"Looking beyond 2027, the most lethal and all-encompassing threat the United States faces is clearly China. China has already penetrated deep into America's critical infrastructure so it can instantly paralyze national functions and cause social chaos in a contingency."
On the 9th (local time), in a keynote speech at "Cyber Week 2025," hosted by the Israel National Cyber Directorate (INCD), the Ministry of Foreign Affairs and others at Tel Aviv University, Nick Anderson, executive assistant director (EAD) of the Cybersecurity Division at the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), assessed China's cyber threat this way. He said, "China has already penetrated deep into America's water systems, power grid and communications networks," analyzing that China is employing a so-called "pre-positioning" strategy of planting malware in peacetime.
◇ "It is already embedded throughout daily life… attacks in a crisis"
Anderson stressed that China's cyber operations have shifted from intelligence collection to preparing for actual strikes. He said, "China has moved beyond merely stealing technology or collecting information," adding, "It has been conducting long-term pre-positioning operations to shape the battlespace in advance and to plant malware in critical infrastructure so it can be used immediately in emergencies."
According to CISA, Chinese hackers have infiltrated targets such as water facilities, the energy power grid, cloud servers, telecommunications networks and identity systems. Anderson said, "China's goal is to pressure democracies at moments of crisis or when tensions are escalating, to delay U.S. force mobilization and to shatter daily life to break the will to resist."
Anderson cited 2027 as a critical point for assessing the China threat. The year 2027 marks the 100th anniversary of the founding of the People's Liberation Army, and U.S. intelligence believes Chinese President Xi Jinping has instructed the PLA to be ready for an invasion of Taiwan by then. CISA has long argued that if a major crisis or military clash with the United States occurs, China will launch aggressive cyber operations targeting U.S. critical infrastructure.
◇ "Not just America's problem… governments and corporations must establish joint plans"
Anderson also noted that China's strategy differs from the threat patterns of Russia, Iran and North Korea. Russia conducts physical attacks and ransomware; Iran targets civilian infrastructure such as hospitals and industrial facilities; and North Korea primarily attempts to steal money. China, however, deliberately increases network activity in peacetime to hide traces of infiltration into infrastructure and pursues a strategy of lying dormant for long periods inside civilian infrastructure to create footholds that can be used for immediate disruption in a crisis, he said.
He emphasized, "This Chinese threat is not just America's problem." For example, in Israel as well, there have been continued intrusion attempts in the defense industry and civilian networks that are hard for security equipment to detect.
As a countermeasure, Anderson said the United States has shifted its operational focus to detecting and blocking China's pre-positioning activities. He said, "We are accelerating detection of China-linked espionage tooling across the cloud and identity systems, as well as across operational technology (OT) and industrial control systems (ICS)."
He went on to say, "Infrastructure operators must greatly increase system logs and telemetry to ensure visibility." The point is that precise data analysis beyond simple defense is essential to find the faint traces left when Chinese hackers slip quietly into cloud identity systems and more.
He also urged the adoption of a "secure by design" principle that mandates embedding security features from the earliest stages of software development or infrastructure buildout. He noted that tacking on security patches after a product is complete makes it difficult to stop sophisticated threats.
He stressed that at the government level, there is also a need to redefine the role of the private sector. Anderson said, "America's private corporations are not merely economic actors but 'national strategic assets,'" adding, "The government and the private sector must go beyond simple information sharing and establish joint plans that can increase the speed of defense."