Australia China Cybersecurity European Union Japan NATO Non-Traditional Threats Politics & Diplomacy Rule of Law Security & Defense Technology & Innovation United Kingdom United States and Canada
Fast Thinking July 19, 2021

FAST THINKING: A turning point on Chinese hacking

By Atlantic Council


The blame game just got serious. On Monday, the United States, NATO, the European Union, the United Kingdom, Canada, Japan, Australia, and New Zealand jointly accused the Chinese government of hacking Microsoft Exchange servers earlier this year, among other malicious cyber activities. What does NATO’s buy-in mean for the world’s response to Chinese hacking? What tools do these allies have to fight back? Our experts messaged us (securely) with the answers.


  • Trey Herr: Director of the Scowcroft Center’s Cyber Statecraft Initiative and former senior security strategist with Microsoft
  • Christopher Skaluba: Director of the Scowcroft Center’s Transatlantic Security Initiative and former principal director for European and NATO policy at the US Defense Department

Statement of purpose

  • Monday’s White House statement lays out how China’s Ministry of State Security collaborated with private hackers to execute a breach of Microsoft Exchange accounts that impacted more than 140,000 servers this spring, mostly of small and medium-sized businesses.
  • “Developing the public’s awareness of the relationships between Chinese state entities and criminal groups (and their often fuzzy delineation) is useful,” Trey says. “What’s less clear is how this reframing leads to concerted action on the international stage.”
  • The US Department of Justice also recently unsealed charges against three Chinese government officials, along with a private hacker, over attempts to steal research into the Ebola virus, among other information. But Trey contends that allied governments should open up their broader toolbox, possibly including “follow-on sanctions or new restrictions on Chinese state companies or personnel, in line with what’s been announced against Russia,” as well as “financial penalties for firms that participate in these activities” or benefit from them.
  • Any response will have to be calibrated carefully, Safa notes, as the United States and its allies encounter a gray area of cyber hostilities. “This is a good time for policymakers to think long and hard about what is a state operation versus a non-state operation, and, more importantly, examine the role of non-state contractors in executing state-backed operations,” she says. “The Biden administration should expect to see more of this type of activity and the blurring of the line between state and non-state actors in cyberspace.” 
  • One element of the statement that you might have missed? Acknowledgment that the National Security Agency worked with Microsoft to patch up its software. “This is now a recent pattern of public disclosures of software vulnerabilities and a positive trend with the functioning of the government’s Vulnerability Equities Process,” which helps determine whether the government reveals a software vulnerability, Trey adds.  

Subscribe to Fast Thinking email alerts

Sign up to receive rapid insight in your inbox from Atlantic Council experts on global events as they unfold.

  • This field is for validation purposes and should be left unchanged.


  • Rallying so many allies to the cause of countering China is “an impressively smart act of policy and diplomacy” by the administration of US President Joe Biden, Chris tells us. “In one fell swoop, it found a tangible issue around which to bridge recent US-EU, NATO-EU, and UK-EU divides, worked out a way for NATO to engage on China while building up NATO’s ‘political’ role, linked transatlantic and transpacific allies, and stressed NATO’s relevance to modern security challenges.” 
  • Trey agrees that EU involvement is “great” but adds that “nothing in the announcement binds these partners or allies to action. And directly involving key member states, like Germany, the Netherlands, and France, would have been more influential.”

The fierce urgency of NATO

  • By weighing in on this matter, Chris says, NATO is responding to persistent questions about the Alliance’s ability to unite its thirty members around deterring China’s aggressive actions. “In classically passive-aggressive NATO fashion,” he observes, NATO’s statement points to how allies have blamed China for the hacks, rather than pointing the finger itself.
  • “Nevertheless,” Chris says, “it is an unusual and unmistakable rebuke of China and one that undercuts Beijing’s careful cultivation of European clients through aggressive infrastructure investments (e.g. in Greece and Italy) and regional diplomatic arrangements like the 17+1. On top of recent sanctions related to human-rights abuses [in Xinjiang province], this signals that European scrutiny of China is on the rise.”
  • When NATO Secretary-General Jens Stoltenberg appeared at the Atlantic Council last month, he stressed that the Alliance’s Article 5 collective-defense pact applied to cyberattacks. “Today’s statement is a natural extension of that policy, clearly signaling that NATO is deterring threats and preparing to defend its members across all domains of warfare and against all adversaries,” Chris notes.
  • But Safa points out that a cyber Article 5 “still has yet to be invoked and such a commitment would be challenging to follow through on. For now, joint attribution and collective statements will have to suffice and potentially mobilize member states to invest in their cybersecurity capacity and defenses.”   

Further reading

Related Experts: Trey Herr, Safa Shahwan Edwards, and Christopher Skaluba

Image: Computer code is seen on a screen above a Chinese flag in this July 12, 2017 illustration photo. Illustration by Thomas White/Reuters