Enhancing the Quad’s cybersecurity cooperation to counter Chinese cyberattacks

WRITTEN BY KRISTINA LOZINSKAYA

11 November 2025

In recent months, Washington has been raising doubts about the strength of its commitment to allies, including those within the Quad. Uncertainty regarding the Quad’s future cooperation coincides with China, Russia, North Korea, and Iran — the so-called “axis of upheaval” — projecting unprecedented unity by gathering at China’s largest-ever military parade in September. The photos of these leaders together in Beijing should remind US leadership that it is worth investing in good relations with the Quad, which presents an undeniable value-add to US foreign policy as a group united by the shared vision of a free and open Indo-Pacific and the threats that could potentially undermine it.

One such threat is China’s pervasive cyber interference. With global powers preoccupied by rapid developments in artificial intelligence, the conversation about Chinese cyberattacks has faded into the background. The threat, however, has not diminished, as CrowdStrike reported a staggering 150 per cent increase in China-nexus cyber intrusions and espionage operations globally in 2024. For years, Beijing has been trying to covertly gain access to the networks operating critical infrastructure worldwide, building up the capacity to disrupt vital systems during a crisis. China is winning the cyber war in the absence of any tangible response to it. Visibly enhancing the Quad’s cybersecurity cooperation has the potential to send a strong message to Beijing and bolster deterrence, while also improving allied capabilities and cyber defence.

China’s cyber war

The US and its allies are losing the cyber war with China because they are playing by different rules. National security officials have pointed out the borderless nature of cyberspace, rendering all critical infrastructure and communications systems vulnerable to cyberattacks. The recently uncovered Salt and Volt Typhoons — large-scale Chinese infiltration of major US telecommunication providers and critical infrastructure sectors — are further evidence of this. The perpetrators of these attacks were active for at least three to five years before being discovered, demonstrating how China has the capacity and interest to hide and bide its time in cyberspace.

More can and should be done to deter, protect from, and respond to Chinese cyberattacks. If leveraged appropriately, the Quad can offer a powerful counter to China’s growing cyber threats.

Worldwide in 2024, the financial services, media, manufacturing, industrials, and engineering sectors experienced a staggering 200-300 per cent increase in Chinese cyber intrusions. The economic impact of cyberattacks is massive: at USD 9.5 trillion, the global cybercrime economy follows the US and China as the world’s third-largest economy by GDP. However, according to senior US officials, Beijing’s cyber intrusions currently appear to predominantly aim neither at profit nor at traditional intelligence gathering. Rather, the goal is testing China’s capacity to disrupt both US military operations and the lives of regular people.

The failure to effectively respond to and deter Chinese cyberattacks is due to a combination of factors such as liberal approaches to governance, lack of capacity, and barriers to diplomatic engagement with Beijing. Traditionally, Western societies have opposed the kind of pervasive surveillance and intrusion that is central to China’s authoritarian approach to exercising sovereignty in cyberspace and an “active defence” doctrine. According to Michael G. McLaughlin and William J. Holstein, the crux of the problem is that government-led policies cannot compete effectively against an adversary that has mobilised its entire society. Thanks to widespread state ownership of corporations and laws requiring all organisations and citizens to support national intelligence efforts, Beijing can meld the military with intelligence services, universities, research labs, and the private sector. Although beneficial for local autonomy, private oversight of critical infrastructure in the US and other like-minded nations creates dangerous blind spots, wherein external regulators appear unaware of and unable to patch systemic vulnerabilities that centralised oversight can.

Since Beijing holds the advantage in offensive cyber capabilities, Washington is not confident that its defences could match an escalatory tit-for-tat in cyberspace. This dynamic degrades US deterrence. Furthermore, precisely attributing cyber interference to a perpetrator is difficult, allowing Beijing to claim plausible deniability, which renders traditional diplomatic engagement on the issue virtually impossible. Beijing has never admitted to conducting cyberattacks and routinely deflects such accusations with statements that China, too, is a victim and does not condone such activities.

The Quad’s strengths

As a group, the Quad can compensate for, or at least ameliorate, the aforementioned factors. Significantly and visibly enhancing its cybersecurity cooperation would send a strong joint message, which could alter Beijing’s strategic calculus and bolster deterrence.

First, the Quad has the political leverage to ensure Beijing receives the message, as China has long scorned the Quad as an attempt to form an “Asian NATO”. Notably, the former Chinese Foreign Ministry spokesperson Hua Chunying described the Quad as “an exclusive clique against China” that is “trying to rally countries around China to work against China”. This paranoia is amplified by India’s membership in the group and the fear that Delhi will tilt towards the US and its allies. As former Australian Prime Minister Kevin Rudd noted, the worst-case scenario for Beijing would be “if the Quad were to draw other Asian countries, the EU, and NATO into efforts to confront or undermine China’s international ambitions” and “over time swing the collective balance of power definitively against China”.

Second, the Quad members have independently demonstrated their capacity to stand up to China’s cyber encroachments. Australia put aside long-standing concerns about damaging economic relations with its largest trading partner and, for the first time ever, published an advisory warning allies about the group known as APT40, which targeted two Australian networks in 2022. This May, Japan’s National Parliament passed the Active Cyber Defence Law — groundbreaking legislation that empowers Japan’s police and Self-Defence Forces to proactively access, disable, and neutralise computers and infrastructure used for cyberattacks. This is a significant step for traditionally pacifist Tokyo, demonstrating an understanding and urgency in countering cyber threats from China.

Third, the Quad can leverage its solid foundation of member cooperation. The grouping has made strides in improving maritime security, climate, and humanitarian cooperation, as well as pursuing joint infrastructure financing initiatives. In enhancing its partnership on cyber, the Quad can replicate its own successes in other fields of cooperation. The Indo-Pacific Partnership for Maritime Domain Awareness, for example, can serve as a case study in data and technology sharing that balances information sensitivity — all necessary for partnering in cyberspace, with potential implications for joint threat monitoring, attribution, and detection tools. Further, since the Quad provides an alternative to China’s Belt and Road Initiative by co-financing multiple projects in the Indo-Pacific, it could offer a trusted alternative to China’s cyber dominance with secure technology transfer and efforts to establish global cyber norms.

Finally, India sets the Quad apart due to its cyber capabilities, large population size, and political standing as a leading “voice” of the Global South. New Delhi has extensive experience with cybersecurity, having faced persistent cyber threats from both Pakistan and China. India’s cyberspace is the second most targeted in the world after the US, in part due to its reliance on the digital economy and a nationwide digital identity system, Aadhaar, used for everything from accessing government benefits to opening bank accounts, paying taxes, and more. Further, the country has one of the largest IT industries in the world, as well as a robust network of institutions overseeing different aspects of cyberspace. India’s leadership position in the Global South is a counterweight to China’s and could offer developing countries a model for countering cyber threats.

Mutual cybersecurity

The cyber threat from China should be among the leading concerns for all members due to its severity and widespread impact. The US has recently experienced some of the most brazen breaches of its critical infrastructure in the form of Salt and Volt Typhoons. Australia and Japan broke traditional restraint by finally taking decisive actions to deter China in cyberspace, demonstrating an urgency in countering the threat. India has long been fielding intrusions from both Pakistan and China and is particularly vulnerable to cyber encroachments due to rapid digitisation. At the same time, India has a lot to offer to the Quad thanks to its particular capabilities, making this grouping stand out as a worthwhile choice of partners in pursuing stronger mutual cybersecurity.

Unfortunately, the Quad’s cybersecurity cooperation lags in comparison to the other areas. Tallying the Quad leadership-level working groups’ key accomplishments in the field of cyber from January 2021 to 2025, the Center for a New American Security (CNAS) has identified two joint efforts: launching the Quad Cyber Challenge and developing joint principles for protecting critical infrastructure from cyber threats. While both initiatives are laudable for promoting cybersecurity awareness and building talent in the field, more can and should be done to deter, protect from, and respond to Chinese cyberattacks. If leveraged appropriately, the Quad can offer a powerful counter to China’s growing cyber threats.

DISCLAIMER: All views expressed are those of the writer and do not necessarily represent those of the 9DASHLINE.com platform.

Author biography

Kristina Lozinskaya is a Schwarzman Fellow at the Asia Society Policy Institute and, formerly, at the Wilson Center, specializing in the US-Russia-China triad, the Quad, and technology competition. The author is currently conducting interviews with experts in Quad and cyber relations to solicit specific recommendations on how best to bolster the group’s cybersecurity cooperation. Image credit: Freepik/DC Studio (cropped).