HomeOffice of Sponsored ProgramsResearchArticle Display


China's Critical Cyber Vulnerabilities

  • Published
  • By US Cyber Command
  • US Cyber Command

TOPIC SPONSOR: US Cyber Command

What are the critical cyber vulnerabilities and weaknesses of the CCP/PLA? What are critical weaknesses and vulnerabilities in Chinese military networks?

  • ​Awoke, LTC Zelalem, "Zero Day: An Offensive Opportunity," AWC SSP, 2021, 24 pgs. 
    • Addresses the vulnerabilities associated with the CCP's broader cyber and telecommunications networks, specifically their 5G architecture. The paper explains that China's civil-military fusion policy closely integrates private sector technology, like Huawei and ZTE 5G networks, with military capabilities. However, the author notes that this reliance creates a "zero-trust environment" that presents a strategic offensive opportunity for the United States; by utilizing "zero-day" offensive cyber capabilities, the U.S. can penetrate, attack, and exploit these Chinese technological frameworks to defend against intrusion and combat their cyber espionage efforts.
  • Bishop, Lt. Col. Jeremy D., "Implications of Artificial Intelligence in Future Conflict with China," AFGC thesis, 2024, 79 pgs. 
    • Explicitly identifying vulnerabilities within China's artificial intelligence algorithms and cyber capabilities. It notes that despite the People's Liberation Army's (PLA) significant advancements in utilizing AI for strategic influence and deterrence, China's own AI systems face severe cyber risks, including susceptibility to data manipulation and infrastructure attacks. The author warns that these exposed algorithmic vulnerabilities could ultimately lead Chinese leadership into making strategic miscalculations during critical conflict scenarios.
  • Cassidy, LtCol Michael R., "Space Electronic Warfare: Role of the United States Space Force in Integrated Deterrence," AWC SSP, 2022, 34 pgs. 
    • Identifies the PLA's absolute reliance on information dominance and centralized command and control as a critical vulnerability. The author argues that Chinese military strategy is highly dependent on space-based Intelligence, Surveillance, and Reconnaissance (ISR), Position, Navigation, and Timing (PNT), and communications networks to make rapid, centralized decisions. If these networks are denied or degraded through space-based electronic or cyber warfare, the Chinese military would be forced into decentralized command and control—a paradigm they do not regularly train for, which would induce crippling informational friction and hinder their ability to win a conflict.
  • Danko, LTC Eric, "Officer and Enlisted Quality Comparison in the US and PLA," AWC EL (The Chinese Warfighter), 2021, 12 pgs. 
    • Identifies vulnerabilities in Chinese military networks by exploring the catastrophic human and operational consequences of losing those communications. The paper highlights that the PLA's highly centralized command system heavily restricts the freedom of action of its lower-level commanders. If network communications are lost or degraded in a cyber-contested environment, the PLA's lack of training in decentralized "mission command" becomes a severe weakness, as officers and enlisted personnel are neither empowered nor trained to take the initiative or make independent operational decisions without explicit orders from higher authorities, likely resulting in mission failure.
  • Hunt, Joshua D., "New Assessment of Sino-US Defense Industrial Base Resilience, 1991-2035," AF Fellows, 2020, 30 pgs. 
    • Highlights the vulnerabilities within China's high-tech and cyber defense industrial base. Hunt notes that the CCP's centralized control over private industry creates inefficiencies and misperceptions about how to foster genuine innovation. As a result, the most lethal threat to the PRC's technological future is its continued reliance on appropriating foreign intellectual property and innovations. If the PRC cannot achieve true self-innovation, its cyber and technological advancements will remain perpetually vulnerable to supply chain disruptions and international economic constraints.
  • Merkle, Thomas, "China's AI Sputnik Moment and the US Position as of September 2020," AWC EL, 2020, 12 pgs. 
    • ​​​​​​​Merkle answers the question by identifying three major weaknesses the PLA faces in integrating and implementing advanced cyber and Artificial Intelligence (AI) capabilities. Citing a study by the Georgetown Center for Security and Emerging Technology, Merkle points out that the PLA suffers from an unavailability of high-powered computing hardware due to its reliance on imported processors. Additionally, the PLA is hindered by poor technical literacy among its service members and a lack of adequate, high-quality data required to train machine learning models for military applications.
  • Mitchell, Lt. Col. Eli G., "Comparing the Chinese and US Militaries," AWC EL (Chinese Warfighter), 2020, 10 pgs. 
    • ​​​​​​​Mitchell addresses the question by pointing out the structural vulnerabilities in the PLA's command and control (C2) networks. Because the PLA utilizes a rigid, dual command structure and lacks a culture of decentralized mission command, it relies heavily on heavily-prescribed, "built-in" C2 networks. Mitchell argues this creates a critical vulnerability, as multiple, simultaneous attacks could easily overwhelm and temporarily paralyze the PLA's command structure, preventing it from functioning in the unified fashion it envisions and providing an opening for adversaries to operationally exploit.
  • Norris, Lt. Col. Victor, "Countering Unrestricted Warfare: Preparing to Compete against China's Actual Strategy," AWC SSP, 2020, 37 pgs. 
    • ​​​​​​​Identifying the CCP’s strict internal information control as a critical vulnerability that can be exploited via cyberspace. Because the CCP's regime stability relies on erasing historical events and suppressing dissent, its greatest fear is a "digital social invasion". Norris argues that the United States can exploit China's proliferation of global 5G cellular networks to bypass its cyber defenses and push truthful strategic communications and suppressed information directly to the Chinese population and unreachable audiences, thereby threatening the internal stability of the party.
  • Odom, Maj. Richard K., "Russia & China's EMS and Cyber Maneuver: Different Histories, Complimentary Strategies," ACSC CAOSS, 2025, 14 pgs. 
    • ​​​​​​​Addresses the question by focusing on the organizational and integration vulnerabilities of China's cyber forces. It argues that because China's cyber strategy relies heavily on civilian hackers and state-owned enterprises for long-term espionage, their command structure has developed a "functional differentiation and bifurcation of civilian and military elites". Because the PLA has not engaged in a conventional conflict since the inauguration of its dedicated cybercommand, the author questions their actual capability to synergize this vast civilian cyber apparatus with conventional military operations, assessing that the PLA would face significant difficulties adapting their non-conventional cyber capabilities during a rapid conflict.
  • Repka, Capt. Gregory, "War of Words: Understanding and Defending against Chinese Disinformation Campaigns," SOS AUAR, 2021, 7 pgs. 
    • ​​​​​​​Analyzes the vulnerabilities created by the CCP's extensive cyber censorship and monitoring networks. Repka argues that while systems like the Great Firewall and the Social Credit System provide internal control, they create massive vulnerabilities by stopping the free flow of information and critical thinking necessary to foster economic innovation. By suppressing free will and reducing the credibility of the internet, China's strict cyber control mechanisms create significant economic and societal vulnerabilities that threaten to ultimately divide the country from within.
  • Roe, Maj. Eric, "China's First Strikes," ACSC Cyber, 2025, 11 pgs. 
    • Highlights structural weaknesses within Chinese military networks by pointing out that the PLA struggles with many of the same complex information issues that plague the U.S. Department of Defense. Specifically, the paper notes that the PLA recently dissolved its Strategic Support Force and established the Information Support Force (ISF) to address critical shortfalls in their network information systems. This reorganization was necessary because the PLA's military networks suffer from software and hardware incompatibility, poor information sharing across different military services, and overall information management challenges that hinder their ability to execute integrated "systems confrontation" warfare.
  • Smith, Maj. Michael A., "Chinese Capacity to Conduct a Joint Forcible Entry of Taiwan Viewed through Materiel Acquisitions," SAASS thesis, 2023, 109 pgs. 

    • While analyzing China's multidomain advancements, this paper identifies fundamental weaknesses within the PLA's organizational structure that impact its network and joint operations capabilities. The study notes that the Chinese armed forces face obstacles in achieving true joint operations capability due to human capital shortcomings, including insufficient technical proficiency, a lack of education, and rampant corruption. These deficiencies directly threaten their command and control networks, training, and combat support functions, creating systemic vulnerabilities that undermine the PLA's aspirations for seamless, multidomain "informatized" warfare.      

  • Tonner-Robinson, Maj. Megan et al, "Preparing the Battlespace: The Potential for Conventional War between the US and China," ACSC paper, 2021, 14 pgs. 
    • ​​​​​​​Answers the question by assessing the cyber domain as a primary kinetic warfighting arena where Chinese military networks serve as an attractive Center of Gravity (COG) for U.S. forces to attack. The authors note that the PLA's network-enabled weapons and command and control links are vulnerable to cyberwarfare, which would cause a sharp and sustained degradation in their military operability. Furthermore, the paper highlights that vulnerabilities in Chinese military networks could easily spill over into their civilian and economic sectors, resulting in widespread cyber-attacks that could cost China's economy hundreds of billions of dollars.
  • Worrell, Lt. Col. Ryan J., "EW and Cyber Convergence: Beyond Information Warfare," AF Fellows (DARPA), 2020, 31 pgs. 
    • Details critical weaknesses in closed military networks, such as the Integrated Air Defense Systems (IADS) and airborne networks utilized by adversaries like China. The paper explains that while these enemy networks are typically isolated from the commercial Internet, they are still highly vulnerable to cyber-attacks delivered via the Electromagnetic Spectrum (EMS). The author points out that the easiest way to access and dismantle an adversary's closed IADS or aircraft network is by using friendly aircraft with line-of-sight and proximity to detect the EMS portions of the network, allowing U.S. forces to insert cyber-effects directly into the enemy's wired medium.