google.com, pub-8701563775261122, DIRECT, f08c47fec0942fa0
Australia

Why is there so little diplomatic action on Chinese state-sponsored hacking?

Why is there so little diplomatic action on Chinese state-sponsored hacking?

C.Paul Budde writes that cyber espionage exists in a region where power politics overrides norms, economic dependence limits practices, and international law has not kept pace with technology.

ALMOST EVERY DAY, another report emerges describing how Chinese state-backed actors hacked a government agency, infiltrated a software supply chain, or quietly embedded themselves into critical digital infrastructure. Sometimes it may be a defense contractor, sometimes a university, sometimes a healthcare institution, a port operator or a telecommunications system.

The pattern is now so familiar that it hardly causes alarm.

What is even more striking is that if governments trust Chinese state-linked actors enough to publicly release their names, why is there so little sustained diplomatic pressure on the Chinese government to stop sponsoring them?

This question goes far beyond cybersecurity. It literally cuts across how diplomacy works, or increasingly fails, in the digital age.

Australia is not a spectator. Australian universities have repeatedly been the target of research theft. Government departments, defense-related contractors and critical infrastructure operators have all been warned of persistent cyber attacks. in 2020 A massive cyber campaign against Australian institutions It was officially attributed to a “sophisticated state-based actor” and was widely understood to mean China.

Recently, attention has turned to supply chain compromises. Rather than dramatic attacks, these involve silently infiltrating commonly used software products, updates, and cloud services and gaining long-term access that can go undetected for years. These intrusions are much more strategically valuable and much more difficult to counter.

Beyond carefully worded statements, diplomatic responses remain muted.

Western governments now openly attribute cyber operations to China. Groups linked to the Chinese state are routinely identified in joint statements by partners such as the United States, the European Union, NATO and Australia. Indictments are being announced. Sanctions are imposed from time to time.

But behaviors do not change.

The main problem is that citations become cheap and implementation remains weak. Cyber ​​espionage occupies a gray zone. Hostile but not war. It is intrusive but not clearly illegal under international law. It is extremely harmful but is generally not visible to the public.

There is no global cyber equivalent of the International Atomic Energy Agency (IAEAMonitoring nuclear activity through inspections and enforceable rules. In cyberspace, there is no binding agreement with the authority to verify, no oversight regime, and no neutral authority that can enforce state behavior. The reference is political, not legal, and China continues by denying responsibility.

From Beijing’s perspective, cyber espionage is not a criminal behavior but normal statecraft. All major powers are conducting cyber operations. Revealed by the United States’ global surveillance programs Edward SnowdenIt remains a convenient counterargument when China is accused of wrongdoing. In this context, Chinese officials see Western complaints not as principled objections but as selective anger.

China also makes a clear distinction between cyber espionage and cyber warfare. Gathering intelligence, even on a large scale, is considered legitimate. There is no international legal framework that explicitly prohibits this, and certainly not one that is difficult to enforce. As long as cyber operations remain below the threshold of kinetic conflict, Beijing correctly calculates that diplomatic protests will remain largely symbolic.

The next war is about computing – and Australia isn't ready

There is another constraint that governments are reluctant to acknowledge: economic dependence. Australia’s experience should have dispelled any remaining illusions. Beijing has demonstrated a willingness to use trade as a political weapon. This reality shapes every diplomatic calculation. Public attribution is one thing. Sustained pressure that creates the risk of economic retaliation is another.

The result is a familiar pattern: strong language, limited action, and a quick return to business as usual.

That’s why governments give importance to defense. Systems have been hardened. Networks are divided into segments. Detection has been improved. This is necessary, but also fundamentally limited. No system can be secured indefinitely against well-resourced, state-sponsored actors. Given enough time, financing and access to supply chains, defenses will be overcome.

Erection does not stop attackers; changes the economics of the attack. It increases costs, slows progress and limits damage. It saves time. However, it cannot provide permanent exclusion. Treating cybersecurity as a purely technical problem creates a dangerous illusion of control.

This asymmetry is in favor of the attacker. An attacker can examine thousands of systems; defenders must secure everything. Attackers choose the time and method; The defenders react. For state actors, success does not require complete compromise. Permanent access, optionality, and future leverage are sufficient.

Another disturbing fact further weakens diplomatic resolve: China is not alone. Russia, Iran, North Korea, Israel and the USA are conducting cyber operations. What makes China different is not its moral uniqueness, but its scale, determination and alignment with the national industrial strategy. No state is willing to quietly justify retaliation against practices on which it relies.

Energy and sovereignty, not algorithms, will decide Australia's AI future

In practice, governments have accepted that cyberespionage cannot be stopped diplomatically. The response has shifted towards strengthening critical infrastructure, reducing supply chain exposure, and improving intelligence sharing. This is not diplomacy; is damage control.

For Australia, this raises a deeper question. As I mentioned earlier, how can a country claim digital sovereignty when it has virtually no control over data infrastructure, cloud platforms, software supply chains or identity systems? Europe has begun to grapple with this problem, at least through regulatory frameworks. Digital Services Act. Australia largely did not.

So why is there so little diplomatic action against Chinese state-sponsored hacking? Because cyber espionage exists in a region where power politics overrides norms, economic dependence limits practices, and international law cannot keep up with technology.

Strengthening defenses is necessary but not decisive. State-sponsored hacking will continue until cyber operations incur real diplomatic, economic or strategic costs.

The real question for Australia is not why diplomacy has failed, but whether we are ready to rethink sovereignty in a constantly contested digital world.

Paul Budde IA is a columnist and managing director of independent telecommunications research and consultancy. Paul Budde Consulting. You can follow Paul on Twitter @PaulBudde.

Support independent journalism Subscribe to IA.

Tags

Related Articles

Best of cartoons, January 1, 2026

Best of cartoons, January 1, 2026

December 31, 2025
Instagram to use AI to detect teens who lie about their age to access adult account settings

Instagram to use AI to detect teens who lie about their age to access adult account settings

September 22, 2025
‘Screaming’: “Parents speak out on alleged horror in childcare centres

‘Screaming’: “Parents speak out on alleged horror in childcare centres

August 24, 2025
Campaign group calls on Musk, Google to fund High Court challenge

Campaign group calls on Musk, Google to fund High Court challenge

November 27, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button