Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

McCrary’s ‘Code Red’ distills China’s cyber threat – and the playbook behind it

(McCrary Institute)

By Don Kauffman

China’s government isn’t just spying online. It’s positioning itself inside the U.S. systems that move fuel, route trains, carry calls and keep the lights on – access it could use to disrupt America in a crisis. Released as Washington zeroes in on the U.S.-China relationship this week, “Code Red: A Guide to Understanding China’s Sophisticated Typhoon Cyber Campaigns” clearly lays out how these operations work and why they matter now.

Much of the raw reporting on these actors has been public for years. What’s new here is the translation: “Code Red” centralizes and explains sprawling, highly technical material so policymakers and infrastructure owners can cut through the noise and act. Taken together, the campaigns it highlights represent a new phase: long-term, covert access to infrastructure systems that Beijing could exploit at will in a crisis. The paper also explicity details the everyday stakes: keeping fuel moving, cargo flowing, hospitals operating and the grid stable.

On a corresponding episode of the Cyber Focus podcast, McCrary Institute Director Frank Cilluffo and the report’s co-chairs – Rear Adm. Mark Montgomery (ret.), Brad Medairy and Bill Evanina – explained how these campaigns fit into Beijing’s broader strategy and what the U.S. should do next. 

“Nearly every day brings a new headline about China’s cyber threats – so many that if you blink, you might miss one,” Cilluffo said. “These campaigns reflect a deliberate strategy by the Chinese Communist Party to gain advantage across military, economic and diplomatic fronts – not only to steal secrets, but to hold critical infrastructure at risk. … This paper seeks to define, in plain terms, the scale of the threat and aims to spark the discussion and action needed to protect our nation.”

THE CHINA THREAT: INSIDE PRC TARGETING OF U.S. INFRASTRUCTURE AND SECURITY

From telecommunications attacks to compromising operational technology and challenging the United States in technological advances, Threat Beat takes you inside the threats posed by China with comprehensive coverage and exclusive video. READ MORE

The report’s organizing lens is simple enough for non-technical readers: three related “Typhoon” campaigns that illustrate intent and tradecraft. Volt Typhoon focuses on quiet, long-term access to prepare the battlefield and hold lifeline services at risk. Salt Typhoon infiltrates telecom networks to expose who is being tracked and how communications move. Flax Typhoon prioritizes staying hidden across enterprise, cloud and connected devices – collecting data now while preserving options for disruption later.

The co-chairs underlined how the threat has evolved and why it’s unique. “Each year we can say the threat has grown. And I would say the leading driver of that growth in the cyber threat environment in the United States is China,” Montgomery said. 

Medairy framed the campaigns as power projection, not one-off hacks, that will only increase as new AI tools are brought online. “They’re going to be able to deliver [offensive] effects and capabilities at pace that we never imagined,” he said. 

Evanina stressed intent and signaling: “I think the Chinese want not only us, but they want the world to know that they’re inside… Xi wants… the world to know that he can do this.” He said the country isn’t prepared for what China can do against the U.S. mainland in a conflict. “We’re not ready. We’re nowhere near ready,” he warned. 

Policy-wise, deterrence hasn’t kept up. Public attributions and indictments haven’t changed behavior. The authors emphasize execution: detect at the campaign level (tie events together, don’t fight them one by one), share actionable intelligence faster at unclassified levels so operators can use it, and invest in resilience so lifeline systems fail safely, not catastrophically. Because most critical infrastructure is privately owned, the report calls the necessary response a team sport across federal, state, local and industry partners – with clearer expectations and incentives to drive the highest-impact fixes.

Montgomery ties national will to personal impact: “Until people believe that [China’s cyber campaign] matters to them, we’re not going to get the kind of actions we need.” That is the point of the plain-spoken approach of “Code Red”: name the campaigns, show what they aim to do and focus scarce resources before a crisis forces the lesson.

Click to listen highlighted text!