Toward a Fair and Secure Global Cyberspace

Recently, China’s national security authorities revealed a major cyberattack launched by the U.S. National Security Agency (NSA) against the National Time Service Center at the Chinese Academy of Sciences. Since 2022, the NSA has used a range of hacking tactics, such as exploiting system vulnerabilities and stealing credentials, to wage attacks on the center. These operations aimed not only to steal sensitive data but also to implant malicious codes designed to paralyze critical systems. This poses a serious threat to China’s cybersecurity.

This case is far from being isolated. In 2022, China’s Northwestern Polytechnical University was targeted by the Office of Tailored Access Operations (TAO), a cyberwarfare intelligence unit affiliated with the NSA. TAO deployed 41 customized cyber weapons to carry out more than 10,000 malicious attacks, stealing large volumes of high-value technical data. In 2023, the Wuhan Earthquake Monitoring Center was compromised by a “backdoor” trojan program with signatures consistent with U.S. intelligence spyware. Then, in 2024, U.S. actors launched another cyberattack against Chinese companies in the communications and satellite Internet sectors, infiltrating over 300 devices and exfiltrating sensitive data.

These repeated incidents reveal a persistent pattern of systemic intrusion and sabotage by U.S. intelligence agencies in China’s cyberspace. Confronting and responding effectively to such relentless “digital invasions” has become one of China’s most urgent tasks in safeguarding national cybersecurity.

Identifying cyber criminal offenses

Under the framework of international law, Article 2 of the United Nations Charter explicitly prohibits member states from using or threatening force against the sovereignty or security of another country.

The key question in cyberspace is: When does a cyber operation amount to the use of force? While the issue remains debated, the Tallinn Manuals—drafted primarily by experts from the U.S. and its NATO allies—state clearly that a cyber operation can be considered a “use of force” if its scale and consequences are comparable to those of a conventional military attack.

The National Time Service Center, which ensures the precise timing that underpins China’s entire economic and technological system, plays a vital role similar to a country’s nervous system. If such a facility were paralyzed, the effects would be disastrous: Financial transactions could lose time synchronization, power grids might fail and satellite launches could be disrupted. The resulting chaos would be indistinguishable from the destruction caused by traditional warfare. Moreover, the U.S. reportedly deployed 42 specialized cyber weapons during these attacks—far beyond the scope of ordinary espionage—making it a clear violation of the fundamental international legal principle that forbids the use of force.

From a human rights perspective, these cyberattacks also infringe upon basic civil rights. Public welfare relies on the stable functioning of infrastructure systems; disrupting them can lead to communication outages, transportation paralysis and power failures—all of which endanger citizens’ daily lives. Additionally, the unauthorized control of personal devices and the theft of private information violate Article 17 of the International Covenant on Civil and Political Rights, which protects individuals from unlawful interference with their privacy.

Under Chinese law, foreign-led cyberattacks targeting Chinese institutions constitute criminal offenses. Although China’s judicial authorities may face limits in directly prosecuting individuals overseas, the government has full legal grounds to impose countermeasures, such as freezing related assets, restricting the entry of involved personnel and suspending cooperation with implicated institutions, to safeguard national interests and public security. The Anti-Foreign Sanctions Law further empowers China to impose lawful, proportionate sanctions on entities whose actions undermine its sovereignty or security.

Building a secure cyberspace

U.S. cyberattacks against China are unlikely to cease in the near term. Faced with this persistent threat, China must continue to strengthen its defensive capabilities.

Technically, this means improving real-time monitoring and emergency response systems to detect abnormal activity and block attacks quickly. At the same time, preventive measures are essential: All software and hardware used in key infrastructure should undergo full-cycle security testing to identify potential vulnerabilities or hidden “backdoors.” Internal management must also be tightened to prevent insider risks and ensure that device and data use remain secure, thereby narrowing the space for potential infiltration.

On the regulatory front, the world needs clearer mechanisms to define accountability in cyberspace. At present, international consensus remains weak, and even when some countries establish domestic laws to address cyberattacks, these claims often lack global recognition. To address this gap, three steps are crucial.

The international community should explicitly define cyberattacks on another country’s critical infrastructure as unlawful acts under international law.

An accountability framework based on “damage and causation” should be established, linking outcomes such as system paralysis or data breaches to specific cyber tools and responsible entities. This would help overcome the difficulty in tracing and prosecuting.

Multilateral mechanisms, such as those under the UN Group of Governmental Experts on information security, should be strengthened to create an independent and multi-country review system, turning unilateral claims into multilateral consensus supported by evidence and shared rules.

When it comes to countermeasures, China’s response must remain firm, evidence-based and proportionate. Facing deliberate U.S. cyber intrusions, China’s actions are a legitimate exercise of self-defense under international law. Any counter-response must rest on solid evidence, including the identification of attack routes, responsible actors and verified damage. Moreover, China’s countermeasures must adhere to the principle of proportionality—matching the scale and impact of the attack without overreach. If U.S. attacks target specific sectors, China’s response should focus correspondingly, avoiding harm to civilian or non-military facilities.

It is important to build international understanding based on facts. China can do this by turning specific cases of cyberattacks into shared awareness across the global community, that the United States’ record does not fully align with its image as a “guardian of cybersecurity.” The key is to present clear and detailed evidence, including technical data, verified records and expert analysis, so that the discussion is grounded in facts rather than rhetoric.

Working through international platforms such as the UN and by showing how such attacks harm public welfare and violate privacy, China can help rally broader support, especially among developing nations, for stronger global cooperation to protect critical infrastructure and promote fairness and justice in cyberspace.

Confronting the growing challenge of cyber threats requires more than just stronger firewalls. It demands a shared commitment to the rule of law and collective responsibility in cyberspace. The digital world must not become a “lawless frontier” dominated by power politics. Only through equality, cooperation and justice can true global cybersecurity be achieved.

Xiao Junyong is executive director of the Center for Science, Technology and Human Rights at the Beijing Institute of Technology; Cao Tao is a research associate at the center.