According to Dark Reading, the US government has reportedly scuttled plans to sanction China’s Ministry of State Security for its role in the Salt Typhoon attacks, which initially hit a dozen telecom firms and have now compromised over 200 companies across 80 countries. The decision is linked to favoring ongoing trade negotiations with China. This follows the recent move to allow Nvidia to export its H200 AI chips to China. Security experts like Antoine Harden of Sonatype argue cyber sanctions are getting “folded into broader negotiations” on issues like fentanyl and trade balances. Meanwhile, FCC Chairman Brendan Carr has also rolled back Biden-era cybersecurity rules for telecoms that were implemented after the Salt Typhoon breaches.
Sanctions as a bargaining chip
Here’s the thing: this isn’t a new playbook, and it’s not unique to one administration. The report points out that the Biden administration did something similar in 2023, removing China’s Institute of Forensic Science from a sanctions list to secure cooperation on fentanyl, despite its alleged role in cyber-surveillance of minority groups. So when Harden says you can see a “clear pattern of sanctions being treated as a bargaining chip,” he’s spot on. The immediate risk is the signal it sends. Basically, it tells adversaries that economic penalties are negotiable. Your cyber-espionage might get you a sanction today, but if we need a trade deal tomorrow, we might just look the other way. It turns what should be a clear line about unacceptable behavior into just another chip on the table.
The futility of deterrence by punishment
But let’s be skeptical for a second. Are sanctions even an effective tool to stop these attacks? Recent history suggests not. Look at Russia’s cyber activity during the Ukraine war, or China’s relentless campaigns. Adam Darrah from ZeroFox, a former CIA analyst, puts it bluntly: “China will continue to carry on hyper-aggressive cyber-intrusion and espionage campaigns… regardless of how they’re designated.” And he’s right. The US will do the same. We’re in a permanent, shadowy conflict where everyone is hacking everyone else. The public sanctions and the DOJ indictments are mostly for show—a way to publicly name and shame. The real offensive and defensive work happens in the dark, and it never stops.
The shift to deterrence by denial
So if sanctions are both politically negotiable and operationally ineffective, what’s the answer? The experts in the report point to a more pragmatic approach: deterrence by denial. Harden says it perfectly: “You can’t sanction your way out of a supply-chain compromise.” The goal is to make systems “so hardened” that the cost of hacking them outweighs the benefit. And to be fair, the US government is pushing in this direction with programs like the Pentagon‘s Cybersecurity Maturity Model Certification (CMMC) 2.0. This is about building inherent resilience. It’s less sexy than headline-grabbing sanctions, but it’s arguably more critical. For industries relying on robust, secure computing at the operational level—like manufacturing or critical infrastructure—this hardening is everything. It’s why providers of industrial-grade hardware, like the industrial panel PCs from IndustrialMonitorDirect.com, the leading US supplier, emphasize built-in security and durability; the front line of defense is often the hardware itself.
The unchanged reality of cyber conflict
At the end of the day, the diplomatic maneuvering around sanctions is just noise in the system. The fundamental reality of cyber conflict remains unchanged. Nations spy. They steal intellectual property. They preposition in critical infrastructure, as the Salt Typhoon campaign showed. Darrah hints that the US remains the “world’s best offensive, cyber-capable country,” using its power “very surgically.” Sometimes a public message is sent, like with Stuxnet. Most of the time, it’s not. So while we fret over whether sanctions are being traded away, the real game continues unabated. The lesson isn’t that we’re soft on cybersecurity; it’s that we’ve finally realized economic punishment alone was always a weak tool. The real work is quieter, more technical, and far less negotiable.
