Are Trade Concerns Trumping US Cybersecurity? - Dark Reading

Cyber RiskCybersecurity OperationsThreat IntelligenceInsider ThreatsNewsAre Trade Concerns Trumping US Cybersecurity?The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.Robert Lemos,Contributing WriterDecember 12, 20254 Min ReadSource: helloRuby via ShutterstockThe US government has reportedly scuttled plans to sanction China's Ministry of State Security for its role in the Salt Typhoon attacks that targeted telecommunications firms, deciding instead to favor ongoing trade negotiations with China.Taken along with the recent reports that the United States will allow Nvidia to export its second-most-powerful artificial intelligence chip — the H200 processors — to China, critics claim that the US government is sacrificing cybersecurity as a trade negotiation sweetener, a recent news report from the Financial Times states.On the diplomatic and economic side, the moves certainly feel ad hoc and transactional, says Antoine Harden, regional vice president of federal for secure software development firm Sonatype. "Cyber-related sanctions and export controls are getting folded into broader negotiations on fentanyl, trade balances, and industrial policy," he says. "That makes cyber tools look like just one more chip at the table instead of a clear line about acceptable behavior in cyberspace."Related:Cyberattackers Don't Care About Good CausesHowever, recent history shows existing sanctions haven't been  a particularly effective tool to deter nation-state cyberattacks against the US and its allies. Between Russia's increased use of cyber operations during its invasion of Ukraine and the rising activity from China, conflict in the cyber domain has heated up. The Salt Typhoon advanced persistent threat (APT) group initially targeted about a dozen Internet service providers and telecommunications firms, stealing sensitive data and gaining a backdoor into critical infrastructure. The victim count now stands at more than 200 companies in 80 countries.The US government has responded with sanctions against individuals and organizations linked to the attack. By now easing those sanctions, there is a concern that it signals that cybersecurity is being deemphasized by the Trump administration. In addition to dropping sanctions against the threat actors behind the telecom breaches, earlier this year, Brendan Carr, the chairman of the Federal Communication Commission, dropped Biden-era cybersecurity regulations placed on telecommunications firms following the Salt Typhoon attacks to shore up network defenses. It's important to note that the Trump administration is not alone in using sanctions as a bargaining chip for trade or diplomatic concessions. In 2023, the Biden administration removed the Institute of Forensic Science (IFS) from a trade-sanctions list for, among other violations, its alleged surveillance abuses against the Uyghurs and other minority group. The move was not about the risks disappearing — the delisting concerned many human-rights activists — but about securing cooperation on fentanyl precursors, says Antoine Harden, regional vice president of federal for secure software development firm Sonatype.Related:Why Post-Quantum Cryptography Can't WaitSanctions Aren't Enough to Stop Compromises "You can see a clear pattern of sanctions being treated as a bargaining chip rather than a consistent part of cyber strategy," Harden says, pointing to claims that the IFS had conducted cyber-surveillance of the minorities. "The bigger problem is what this says to adversaries: economic sanctions are negotiable."Yet, the diplomatic field is but one arena. No matter what is promised diplomatically, neither the United States nor China — nor Russia or Iran, for that matter — will likely ease up on their offensive and defensive cyber operations, says Adam Darrah, vice president of intelligence for cybersecurity firm ZeroFox and an eight-year veteran analyst of the Central Intelligence Agency."China will continue to carry on hyper-aggressive cyber-intrusion and espionage campaigns against the United States regardless of how they're designated," he says. "The United States, in the same vein, will continue from an intelligence perspective, off both offensive and defensive."Related:What Orgs Can Learn From Olympics, World Cup IR PlansIf anything, the administration's decisions highlight a deeper lesson: Deterring cyberattacks by economic punishment is never going to be enough, says Sonatype's Harden. Instead, practical efforts to bolster defense have become more important, steps the US government is already taking, he says. The US Department of Defense's requirement that contractors comply with the Cybersecurity Maturity Model Certification (CMMC) 2.0 and the Cybersecurity Risk Management Construct (CSRMC) are both long-term plans to improve cyber defense, for example."You can't sanction your way out of a supply chain compromise," he says. "The most reliable form of deterrence is 'deterrence by denial' — make the target so hardened, so well-instrumented, and so well-governed that the cost of getting in and staying in is higher than the value of what you can steal or disrupt."In addition, the Trump administration has taken a more aggressive approach to cyber operations and cyber conflict, but — for the most part — those actions are not made public, says ZeroFox's Darrah."We remain the world's best offensive, cyber-capable country on the planet, [but] we use it very, very sparingly and in ways that doesn't make it look like it was a cyber incident," he says. "When [these capabilities] are exercised, it's done very surgically and it's done professionally —unless it's a Stuxnet type of thing, where it's in our interest to send a public message."About the AuthorRobert LemosContributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.See more from Robert LemosMore InsightsIndustry ReportsFrost Radar™: Non-human Identity Solutions2026 CISO AI Risk ReportThe ROI of AI in SecurityCybersecurity Forecast 2026ThreatLabz 2025 Ransomware ReportAccess More ResearchWebinarsBuilding a Robust SOC in a Post-AI WorldRetail Security: Protecting Customer Data and Payment SystemsRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedSecuring Remote and Hybrid Work Forecast: Beyond the VPNAI-Powered Threat Detection: Beyond Traditional Security ModelsMore WebinarsEditor's ChoiceCybersecurity OperationsWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallbyJai VijayanMar 12, 20265 Min ReadWant more Dark Reading stories in your Google search results?2026 Security Trends & OutlooksThreat IntelligenceCybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsJan 2, 2026Cyber RiskNavigating Privacy and Cybersecurity Laws in 2026 Will Prove DifficultJan 12, 2026|7 Min ReadEndpoint SecurityCISOs Face a Tighter Insurance Market in 2026Jan 5, 2026|7 Min ReadThreat Intelligence2026: The Year Agentic AI Becomes the Attack-Surface Poster ChildJan 30, 2026|8 Min ReadDownload the CollectionKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsBuilding a Robust SOC in a Post-AI WorldThurs, March 19, 2026 at 1pm ESTRetail Security: Protecting Customer Data and Payment SystemsThurs, April 2, 2026 at 1pm ESTRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedWed, April 1, 2026 at 1pm ESTSecuring Remote and Hybrid Work Forecast: Beyond the VPNTues, March 10, 2026 at 1pm ESTAI-Powered Threat Detection: Beyond Traditional Security ModelsWed, March 25, 2026 at 1pm ESTMore WebinarsWhite PapersAutonomous Pentesting at Machine Speed, Without False PositivesFixing Organizations' Identity Security PostureBest practices for incident response planningIndustry Report: AI, SOC, and Modernizing CybersecurityThe Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks.Explore More White PapersGISEC GLOBAL 2026GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills.📌 Book Your Space