Setting the Stage: Cyber Contingency Campaigning

In May, Secretary of Defense Pete Hegseth characterized China as America’s “pacing” threat. Experts agree that among U.S. adversaries, China alone has the potential to outcompete the United States militarily, economically, technologically, and politically. For the defense community, Taiwan, in particular, has come to embody the stakes of this competition.

Whichever nation has the upper hand in cyberspace will have an advantage going into any Taiwan contingency. Every military operation today relies on cyberspace, and China is taking steps now in the digital environment to increase the odds of a swift victory before the United States can fully mobilize its armed forces. Left unopposed and uncontested, China’s ongoing cyber activities and operations could tilt conditions and circumstances in their favor, such that they could seize Taiwan with little risk and effort. The U.S. Department of Defense cannot ignore this possibility, and must act now to foil it.

In our book, “Cyber Persistence Theory,” we analyzed how states compete for advantage in day-to-day competition in and through cyberspace. For example, China steals intellectual property to power its economy, North Korea relies on cyber-enabled illicit acquisition of currency to fund its ballistic missile and nuclear programs, and Russia employs cyber-enabled information operations to sow discord in the societies of its enemies. We called this the logic of initiative persistence. Simply put, the underlying technology of cyberspace creates an imperative for states to persistently exploit each other’s digital vulnerabilities for gain and anticipate how they can be exploited in turn. If one does not take the initiative, they assume the risk that adversaries will seize that initiative and gain advantage. These ideas were captured in the 2017 Department of Defense Cyber Strategy as defend forward and operationalized by U.S. Cyber Command as persistent engagement.

In our new book manuscript, “Cyber Persistence and Campaigning: The Logic and Art of Securing Cyberspace,” we extend the logic of initiative persistence to crisis and armed conflict. In so doing, we describe the novel construct of “contingency campaigning.” By this we mean sustained cyber activity in peacetime—not for economic, political, or military gain now, but for the creation of a favorable operational environment in a future contingency, such as militarized crisis or armed conflict.

Just as U.S. adversaries first leveraged cyberspace for strategic gain in day-to-day competition, they seem to have a running start in using cyberspace to their advantage for crisis and armed conflict. Failing to understand how cyberspace impacts armed conflict could have considerable costs. Cyber contingency campaigning can affect the occurrence, timing, initial course, and even outcome of a contingency such as a Taiwan invasion.

In the run-up to the 2022 invasion of Ukraine, both Russia and Ukraine engaged in activity consistent with cyber contingency campaigning and extended this “campaigning mindset” into the armed conflict. Now, China is doing the same by intruding into and persisting on defense and dual-use critical infrastructure that the U.S. relies on to defend Taiwan. The United States must enhance its cyber strategy by complementing its campaigning for advantage in peacetime with campaigning for a Taiwan contingency. We call this “concurrent campaigning,” and it is a hallmark of the cyber policies of great powers. Done well, it would achieve an objective articulated by U.S. government officials: Making sure “that every single day, President Xi wakes up and says, ‘Today is not that day,’ and that that decision [to invade] never comes.”

China’s Contingency Campaigning

China is contingency campaigning along three dimensions, which we explore in our book manuscript: managing the influences that third-party actors could potentially exert in a conflict; setting favorable operational conditions for itself; and structuring unfavorable circumstances for its adversaries, that is, the United States and Taiwan.

China is managing influences by taking advantage of the U.S. withdrawal from Afghanistan. Using cyber-enabled information operations, it has been highlighting the withdrawal as demonstrative of the U.S.’s willingness to abandon allies, promoting a narrative of the U.S. as an unreliable global partner with the aim of discouraging potential Asia-Pacific partnerships with America.

In order to create favorable conditions for itself, China is blocking its population from information platforms such as YouTube, Instagram, Facebook, and X, which, in their view, propagate damaging narratives that could erode domestic legitimacy and authority. China is structuring unfavorable circumstances for Taiwan by undermining the legitimacy of Taipei’s government. For example, Chinese actors have created inauthentic accounts to distribute Chinese propaganda on YouTube and used cyber-enabled platforms to create fake videos and flood comments sections with pro-China statements.

The activity of Volt Typhoon is a clear attempt to structure unfavorable circumstances for the U.S. in a potential Taiwan conflict. By compromising the dual-use critical infrastructure necessary to project power, manage crisis, and prosecute war, Volt Typhoon’s activities could deny or delay mobilization of U.S. forces. Volt Typhoon’s activities support what Undersecretary of Defense for Policy Elbridge Colby described in a private capacity as China’s “best strategy”—a fait accompli with limited aims. This military operational scheme relies on strategic surprise, seizing and holding key terrain, and avoiding the main body of American forces—each of which relies on certain cyber-enabled systems and capabilities. From a Chinese perspective, the rationale for cyber contingency campaigning is unassailable.

U.S. Contingency Campaigning

Contingency campaigning should ideally support a military force’s preferred warfighting scheme, defend against the opponent’s most likely scheme, or both. Colby and others prescribe the U.S.’s best defensive approach—denial defense—to prevent China from seizing and holding territory. Denial defense employs conventional capabilities for coercion after a crisis or armed conflict starts. This might involve some discrete, destructive cyber operations—but it would not be an optimal use of U.S. cyber resources.

There is a near consensus among cyber scholars that “cyber response options” are weak coercive instruments. Russia tried this coercive bargaining approach in the run-up to its full-scale invasion of Ukraine when, on Jan. 14, 2022, it employed destructive malware against dozens of Ukrainian government departments and agencies. This was coordinated with a threat on defaced government websites: “[B]e afraid and expect the worst.” But this had no discernable impact on Ukraine’s crisis-bargaining position; President Volodymyr Zelenskyy continued to reject Russia’s interpretation of the Minsk Accords.

How might U.S. cyber contingency campaigning support a denial defense strategy? It should structure unfavorable circumstances by targeting the capabilities, plans, confidence, and controls that directly support China’s fait accompli scheme, as well as a protracted, attrition-style strategy should the fait accompli fail. This would entail cyberspace activities and operations that sow doubt in China’s operational plans, capabilities, and command-and-control systems; introduce friction into decisions affecting force employment; and, ultimately, undermine China’s confidence that it can prevail in this contingency. Analyses have identified potential targets for exploitation, including China’s mobilization and maintenance processes, supply chains, and operational security.

Evidence suggests these steps could be impactful if integrated into Defense Department planning and operations. Russia’s broad cyber-enabled compromise of Ukraine’s government communications and opposition leadership before the annexation of Crimea in 2014 eroded Kyiv’s confidence in the effectiveness of its responses. In another example, Russia’s advance toward Kyiv was, in part, hindered by a high failure rate of tires on Russian Pantsir-S1 wheeled gun-missile systems. While most likely a consequence of poor maintenance practices, this effect could be induced by cyber operations targeting storage facilities.

U.S. contingency campaigning to manage influences could also borrow a lesson from the intelligence exposure of Russian plans on the eve of the invasion. Although that did not avert war, it did help marshal international support for Ukraine. Additionally, it undermined Russia’s ostensible justification through false flag operations as rationales for invasion, and forced Moscow to expend energy devising ever-changing narratives for both foreign and domestic audiences. In a similar fashion, the U.S. could expose information about China’s behavior, either publicly or quietly through diplomatic channels, to erode support for China, particularly in the Indo-Pacific region.

The U.S. should also conduct cyber operations and activities that set favorable conditions for itself and ensure that China’s vast cyber resources do not degrade the coercive potency of America’s conventional capabilities, the Department of Defense Information Network those forces rely on, and the defense and dual-use critical infrastructure that is necessary to mobilize and transport those forces. Successes against Volt Typhoon must be sustained.

Escalation, Twice Considered

Colby rules out horizontal escalation as an option for the U.S. in a Taiwan contingency—for example, damaging Chinese bases in Africa or energy facilities in the Middle East—arguing that it is a suboptimal use of scarce warfighting capability and that it would poison relations with alliance members.

Viewing the expansion of this conflict, instead, through a cyber campaigning lens generates different insights. The U.S. and China are already engaged in a global strategic competition short of use of force, including in and through cyberspace and the information environment. In this sense, the notion of horizontal escalation is less applicable. U.S. Cyber Command has already conducted hunt forward operations in Africa, Latin America, and South America, all areas where China seeks to expand its influence. An expanded contest is already underway, and it will not await a crisis or an armed conflict. This is not an either-or choice for great powers with cyber capabilities. Cyber great powers must concurrently campaign—that is, simultaneously campaign for advantage, short of use of force, and contingency campaign.

Some observers may harbor concerns that structuring unfavorable circumstances could increase the risks of escalation into militarized crisis and armed conflict. These concerns have been studied extensively, and, with the exception of targeting an opponent’s nuclear weapons enterprise, the conclusions are the same—cyber campaigning in a geopolitical condition of competition does not increase the risk of escalation.

Aligning and Integrating Cyber Warfighting Capabilities

States should not put all of their cyber resource eggs into the campaigning basket, but they should put most of them there. It is the optimal application of cyber resources for maximum strategic impact. If states do have to expend cyber resources on actual warfighting, they should do so to enable or complement conventional operations rather than treat cyber as a (weak) substitute for kinetic effects.

China is already developing cyber warfighting capabilities to integrate into their military scheme. The Senate Armed Services Committee markup of the 2025 National Defense Authorization Act calls for an evaluation of new ways to provide tactical-level cyber effects, or integration with non-cyber tactical units, using radio frequency-enabled cyber or other offnet cyber operations techniques. These warfighting capabilities should be integrated into the U.S.’s defensive approach to China, which, in turn, can be supported with cyber contingency campaigning for a Taiwan scenario. Alignment and integration will help ensure these capabilities have their intended effects. Facing the prospect of a contingency with China, now is the time for the U.S. to double down on the campaigning mindset it first announced in 2017 by adding contingency campaigning to the Defense Department’s cyber strategy portfolio.