enduring than its Western competitors. China has shown an astute ability to identify the systems that Western societies and economies depend upon, and vulnerabilities inherent in those systems—and to regear its entire cyber ecosystem to systemically exploit those weaknesses (especially in telecommunications), anchored in its Made in China 2025 plan.

   China is not hiding its ambition, either. Under its 15th Five-Year Plan, China has underlined its goal to accelerate its development as a cyber superpower (alongside manufacturing, quality, aerospace, and transport). It considers its positioning in cyberspace integral to its national rejuvenation and strategic competition with the United States. Through its curation of state institutions, universities, research institutes, private industry, and legislation, China has demonstrated the ability to mobilize—and scale–a whole-of-society approach to dominating cyberspace. Its recent emphasis upon building “technical resilience” is also striking in recognizing a need to shore up its own defensive posture in cyberspace.

   In other words, contrasted against the “strategic ambiguity” of the United States’ approach to cyberspace, China has made its intent clear and developed the capabilities needed to execute upon that intent.

A Window for Reinvigorating U.S. Strategic Ambition in Cyberspace

China is not invincible, however. Its broader system shows signs of vulnerability (whether economic or political), and so it is important to caution against painting China as 10,000 feet tall. This offers an opportunity for a reinvigorated strategic approach by the United States to cyberspace.

The aftermath of President Trump’s state visit to Beijing presents a useful window that his Administration can seize upon. A period of détente in U.S.-China relations should be accompanied by a strengthening of U.S. ambition, strategic intent, and posture in cyberspace. Where the recent U.S. National Cybersecurity Strategy 2026 was too light on the threat landscape and policy detail, the administration should publish a follow-up implementation plan as to how it will contest China and re-establish U.S. superiority in cyberspace. This should include the following:

• A clear vision as to how it will revitalize the U.S. cyber ecosystem (including institutions, policies, and capabilities) across the full levers of statecraft. This should include a commitment to reverse the cuts it has made since 2025 that have crippled the United States’ premier cyber agencies, whether in terms of funding, personnel, or leadership.
• An annex that addresses China specifically, including cross-domain responses (i.e., noncyber) to malicious Chinese cyber activity.
• A reinvigorated approach to the U.S. partnerships, including with international partners, the private sector, civil society, and academia.
• A commitment to revitalize the U.S. cyber defenses and supply chains. Where the United States has retreated on regulating the private sector and is overly focused on private sector involvement in OC operations, the Trump administration should identify other levers to hold the private sector accountable for failing to implement basic cybersecurity measures.

In the longer-term, the Trump administration should consider an alternative—and enduring—strategic framework that sets up the United States to better compete against China in cyberspace. This should move away from the notion of “cyber deterrence”, which has failed to achieve any commensurate or lasting shift in China's behavior in cyberspace. Instead, it should be anchored in regaining a strategic edge relative to China, playing to the United States’ strengths, while doubling down on China’s weaknesses. This starts with the Trump administration acting now to counter the gains China has made in cyberspace.

 Nikita Shah is a senior fellow with the Intelligence, National Security, and Technology program at the Center for Strategic and International Studies in Washington, D.C.