New Naval Strategy, Not Cyberwar: China’s State-Sponsored Maritime Cyber Operations

Abstract

This paper analyzes state-sponsored cyber operations by the People’s Republic of China (PRC) against the global maritime sector from 2015–2025. It moves beyond isolated technical analysis to frame these campaigns as a coherent strategic logic. Using a structured, focused comparison of three PRC-linked intrusion sets—Volt Typhoon, APT40, and Mustang Panda—this analysis assesses their operational characteristics against prominent cyber strategy theories, including capability-intensity barriers, the intelligence-contest logic, and persistent engagement. The findings demonstrate a consistent pattern of behavior across all three cases: operations are capability-intensive, espionage-forward, and prioritize secrecy over overt signaling. This contrasts with other state actors who have used disruptive signaling in the maritime domain. We argue this pattern is explained by Smeets’ capability-scarcity logic: high-capability maritime accesses are too costly to expend on peacetime signaling. This behavior aligns with PRC doctrinal concepts of "informationized warfare" which prize system-mapping and pre-positioning. The paper concludes by reframing this activity not as "cyberwar" but as a form of "new naval warfare"—a persistent, below-threshold competition for control over the core components of seapower.