The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Is Russia or China the biggest cyber threat? Experts are split

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Didn’t get your Betty White fix after what would have been her 100th birthday? Check out this Forum of Fargo-Moorhead dispatch from the possible model for St. Olaf, Minn., home to Rose Nylund on “The Golden Girls.” The article even includes a recipe for Rose’s famous Genurkenflürgen cake. (The cake is fictional, but the Forum picked one modeled on a traditional Scandinavian almond cake). 

Below: President Biden ordered a cybersecurity ramp up for national security computer systems, and hackers stole personal information about more than 500,000 vulnerable people from the Red Cross. 

Experts worry most about Russia now, but China later

Experts are just about evenly split on whether China or Russia is the United States’ most dangerous cyber adversary, according to our latest survey of The Cybersecurity 202 Network experts group. 

The result reflects a decade of blockbuster attacks from both nations, including Chinese thefts of company secrets that have robbed billions of dollars from the U.S. economy and Kremlin-backed hacks that undermined democratic values and compromised troves of government secrets. 


  • Of the 96 respondents, 40 described Russia as the greater threat while 39 put China in that spot.
  • The remainder cited another adversary as the top threat — including a large number who described the United States as is its own worst enemy in cyberspace.
Now versus later

Many experts described Russia as the far more dangerous short-term threat but warned cyber competition from China is more threatening in the long run. 

“When dangerous is defined as having the greatest potential to cause damage to people and organizations in the U.S., the answer is Russia,” said Katie Nickels, director of intelligence for the cybersecurity firm Red Canary. “When dangerous is defined as having the greatest potential to threaten the strategic role of the U.S. as an enduring great power, the answer is China.”

Michael Daniel, White House cyber director during the Obama administration, cited an analogy coined by National Security Agency Cyber Director Rob Joyce: “Russia is like a hurricane, while China is like climate change.”

In other words, Russia can cause sudden and unpredictable damage, but China represents a long-term strategic threat, explained Daniel, who no runs the Cyber Threat alliance industry group. 

David Brumley, CEO of the cybersecurity company ForAllSecure, offered another analogy: “Russia is the TNT of cyber adversaries, while China is like having diabetes. Both are dangerous, but one is explosive-dangerous.”

For experts who labeled China the greatest threat, a common refrain was that Chinese leaders see digital data theft and hacking as a tool to reaching global superpower status

“[China] has a 100-year plan to achieve superpower status. Cybersecurity is the easiest and most insidious tool to achieve that goal,” said Norma Krayem, a cyber policy expert at Van Scoyoc Associates.

“China uses cyber as a tool to reshape the international system conforming to its ideology, and global interests and vision,” said Samuel Visner, a tech fellow at the Mitre Corporation. 

Experts who said Russia is the greater threat warned that the United States’ former Cold War adversary is more willing to take risks and press boundaries in cyberspace — such as its interference in the 2016 election. 

“Russia is boldest — or put another way, most reckless — in what it tries in cyberspace and seems least fearful of disruptive consequences,” said Josephine Wolff, assistant professor of cybersecurity policy at the Fletcher School of Law and Diplomacy at Tufts University.

“Russia seems to be more interested in sowing chaos,” said Herb Lin, a senior research scholar for cybersecurity policy at Stanford University.

Russian President Vladimir Putin “is likely to continue to get more aggressive in testing our boundaries and may even make a strategic miscalculation that could have grave consequences,” warned Jamil Jaffer, executive director of the National Security Institute at George Mason University Law School.


Several experts said the United States is actually its own worst adversary in cyberspace, citing poor protections and outdated regulation that make the nation more vulnerable to attack. 

“Between inconsistent policies and enforcement across both public and private sectors, we have created a society unable to defend from current threats,” said Luta Security CEO Katie Moussouris.

“The current morass of outdated regulatory and legal policies poses a bigger threat to effective cybersecurity within the U.S. than a specific foreign nation state adversary,” said Elizabeth Wharton, vice president for operations at the cybersecurity firm SCYTHE.

“The U.S. makes it easier for attackers from anywhere to succeed. We are basically leaving the keys in the ignition and not even locking the car doors,” said John Pescatore, director of emerging security trends at the SANS Institute.

Other responses:

Marcus Fowler, director of strategic threat at the Darktrace cybersecurity firm, said the greatest threat is criminal hacking groups who “chase monetary gain with little consideration given to impact, potential miscalculation, or collateral damage.” 

Jay Kaplan, co-founder of the cybersecurity company Synack, cited Iran and North Korea as greater threats, warning that North Korea isn’t “restrained by international relations or other economic concerns,” and Iran has “already been caught conducting lower-level attacks on U.S. critical infrastructure.”

CORRECTION: This post has been updated to correct Norma Krayem's title. 

The network

More responses to our Network survey:

China: “The difference between China and Russia is similar to the difference between a sharp knife and a blunt hatchet. They are both dangerous but where one is subtle, precise and covert, the other is more artless, unrefined and coldblooded.” — Mark Weatherford, a former top Department of Homeland Security cyber official

Russia: “Russia is our most dangerous cyber adversary, not only because of their sophisticated cyber capabilities, but also because of their continued unwillingness to crack down on criminal hackers operating under their auspices.” — Rep. Jim Langevin (D-R.I.)

China: “The theft of intellectual property robs the U.S. of decades of advancement that can’t easily, or perhaps ever, be recovered.” — Debora Plunkett, former NSA director of Information Assurance

Russia: “This is like choosing between the firing squad and the electric chair, in either case the end result is not good for U.S. critical infrastructure. Russia is more dangerous because the likelihood of Russia using cyber tools against the U.S. and its allies and partners is higher.” — Mark Montgomery, executive director of the Cyberspace Solarium Commission

Other: “It is the U.S. that pioneered the realm of cyber-weaponry, and it is the U.S. that has stood in the way of creating international rule of law to make this scourge illegal.” — Sascha Meinrath, director of Pennsylvania State University’s X-Lab

China: “Russia has cyber talent, and we've got cyber talent. But China has cyber talent and numbers. It can find and channel kids from all over the country into its cyberattack units. We're fighting the cyber equivalent of a land war in Asia every day.” — Stewart Baker, former NSA general counsel

The keys

Biden ordered the Pentagon and intelligence agencies to boost their cybersecurity

A memorandum signed by President Biden expands the National Security Agency’s role in protecting sensitive government networks, the Wall Street Journal’s Dustin Volz reports.

It also “mandates baseline cybersecurity practices and standards, such as two-factor authentication and use of encryption, for so-called national security systems, which include the Defense Department and intelligence agencies and the federal contractors that support them,” Volz writes. 

The cybersecurity standards parallel measures that Biden told civilian agencies to impose in May.

Israeli lawmakers are thinking about revamping the country’s cybersurveillance regulations

The move comes in the wake of revelations that Israel’s police used NSO Group’s sophisticated Pegasus spyware to spy on protest leaders, mayors and former government officials without approvals by Israeli courts, the Times of Israel’s Carrie Keller-Lynn reports.

Israel’s judiciary and two parliamentary committees are examining oversight of the country's high-tech surveillance. Israeli police have denied the spyware was used improperly. 

The latest revelation: In recent years, an Israeli police unit has brought on “at least three external hackers as paid contractors in order to assist it in gathering intelligence and cracking criminal cases,” Israeli business daily Calcalist’s Tomer Ganon reports. The hackers “broke into private WiFi networks, downloaded recordings from security cameras belonging to private companies, [and] hacked into insurance files, as well as phones which police couldn’t crack with NSO’s Pegasus,” Ganon writes. Israeli police told Calcalist that the report’s claims are “untrue” and they act according to the law.

New lobbying: 

  • Chartwell Strategy Group will provide NSO with “strategic communications counsel” services, according to a Justice Department filing
  • David Tamasi, a top Trump fundraiser in 2016 and 2020, has also registered to work on the account. 
  • The contract was signed Dec. 20, around six weeks after the Biden administration blocked NSO from receiving U.S. technologies. 
  • The contract, which went into effect this month, was signed days after Democratic lawmakers called on the Biden administration to slap sanctions on cybersurveillance companies including NSO.

Hackers stole sensitive information on more than 500,000 people from the International Committee of the Red Cross

The victims include “more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention,” the International Committee of the Red Cross (ICRC) said.

The humanitarian group pleaded with the hackers to “do the right thing” and “not share, sell, leak or otherwise use this data.” 

“The ICRC has no immediate indications as to who carried out this cyberattack, which targeted an external company in Switzerland the ICRC contracts to store data,” it said. “There is not yet any indication that the compromised information has been leaked or shared publicly.”

Hill happenings

Senators introduce bill to block prisons from reading emails between attorneys and inmates

Sens. Ron Wyden (D-Ore.) and Cynthia M. Lummis (R-Wyo.) are introducing the bill around a year after the House overwhelmingly passed a version in the lower chamber. In federal prisons, inmates are asked to “voluntarily” agree to being monitored to use the prison’s email system to communicate with their lawyers. The bill would in most cases block the Bureau of Prisons from monitoring the emails.

Bipartisan bill would boost satellite cybersecurity (The Record)

Government scan

FBI, US agencies look beyond indictments in cybercrime fight (Associated Press)

Biden’s cyber chief wants to help software developers code better and Americans click smarter (Politico)

Biden official endorses effort to move pipeline cybersecurity regulation to DOE (NextGov)

California auditor calls tech bureau 'slow' on cybersecurity (StateScoop)

Global cyberspace

Interpol arrests 11 alleged members of Nigerian scam syndicate 'SilverTerrier' (CyberScoop)

Securing the ballot

U.S. Senate candidate files pair of lawsuits in Wisconsin over ballots and voting machines (Milwaukee Journal Sentinel)

Cyber insecurity CEO confirms hundreds of accounts were hacked, hedges on other details (The Verge)

FBI says crooks are using fake QR codes to steal money (CNN)


  • Australian Ambassador for Cyber Affairs and Critical Technology Tobias Feakin and former Estonian Ambassador-at-large for Cyber Diplomacy Heli Tiirmaa-Klaar discuss accountability in cyber norms at a Center for Strategic and International Studies event today at 9 a.m.
  • The House Oversight and Reform Committee holds a hearing on the federal government’s IT purchasing law today at 10 a.m.
  • A House Homeland Security Committee panel holds a hearing on threats to election infrastructure today at 2 p.m.
  • The Cyber Threat Alliance hosts a webinar for its fifth anniversary on Jan. 24 at 10 a.m.

Secure log off

Thanks for reading. See you tomorrow.