Nations are now waging war with code, not missiles. Chapter 3 of The Digital Siege explores how China’s cyber espionage, rising attacks on infrastructure, and ransomware campaigns mark a new era of economic warfare. Democracies scramble to respond while authoritarian regimes act at scale.
Building from Chapter 2's exploration of the AI arms race, we now turn to how these technological capabilities have become weapons in a new form of warfare—one where nations battle not with tanks and missiles, but with code and data. This is the story of how cybersecurity became the primary theater for 21st-century geopolitical competition.
Let's start with an unprecedented moment that should have sent shockwaves through every government and boardroom worldwide. In October 2023, the intelligence chiefs of the Five Eyes alliance—the most secretive spy agencies on Earth—did something they'd never done before: they appeared together publicly in Silicon Valley to issue a stark warning about China's cyber espionage campaign. As Reuters reported, these intelligence leaders warned that China was conducting
"the most sustained and sophisticated theft of intellectual property in human history."
But here's what makes this genuinely terrifying: they weren't just talking about stealing military secrets. They were describing systematic economic warfare targeting the very foundations of democratic societies—from banking systems to power grids, from healthcare networks to the data centers that power our digital economy.
When FBI Director Christopher Wray, CIA Director William Burns, and their counterparts from Britain, Canada, Australia, and New Zealand stepped into the spotlight together, they weren't engaging in diplomatic theater. They were sounding an alarm about what CISA and FBI investigations have since confirmed: "a broad and significant cyber espionage campaign" by China that has compromised multiple telecommunications companies, stolen customer call records, and accessed private communications of government and political figures.
The numbers tell a chilling story. As the Center for Strategic and International Studies documented, South Korean institutions alone saw cyberattacks surge 36% between 2022 and 2023, reaching 1.6 million incidents. Meanwhile, detected cyberattacks against U.S. targets exploded by 136% between October 2024 and April 2025. This isn't random criminal activity—it's coordinated economic warfare.
Here's where Splunk's survey of 2,058 security leaders globally reveals a disturbing paradox: the greatest threat to our cyber defenses may not be external adversaries, but internal inefficiency. Their research shows that 46% of security teams spend more time maintaining their tools than actually defending against threats. Think about that for a moment—while China, Russia, and Iran are conducting sophisticated campaigns against critical infrastructure, nearly half of our defenders are stuck doing digital housekeeping.
This extends beyond an IT problem; it's a national security crisis. When thousands of critical organizations—banks processing millions of transactions, hospitals managing patient data, utilities controlling power grids—have compromised security operations, it creates systemic vulnerabilities that adversaries can exploit at scale. As one security leader told Splunk researchers, "We're losing the investigation time due to data management gaps," with missed incidents costing an average of $540,000 per hour.
The Carnegie Endowment's analysis of Russia's cyber operations in Ukraine reveals something crucial about how authoritarian regimes approach cyber warfare differently than democracies. Russia doesn't distinguish between "cyber" and "information warfare" the way Western nations do. Instead, they view cyberspace as one integrated battlefield where technical attacks, disinformation campaigns, and psychological operations work together to achieve strategic objectives.
This creates what intelligence analysts call the "democratic disadvantage." While democratic nations debate privacy rights, legal frameworks, and oversight mechanisms, authoritarian regimes operate with unified command structures and fewer constraints. As the CSIS analysis notes, effective cyber situational awareness requires "sophisticated data collection methodologies" and "well-organized information management systems"—capabilities that authoritarian states can deploy more rapidly and comprehensively.
Barclays Corporate's research reveals how this geopolitical competition plays out in the financial sector, where ransomware has become "the biggest cyber threat to UK businesses." But this isn't just about criminal gangs seeking quick profits. When 25% of organizations that pay ransoms still don't retrieve their stolen data, and when attacks systematically target banking, healthcare, and critical infrastructure simultaneously, we're looking at economic warfare designed to undermine confidence in democratic institutions.
Steve Howells, Threat Intelligence lead at Barclays, underscores the urgency:
“The cyber threat landscape is evolving rapidly in the current economic and geopolitical environment, with cybercriminals becoming more innovative, sophisticated and motivated in their efforts to exploit vulnerabilities. Collaborating with others and building a security-conscious culture are essential elements in an organisation’s defence against cybercrime.”
The targeting is surgical and strategic. China's Ghost (Cring) ransomware actors, as CISA documented in February 2025, conduct "widespread attacks" specifically designed to disrupt operations and steal sensitive data. When combined with the telecommunications infrastructure compromises that FBI and CISA revealed, this creates a comprehensive intelligence-gathering and disruption capability that can be activated during geopolitical crises.
Canada's 2025 G7 presidency has attempted to coordinate a democratic response through what they call "digital resilience" initiatives. The Atlantic Council's analysis suggests three critical areas: developing common language for cyber threats, establishing multilateral frameworks for response, and implementing pilot projects for information sharing.
But here's the sobering reality: while democratic allies debate frameworks and pilot projects, authoritarian adversaries are already operating at scale. The EU's recognition of its dependence on U.S. cyber capabilities—highlighted when temporary American funding threats to online security programs exposed Europe's vulnerabilities—demonstrates how fragmented the democratic response remains.
In the Asia-Pacific, Australia has emerged as a crucial coordinator for democratic cyber defense. As Assistant Minister Tim Watts stated, "Building resilience to cyber threats is an urgent, global priority—both at home and in our region." Australia's SOCI Act represents one of the most comprehensive public-private partnership models for critical infrastructure protection, while their Cyber RAPID Teams provide incident response capabilities across the Pacific.
The Australian Strategic Policy Institute's research on state-sponsored economic cyber espionage reveals the scope of the challenge. China's systematic targeting of intellectual property—what Five Eyes intelligence chiefs called "theft on an unprecedented scale"—represents a fundamental threat to the innovation ecosystems that underpin democratic prosperity.
What makes this geopolitical cyber battlefield so dangerous is how quickly local incidents can cascade into national crises. When DP World Australia's ports were compromised, stranding 30,000 containers and disrupting 40% of the country's container trade, it demonstrated how a single successful attack can trigger supply chain disruptions with global implications.
Similarly, when Canadian airports faced coordinated DDoS attacks from Russian-sponsored NoName groups, or when WestJet's systems were compromised, these weren't isolated incidents—they were probing attacks testing response capabilities and identifying vulnerabilities for future exploitation.
The geopolitical cyber battlefield represents a fundamental shift in how nations compete and conflict. Unlike traditional warfare, cyber operations blur the lines between peace and war, criminal activity and state action, domestic security and international relations. As we've seen from the systematic targeting of manufacturing systems, financial networks, and critical infrastructure, this isn't about isolated cyber incidents—it's about comprehensive campaigns designed to undermine the economic and social foundations of democratic societies.
The question isn't whether this cyber warfare will intensify—it's whether democratic nations can develop the coordination, capabilities, and resolve to defend themselves effectively. As we'll explore in Chapter 4, the manufacturing sector has become a particularly critical battleground in this conflict, where the convergence of AI, operational technology, and global supply chains creates unprecedented vulnerabilities that adversaries are systematically exploiting.
Reuters. "Five Eyes intelligence chiefs warn on China's 'theft' of intellectual property." October 19, 2023.
CISA. "Joint Statement from FBI and CISA on the People's Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure." November 13, 2024.
Splunk. "State of Security 2025." 2025.
Center for Strategic and International Studies. "Criteria for Cyber Situational Awareness." 2025.
Carnegie Endowment for International Peace. "Cyber Operations in Ukraine: Russia's Unmet Expectations." December 2022.
Barclays Corporate. "Ransomware Attacks: Prevent attacks from skyrocketing." 2025.
Australian Strategic Policy Institute. "State-sponsored economic cyber espionage for commercial purposes: governmental practices." 2025.
Atlantic Council. "G7 leaders have the opportunity to strengthen digital resilience—here's how they can seize it." 2025.
As tech moguls pour billions into AI, cybercriminals are close behind—building dark AI like WormGPT to automate attacks. Chapter 2 of The Digital Siege reveals how this escalating arms race, fueled by open-source models and geopolitical tension, is redefining global cybersecurity.
Asia-Pacific faces escalating cyber threats: Qantas breach exposes 6M records, ransomware surges 57%, Japan doubles cybersecurity workforce by 2030. Singapore implements anti-scam laws, Indonesia establishes AI task force. Aviation sector under coordinated attack by Scattered Spider group.
Qantas has confirmed a cyberattack exposing data from six million customers. Cybersecurity experts link the breach to the Scattered Spider group, known for targeting critical infrastructure. The incident highlights rising threats across the global aviation sector.
Cybercrime now targets people, not just systems. Chapter 1 exposes how hackers exploited human error at Marks and Spencer, triggering a £300 million breach. As AI adoption rises, trust and identity become the new battlegrounds—and our greatest vulnerability.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
