By Winnona DeSombre Bernsen
If the United States wants to increasingly use offensive cyber operations internationally, does it have the supply chain and acquisition capabilities to back it up—especially if its adversary is the People’s Republic of China?
The Cyber Statecraft Initiative’s new report from CSI nonresident fellow Winnona DeSombre Bernsen, Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace, is the first to conduct a comparative study within the international offensive cyber supply chain, comparing the United States’ fragmented, risk-averse acquisition model with China’s outsourced and funnel-like approach.
Strategic competition between the United States and China has long played out in cyberspace, where offensive cyber capabilities, like zero-day vulnerabilities, are a strategic resource. Since 2016, China has been turning the zero-day marketplace in East Asia into a funnel of offensive cyber capabilities for its military and intelligence services, both to ensure it can break into the most secure Western technologies and to deny the United States from obtaining similar capabilities from the region. If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
Washington, DC: Atlantic Council, 2025. 44p
