Divergent National Cybersecurity Strategies and Threats from China and Russia
A recent think tank report warns that the United States is not adequately prepared to counter the persistent and offensive cyber campaigns conducted by China and Russia. The report highlights that both adversaries treat cyberspace as a domain for ongoing national competition, with China in particular focusing on maintaining persistent access to U.S. critical infrastructure for potential coercion or disruption. The analysis criticizes the U.S. for relying on outdated, reactive frameworks and calls for a more aggressive, offensive posture to address the evolving threat landscape.
In parallel, the United Kingdom is preparing to announce a refreshed cybersecurity strategy, reflecting on past efforts and emphasizing the need for resilience, especially in critical infrastructure. The U.K. faces challenges in resource allocation and skills gaps, which have hindered the implementation of previous strategies. Both the U.S. and U.K. are reassessing their approaches to cyber deterrence and resilience in light of increasing incidents and the strategic ambitions of state actors like China and Russia.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
McCrary Institute report urges more offensive U.S. cyber posture
A McCrary Institute for Cyber and Critical Infrastructure Security report warned that the United States is too reactive in cyberspace and should modernize authorities, clarify roles, and impose greater costs on China and Russia.
Labour government prepares a new U.K. cybersecurity strategy
The Labour government led by Keir Starmer is preparing to announce a new cybersecurity strategy in 2025, with expected emphasis on resilience, critical infrastructure protection, and clearer public-private roles.
U.K. resilience legislation remains in Parliament with 2027 implementation
Draft U.K. cybersecurity and resilience legislation is still moving through Parliament and is not expected to take effect until at least 2027, leaving a near-term policy gap.
Russia integrates cyber operations into its invasion of Ukraine
Russia used cyber operations as part of its military campaign during the invasion of Ukraine, illustrating its aggressive operational cyber posture.
U.K. issues 2022 cybersecurity strategy
The U.K. published another cybersecurity strategy in 2022, the most recent completed iteration before the planned 2025 refresh.
U.K. releases another cybersecurity strategy iteration
A further U.K. national cybersecurity strategy was published in 2016, continuing the government's periodic refresh of cyber policy.
U.K. updates national cybersecurity strategy
The U.K. released a revised national cybersecurity strategy in 2011, reflecting changes in policy approach and cyber risk priorities.
U.K. publishes its first national cybersecurity strategy
The United Kingdom issued an initial national cybersecurity strategy in 2009, beginning a series of strategy updates as the threat landscape evolved.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Munich Cyber Security Conference Highlights Shift Toward Deterrence, Supply-Chain Risk, and Critical Infrastructure Resilience
Senior officials from the **EU, NATO, the United States, Sweden, Estonia, and Taiwan** used the Munich Cyber Security Conference to warn that cyber and “hybrid” operations are now a persistent feature of geopolitical competition and are increasingly aimed at **critical infrastructure** (energy, health, government services, satellites, and military command networks). EU Executive Vice President **Henna Virkkunen** argued Europe cannot be “naive” about adversaries’ ability to disrupt essential services and pointed to proposed revisions to the **EU Cybersecurity Act** intended to strengthen the EU cybersecurity agency and reduce critical ICT supply-chain risk, including phasing out designated **high-risk suppliers**. NATO Deputy Secretary General **Radmila Shekerinska** said Russia and China are challenging the alliance in both physical and digital domains and cited attempted disruptions to Poland’s energy infrastructure as an example of the threat environment. U.S. officials signaled a shift from primarily defensive “resilience” toward **deterrence** by “imposing real costs” on malicious actors, while also emphasizing deeper cyber partnerships with allies and industry to send a coordinated message to adversaries; National Cyber Director **Sean Cairncross** said a forthcoming U.S. cyber strategy will align with broader national security strategy and rely on whole-of-government tools. Estonia’s intelligence chief **Kaupo Rosin** urged Europe to invest in **homegrown offensive cyber capabilities** to reduce reliance on non-European tools, while Swedish defense official **Lisa Gustafsson** said societies must be designed to function under sustained disruption under Sweden’s “total defense” model. Taiwan’s National Security Council adviser **Yuh-Jye Lee** warned China may be rehearsing a “digital siege,” referencing activity like **Volt Typhoon** and reporting on alleged Chinese training infrastructure (“**Expedition Cloud**”) designed to simulate foreign power grids and communications networks; separate reporting also underscored that much of the technology stack underpinning cyber defense is controlled by **U.S. firms**, complicating sovereignty and supply-chain decisions.
Mar 21, 2026
Global State-Sponsored Cyber Operations and Policy Responses
Multiple nation-state actors, including China, Russia, Iran, and North Korea, are intensifying cyber operations targeting critical infrastructure, government entities, and private sector organizations worldwide. China-linked groups such as Ink Dragon have expanded espionage campaigns against European governments, while Russia-linked actors like Callisto have targeted NGOs and are implicated in disruptive attacks in Europe. Iran's MuddyWater has focused on critical infrastructure in Israel and Egypt, and North Korea is increasing disruptive attacks on various sectors. These activities are accompanied by sophisticated cybercrime campaigns, exploitation of zero-day vulnerabilities, and significant data breaches affecting sectors such as health, telecommunications, and justice. In response, Western governments and institutions are taking legal and policy actions, including EU sanctions and fines, UK and Polish legal proceedings against Russian actors, and increased attribution of attacks to state-sponsored groups. However, there is growing concern that U.S. cyber defenses are lagging behind adversaries, with strained mission capacity, weakened public-private collaboration, and unstable federal leadership. Experts call for renewed strategic focus, improved coordination with allies, and robust policy reforms to counter the persistent and evolving threat landscape posed by hostile nation-states.
Mar 21, 2026
Forthcoming U.S. National Cyber Strategy Emphasizes Deterrence and Industry Partnership
The U.S. government is preparing to release a new National Cyber Strategy aimed at deterring foreign cyber adversaries and strengthening public-private collaboration. National Cyber Director Sean Cairncross announced at the Aspen Cyber Summit that the strategy will be concise, actionable, and structured around six pillars, including shaping adversary behavior and enhancing industry partnerships. The strategy intends to move beyond traditional defensive measures by introducing clear costs and consequences for malicious cyber activity targeting U.S. critical infrastructure, reflecting a shift toward a more offensive and coordinated national approach. Officials highlighted that the new strategy will differ from previous versions by focusing on rapid implementation of action items and deliverables, rather than lengthy policy documents. The approach seeks to address the fragmented nature of current U.S. cyber responses by establishing a unified, government-wide framework. The strategy is currently under review by federal agencies, with input from the FBI and private sector leaders, and is expected to be released soon. The administration aims to modernize federal cyber capabilities, accelerate technology adoption, and send a strong deterrent signal to both nation-state and criminal cyber actors.
Mar 21, 2026