The Indo-Pacific region has emerged as a critical arena for geopolitical maneuvering, where cyber capabilities are increasingly employed as instruments of strategic coercion, deeply interwoven with broader foreign policy objectives. As the region becomes more reliant on digital technologies, critical infrastructures have become a prime target for cyber operations with significant regional security implications. Critical infrastructures, including energy grids and telecommunications, are essential for the functioning of modern societies and economies. Given their strategic and economic significance, cyberattacks targeting critical infrastructures with national security paralyzing capabilities have been on the rise (Borrett et al., 2024; Vaidya, 2015). Disruptions to these systems and their cascading effects can have far-reaching consequences, impacting essential services, economic activity, public safety, and underscoring the states’ inability to safeguard their assets.

Employing cyber operations against critical infrastructures presents a distinctive strategy for influencing state behavior. Capitalizing on the inherent ambiguity and deniability in cyberspace enables the attainment of strategic objectives without escalating into direct conflict. As observed in the Colonial Pipeline incident and the Ukraine power blackout, when cyberattacks against critical infrastructure generate kinetic effects, such as the loss of availability, states and operators adopt a range of measures to enhance system resilience and respond to malicious actions, including inspections and the deployment of cyber diplomacy tools. Yet, the more pressing and coercive challenge today lies in the undetected and persistent presence of malicious actors within critical infrastructure networks, which may lay the groundwork for future operations (DHS, 2025).

In the middle of the ongoing discussions regarding the effectiveness, methods, and timing for employing cyber tools for coercive purposes, scholars underscore the intricate interplay between contemporary critical infrastructure systems, the dependence on privately managed infrastructure, and digital vulnerabilities, which collectively present substantial avenues for coercion through cyber operations (Borghard and Lonergan, 2017; Gomez, 2018; Hodgson, 2018, 2024; Kostyuk and Zhukov, 2019; Lonergan, 2025; Valeriano et al., 2018). Drawing on this scholarship, this study defines cyber coercion as meticulously orchestrated operations that exploit vulnerabilities and influence state behavior without escalating to conventional conflict (Baram, 2025; Buchanan and Corera, 2025; Manantan, 2020). Through attacks on critical infrastructures, cyber coercion is considered not merely a technical risk but a tactical foreign policy instrument employed by states to exert influence and attain geopolitical objectives. Such actions frequently operate in the ambiguous realm of international relations, where activities fall below the threshold of conventional warfare but constitute hostile acts intended to compel or dissuade specific behaviors.

Amid the escalating geopolitical rivalry, cyber competition in the Indo-Pacific has entered a new era in which regional actors are increasingly advancing their military cyber capabilities with minimal external oversight (Hogeveen, 2023). Several states, including China, Russia, and North Korea, are known to sponsor Advanced Persistent Threat (APT) groups to execute cyber operations and target critical infrastructures (Nachiappan, 2025). Although discussions on responsible state behavior in cyberspace and cyber norms have been advanced by international and regional organizations such as ASEAN, gaps in international cooperation remain a persistent challenge.

China’s cyber operations have garnered particular concerns from neighboring nations and the global community. While numerous countries have accused China of engaging in espionage and intellectual property theft, disruptive attacks on critical infrastructures have increasingly become a primary concern. For instance, during the mid-2020 border clashes between China and India, Chinese actors targeted at least four Regional Load Dispatch Centers and two State Load Dispatch Centers (Bommakanti, 2022). These centers oversee the electricity supply across India, indicating a deliberate intention to disrupt vital services and jeopardize India’s economic stability. In 2024, APT40, an actor affiliated with China, repeatedly targeted Australian networks, conducting reconnaissance activities to identify potential points of compromise (Australian Government, 2024c).

Cyber competition is intensifying in Indo-Pacific, as one in ten cyber incidents targeted essential services in Australia (Reuters, 2024) and India became the second most targeted country in the world (Bharadwaj, 2025). Nevertheless, the region’s unique characteristics, such as the coexistence of democratic and authoritarian regimes, different levels of technological advancement, and various strategic orientations, create a complex environment for understanding the dynamics of cyber coercion. Furthermore, regional actors’ responses to coercive activities in cyberspace vary widely, notably with India and Australia illustrating particularly divergent approaches. However, while cyber coercion is widely discussed, comparative analysis for understanding different response paths to cyber coercion across states with different dynamics remains underdeveloped, particularly in the Indo-Pacific.

In other words, there is a notable lack of comparative scholarly research examining how cyberattacks on critical infrastructures are employed as strategic tools of coercion and how and why states adopt divergent policy and diplomatic strategies in response in Indo-Pacific. Notably, the rise of cyber coercion in the region presents complex implications for regional security and strategic stability, underscoring the need for a deeper understanding of the national dynamics shaping its use. Given the diversity in institutional structures, cybersecurity capabilities, and national interests, a comparative approach is essential to understanding the patterns of cyber coercion, deterrence, and response in the Indo-Pacific.

Against this backdrop, this study seeks to investigate how China employs cyber capabilities, particularly within the framework of its weishe (威慑),¹ doctrine and how the two main regional powers, India and Australia, diverge in their responses to such cyber coercion. To this end, the study addresses two central research questions: (1) How does China orchestrate its cyber statecraft by utilizing cyber coercion as a foreign policy instrument targeting critical infrastructure? (2) In what ways do India and Australia differ in their strategic responses to cyber coercion, and to what extent do underlying geopolitical alignments and institutional dynamics account for this variation?

The remainder of the paper is structured as follows: The research design and contemporary debates on cyber coercion are reviewed. Subsequently, China’s cyber doctrine is examined, with a specific focus on the concept of weishe. Next, the responses of India and Australia to cyber coercion attempts are analyzed, highlighting their distinct approaches influenced by contrasting strategic preferences: diversity-driven ambiguity and alliance-driven transparency. Finally, the paper explores cyber norms and governance within the Indo-Pacific order, assessing existing initiatives and identifying critical deficiencies.

Amid the dynamics of cyber competition in the Indo-Pacific, India and Australia were designated as case countries due to their shared characteristics, such as their ambitious digitalization initiatives and expanding attack surfaces. Furthermore, they have a growing number of suspected cyber incidents associated with China that target national assets. Notably, their divergent response trajectories to cyber coercion, both institutionally and diplomatically, set them apart.

This study employs a process tracing methodology to comprehensively capture the outcomes and the underlying pathways shaping each country’s response. Process tracing enables us to reconstruct pivotal events and institutional adaptations that transpired following significant cyber incidents attributed to China. By systematically tracing the evolution of both countries’ cyber strategies, we elucidate the causal mechanisms that link specific threats to policy and geopolitical outcomes. This approach fortifies the comparative analysis by elucidating the mechanisms through which India and Australia have diverged, moving beyond superficial similarities and differences to uncover the processes driving this divergence.

Based on this selection, illustrated in Table 1, our comparative analysis draws on policy documents, public attribution statements, threat reports, and technical analyses for key incidents to demonstrate how each country’s approach reflects distinct strategic, institutional, and diplomatic choices. Furthermore, three major datasets, the Cyber Operations Tracker (Cyber Ops) (CFR, 2025), European Repository of Cyber Incidents (EuRepoC) (EuRepoC, 2025), and Cyber Events Database (Cyber Events) (University of Maryland, 2025), are integrated to attain a more comprehensive understanding of Chinese-originated cyberattacks on India and Australia, particularly for the period between 2020–2025.

To comprehensively analyze not only India and Australia’s national strategies but also their international engagements, the UNIDIR Cyber Policy Portal database (UNIDIR, 2025b) was used as a key source, providing an interactive map of the global cyber policy landscape and detailing intergovernmental and multilateral cybersecurity frameworks.

Building on Baldwin’s relational conception of power, coercion can be understood as a situation in which actor A changes actor B’s behavior by manipulating B’s incentives, typically through threats or pressures rather than persuasion or simple exchange (Baldwin, 2016). The strategic employment of cyber operations to compel adversaries, such as cyber coercion, extends classical coercion theory into the digital realm. Building on Schelling’s seminal concept of coercion as manipulating an adversary’s decision calculus through credible threats of future harm (Schelling, 1966), cyber coercion transposes this logic into a domain defined by anonymity, rapid maneuverability, and contested attribution (Borghard and Lonergan, 2017). Unlike conventional coercion, which presupposes transparent actor identity and declaratory signals, cyberspace inherently undermines these premises, necessitating a theoretical recalibration.

The efficacy of cyber coercion hinges on the capacity to credibly convey capability and intent without triggering undesired escalation. However, this signaling is mediated by cyberspace’s inherent opacity and technical intricacies, which undermine conventional assumptions regarding coercive clarity and credibility. Cyber coercion operates through three interdependent mechanisms: Attribution obfuscation, semantic ambiguity in signaling, and volatile escalation dynamics.

Attribution obfuscation is related to coercion reliably. Cyber operations systematically leverage ambiguities in attribution, using proxy networks, false flags, and anonymizing technologies to obscure identity, thus complicating adversary response strategies and allowing coercers to manipulate uncertainty as a form of power (Hodgson, 2018; Longabaugh, 2020). Semantic ambiguity in signaling is couched in technical operations, imposing cognitive and strategic burdens on the target, forcing decision-makers to navigate uncertainty about severity, intent, and future threat likelihood, which alters the traditional signaling calculus (Longabaugh, 2020). Volatile escalation dynamics concern cyber coercion’s relatively low cost but unpredictable escalation potential. This factor challenges coercer strategy and target’s responses (Jensen et al., 2017).

Cyber coercion poses a challenge to conventional security paradigms by empowering states to exert influence and accomplish strategic objectives without resorting to conventional military force. Cyberattacks on critical infrastructures can disrupt vital services and cripple economies, emphasizing the necessity of robust cybersecurity measures and international collaboration (Kramer et al., 2009). These cyber capabilities are part of broader efforts to exert influence and achieve strategic objectives, making it essential to analyze cyber coercion within the context of overall foreign policy.

Cyber operations increasingly target not only political leaders, government officials, and diplomatic activities but also the critical infrastructures essential to national security and daily life. Because disruptions to these vital systems can have cascading effects on governance and public trust, such operations can be exploited to manipulate political processes, disrupt elections, and undermine decision-making, thereby threatening a nation’s governance and overall stability (Olafuyi, 2023).

A nuanced understanding of their technical dimensions, including the specific malware deployed, attack vectors, and exploited vulnerabilities, especially those affecting critical infrastructure, is essential for assessing the sophistication and strategic intent underlying cyber coercion (Hodgson et al., 2019). State-backed APT groups are often leveraged as strategic instruments by states to augment their military or economic power (Katagiri, 2024). APTs can also be used as coercive tools by demonstrating latent capabilities, inflicting limited harm, conveying a political message, and particularly targeting critical infrastructures.

More recently, scholars have adopted a more cautious approach to the concept of cyber coercion. One of the foundational critiques is advanced by Fischerkeller et al. (2022), who argue that cyberspace constitutes an “environment of exploitation” rather than one of coercion and that, instead of relying on episodic coercive acts, states employ persistent, non-violent campaigns to generate cumulative strategic effects. Lonergan (2025) also argues that scholars have empirically demonstrated the limited coercive utility of cyber operations, yet U.S. practitioners remain optimistic about their effectiveness due to bureaucratic and political interests and the lack of viable alternatives.

Drawing on these insights, we also advocate a cautious approach to the concept of cyber coercion and introduce the dimension of persistent cyber pressure as a structural form of coercion particularly for operations targeting critical infrastructure, without rejecting their coercive impact. In classic coercion logic, including cyber coercion, three elements are central: a concrete demand to change or maintain some behavior, a conditional threat to impose costs if the demand is rejected, and communication that allows the target to understand the link between behavior and punishment or restraint. Persistent cyber pressure differs in form. It is continuous rather than episodic and consists of repeated intrusions, leaks, distributed denial of service campaigns, low level disruptions, and information operations, sometimes combined with non cyber instruments such as sanctions. It often lacks a clearly articulated demand and is instead experienced by neighboring states as an ongoing pattern of digital friction.

Although persistent cyber pressure differs from classic cyber coercion, repeated low level operations demonstrate capability and a basic level of resolve and teach the target that the regional actor is willing to impose costly nuisances. Even without explicit demands, continuous cyber harassment can lead neighboring states to anticipate that any move displeasing the regional power will trigger further harassment, to internalize a perception that certain policies are too costly, and to begin self-censoring their foreign policy options in order to avoid additional pain.

If a regional actor uses persistent cyber pressure to slowly shift facts on the ground, it moves into grey zone competition and salami-slicing. Each individual cyber operation remains limited and often deniable, yet the cumulative effect gradually alters the status quo. In this context, persistent cyber pressure begins to resemble a form of background compellence, in which the target is pushed over time to accept a new regional order rather than confronted with a single large demand. The underlying logic remains coercive, but the tempo and clarity differ from classic cyber coercion.

As the following section outlines, this understanding of persistent cyber pressure resonates with the Chinese concept of weishe, which integrates deterrence and compellence without requiring clear demands. In this sense, we advocate that sustained cyber activity of China targeting critical infrastructure reflects a weishe-style logic of coercion that looks for cumulative pressure rather than episodic coercive moves.

As of 2025, India has become the most populous country in the world, with a population exceeding 1.463 billion (Worldometer, 2025). Alongside this demographic growth, India’s digital posture has undergone a significant transformation. The size of the digital economy grew from $107.7 billion in 2014 to $222.5 billion in 2019 (Government of India, 2025). Furthermore, it is expected that digital economy in India would contribute nearly one-fifth of the overall national economy [Press Information Bureau (PIB), 2025].

While India’s internet user base is expected to exceed 900 million by 2025 (The Indian Express, 2025), there are two major turning points in India’s digital transformation: The first is the implementation of the digital identity system called Aadhaar in 2009 and the second is the launch of the Unified Payments Interface (UPI) in 2016 (Awasthi et al., 2024; Bandura et al., 2024). To elaborate briefly, Aadhaar provides citizens with a 12-digit digital identity using fingerprints, iris scans, and photographs. UPI, developed by the National Payments Corporation of India, enabled financial transactions without the need for any physical payment instrument.

With the launch of the “Digital India” initiative, the Indian government also announced an ambitious program aimed at digitizing infrastructures (OECD, 2023). However, as more assets became increasingly dependent on digital channels, this also significantly increased the India’s exposure to cyber threats. According to the Data Security Council of India (DSCI), the healthcare sector emerged as the most frequently targeted. The report also highlights a significant increase expected in AI-driven cyber-attacks in 2025. Furthermore, the geopolitical dynamics adds another complexity to India’s cyber threat landscape [Data Security Council of India (DSCI), 2025].

The most significant challenges among these are the cyber manifestations of India’s geopolitical dynamics with Pakistan and China. To illustrate, a report by the Indian Computer Emergency Response Team (CERT-In) noted that cyber-attacks from China made up 35% of the total number of cyber-attacks in 2018 (The Indian Express, 2018) whereas several sources claim that this figure reached 79% in 2023 (Debates, 2025). In the context of cyber rivalry between Pakistan and India, attacks tend to intensify around symbolically significant dates, such as national independence days, and often follow a tit-for-tat pattern, with both sides targeting each other’s official websites (Dragonfly Intelligence, 2025; Patil, 2025). Furthermore, recent researches highlight that India is also frequently targeted by Pro-Palestinian groups since the country has a close relationship with Israel (Lemos, 2025).

Particularly, tensions between China and India are rooted in a multifaceted interplay of historical, strategic, and economic factors. At the core of this tension lies their longstanding border dispute, particularly along the Line of Actual Control in regions such as Aksai Chin and Arunachal Pradesh. This dispute has periodically escalated into military standoffs and even violent confrontations, with the most recent incident occurring in the Galwan Valley.

Beyond these border disputes, both nations vie for influence in South Asia, striving to expand their political and economic presence among neighboring countries and within the Indian Ocean. This rivalry is further intensified by their respective strategic alliances: India is apprehensive of China’s close partnership with Pakistan, as exemplified by the China-Pakistan Economic Corridor, while China perceives India’s involvement in the Quad (which comprises the United States, Japan, and Australia) as a deliberate attempt to restrain its growing influence. Economic dynamics also contribute to the complexity of their relationship, characterized by a substantial trade imbalance favoring China. Ongoing disputes concerning technology, investment, and market access have prompted calls within India for enhanced economic self-reliance. Collectively, these factors foster a climate of mutual suspicion and competition that transcends their contested borders.

Several prominent APT groups have targeted India in recent years. One of the most notable is APT36 (also known as Transparent Tribe), which is reportedly affiliated with Pakistan. APT36 primarily focuses on critical Indian entities, such as defense and government institutions, often employing deceptive domains and phishing campaigns as its core tactics for espionage purposes [CFR, 2024; CYFIRMA, 2025; Data Security Council of India (DSCI), 2025]. Another incident concerns the attack on the Kudankulam Nuclear Power Plant (KNPP), which was flagged in 2019 by independent researchers and assessed as being conducted by state-sponsored actors from North Korea (APT 38), reportedly motivated by India’s advanced research in the nuclear energy sector (Mallick, 2019).

Another APT group targeting India is the RedEcho, which is believed to be linked to China. RedEcho has been actively involved in persistent intrusions aimed at compromising India’s critical infrastructure. It exhibits similarities and utilizes infrastructure in common with other China-associated groups, such as APT41, and has been associated with the deployment of ShadowPad malware (MITRE ATT&CK®, 2025). RedEcho is particularly notable for its focus on critical energy infrastructures, including a high-voltage transmission substation and a coal-fired thermal power plant (SecurityWeek, 2021). One of the most significant cyber incidents attributed to this group is the attack that caused a widespread blackout in the Mumbai region in 2020 which occurred shortly after the border clashes between China and India in the Galwan Valley.

Although Indian authorities did not make any explicit attributions, cyber threat intelligence firms assessed the attack as a form of strategic signaling, intended to demonstrate China’s cyber capabilities to India during a period of heightened tension (Recorded Future, 2021; Sanger and Schmall, 2021). Analysts also interpret the surge in attacks targeting Indian entities as part of China’s retaliatory efforts following the Galwan Valley clash as a means of imposing costs, gathering intelligence, and undermining India’s strategic posture in the long term (Manhas, 2023). In addition to energy infrastructure, the maritime sector is also pivotal to the Indian economy, especially as India pursues its ambitious Maritime India Vision 2030 and competes with China in the maritime domain. Consequently, the country has faced cyber threats targeting its maritime infrastructure, including a cyber-attack on the Jawaharlal Nehru Port Trust’s IT systems, which forced operators to revert to manual processes until restoration was completed (MCAD Maritime Cyber Attack Database, 2022).

To address intensifying tensions in cyberspace, India employs a combination of policy and institutional measures and a proactive cyber diplomacy. While India adopted its first National Cybersecurity Strategy in 2013, the National Critical Information Infrastructure Protection Centre (NCIIPC), Indian Cybercrime Coordination Centre (I4C), and the CERT-In are considered the cornerstones of the country’s cybersecurity architecture. As being the main national intelligence apparatus, The National Technology Regulatory Organization (NTRO) is pivotal in gathering cyber intelligence and actively protecting critical infrastructures whereas The Research and Analysis Wing (R&AW) acts India’s external intelligence agency (News4hackers, 2024; Shende and Chaudhuri, 2024). Additionally, National Cyber Security Coordinator (NCSC) post is responsible to harmonize cybersecurity issues in national level and directly report to Prime Minister’s Office (Patil, 2021). Despite ongoing ambiguity regarding India’s capabilities and intentions to conduct offensive cyber operations (Devanny and Laudrain, 2025; IISS, 2021), the Defence Cyber Agency (DCA), established in 2018 under the Ministry of Defence, should be also recognized as a key institution in managing cybersecurity threats (Basu, 2022; Singh, 2025).

When it comes to India’s global position in terms of capabilities, it varies significantly depending on the evaluative framework. For instance, India is placed among Tier-1 in the International Telecommunication Union’s (ITU) latest (2024) Global Cybersecurity Index (ITU, 2024), whereas in the Harvard University’s Belfer Center’s Cyber Power Index (2022), India is positioned among countries with lower intent and lower capability (Harvard University, 2022). This difference may reflect the gap between India’s developing level of cyber resilience and its relatively limited strategic cyber influence.

India’s international cybersecurity strategy and cyber diplomacy should be analyzed through both broader regional and global political-strategic lenses. From an institutional perspective, Cyber Diplomacy Division and the New and Emerging Strategic Technologies (NEST) Division, under the Ministry of External Affairs, coordinate India’s cyber diplomacy activities (Cyber Policy Portal, 2025). While India’s threat perception in cyberspace has increasingly centered on China (Devanny and Laudrain, 2025), the country’s international cyber policies and cyber diplomacy efforts cannot be understood in isolation from its broader foreign policy orientation, which is trying to balance multilateralism and sovereignty (Patil, 2021). To put this in further detail, while India and China are competing for influence in South Asia, India’s alignment with the West remains limited, as the country is pursuing strategic autonomy, acknowledging and seeking to reduce its dependence on China for critical imports, including renewable energy technologies, electronics, plastics, and more.

When combined with India’s evolving cyber threat perception and its pursuit of strategic autonomy, the realities on the ground have led the country to seek not only influence but also balance competing interests through multiple diplomatic channels. While doing so, the country deliberately avoids sharp or confrontational moves in cybersecurity. For example, although cyber threat intelligence firms pointed out the likely source of the Mumbai blackout, India has consistently refrained from making public attributions to any specific state or group (Basu, 2024), reflecting its cautious and restrained cyber diplomacy posture.

UNIDIR’s Cyber Policy Portal provides a valuable lens into India’s cyber diplomacy, which is characterized by a multilateral yet cautious approach. India is not only engaged in multiple bilateral agreements, including with the UK, France, and Australia, on cybersecurity cooperation but it also actively participates in major international initiatives such as the Counter Ransomware Initiative, UN Open-ended Working Group (OEWG) on security of and in the use of information and communications technologies, and UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security (UNIDIR, 2025a). In addition, India’s participation in both the Shanghai Cooperation Organisation’s (SCO) International Information Security initiatives and the Quad Cybersecurity Partnership (Ministry of Foreign Affairs of Japan, 2023), formed by Australia, Japan, and the United States, demonstrates its pursuit of balance and strategic diversification, particularly when considering the bold differences between these entities in terms of internet governance models and cyber threat conceptualizations.

Significant challenges remain for India’s cybersecurity stance. At the national level, despite robust efforts, authority and capabilities are still dispersed across multiple agencies, leading to coordination and implementation gaps (IISS, 2021). At the international level, SCO’s emphasis on cyber sovereignty limit India’s normative engagement with other global cybersecurity initiatives and may contradict its cautious multilateralism. Moreover, India’s non-alignment policy can hinder the deepening of cybersecurity cooperation, particularly in areas such as cyber threat intelligence sharing, and may ultimately constrain its influence in global cyber governance fora.

As outlined in Australia’s ambitious digital strategy, digitalization is expected to contribute approximately $315 billion to the Australian economy over the next decade. Accordingly, the strategy provides for investments for growing the digital economy, building capabilities in emerging technologies, and enhancing digital skills across various sectors (Australian Government, 2021a). The government also endorses a “cloud-first” approach and collaborates with major technology companies such as Amazon Web Services to foster cloud innovation in areas including national security and defense (Rouse, 2024). In line with global trends, Australia aims to increasingly deliver public services through digital platforms.

Analogous to India’s situation, Australia is grappling with an escalating number of cyber incidents as its digital footprint expands. Notably, Australia has experienced several severe data breaches in recent years, including the 2022 incidents involving Optus Telecom and Medibank Health Insurance. The Optus breach compromised the personal information of 9.7 million customers, while the Medibank ransomware attack is suspected of causing the release of claims data and sensitive medical records on the dark web (Kost, 2025).

Attacks targeting critical infrastructure have been a major concern in Australia and are increasingly perceived as instruments of malign influence and coercion (Australian Government, 2022). Critical Infrastructure Security Centre (CISC), under the Department of Home Affairs, is the regulator of the national critical infrastructures. In addition to the broader designation of national critical infrastructure, Australia’s classification of “Systems of National Significance”, a smaller subset of critical infrastructure assets, is a distinctive practice, as these entities are subject to enhanced obligations, including the development of cybersecurity incident response plans (Australian Associated Press, 2025).

According to the Australian Cyber Security Centre (ACSC) under the Australian Signals Directorate (ASD), more than 11 percent of the cybersecurity incidents identified in FY2023–24 were found to be related to critical infrastructures (Australian Government, 2024a; Ribeiro, 2024). To illustrate, the cyber-attack targeting DP World, Australia’s largest port operator, led to a three-day suspension of operations (Australian Associated Press, 2023). Unlike India, which refrains from explicit attribution, Australia’s official cyber threat report for FY2023–24 clearly names state-linked actors, such as Chinese threat groups, as part of its national cyber threat landscape. For instance, these reports refer to state-sponsored actors leveraging LOTL techniques and “pre-positioning for disruptive effects”, illustrating how cyberspace is increasingly intertwined with broader geopolitical rivalry (Australian Government, 2024b, pp. 1–14).

Over the past decade, the relationship between China and Australia has become increasingly strained, characterized by a multifaceted array of disputes that encompass economic, security, political, and ideological dimensions. A notable escalation occurred in trade tensions, particularly after Australia initiated an independent investigation into the origins of COVID-19 (Walsh, 2021). This prompted China to impose tariffs and restrictions on key Australian exports, such as barley, wine, and coal. These economic pressures are particularly noteworthy given Australia’s longstanding dependence on China as its largest trading partner, resulting in a dynamic of mutual reliance and vulnerability.

In addition to trade concerns, Australia has raised serious allegations of Chinese interference in its political system, universities, and diaspora communities. Furthermore, ongoing accusations of cyber-espionage targeting sensitive sectors have deepened the strategic dimension of this rivalry. Australia’s engagement in the Trilateral Security Partnership Between Australia, U.K. and U.S (AUKUS) and its open criticism of China’s actions in the South China Sea have underscored this shift. Human rights issues have also added an ideological element to the tensions. Australia has condemned China’s policies in Hong Kong and Xinjiang, often receiving sharp rebukes from Beijing. Moreover, the competition in technology has intensified, with Australia’s ban on Huawei from its 5G network and heightened scrutiny of Chinese investments in critical infrastructure highlighting this aspect (Uren and Cave, 2018). Overall, these frictions reflect a broader contest for influence, values, and security in the Indo-Pacific region. They underscore the challenges of managing a relationship that balances deep economic ties with significant strategic and political mistrust.

Australia has also been targeted by several APT groups in recent years. For instance, APT40 (also known as Kryptonite Panda, Gingham Typhoon, Leviathan, and Bronze Mohawk up to industry reporting), attributed to China, has been repeatedly identified as responsible for intrusions into Australian networks, including both government and private sector systems. The group is associated with cyber-espionage campaigns, particularly focused on critical sectors such as defense and emerging technologies (Australian Government, 2024d; SOCRadar®, 2024). Another group, APT10 (Additionally, certain sources have also identified this threat actor as menuPass and Stone Panda) (Grunzweig and Miller-Osborn, 2017), has also been associated with intellectual property theft, particularly through its involvement in Operation Cloud Hopper in 2017, an extensive cyber-espionage campaign that leveraged cloud service providers to pivot from one victim network to another (Australian Government, 2019; Richmond, 2019).

When Australia’s two most recent cybersecurity strategies are compared, a more assertive emphasis emerges, particularly on setting clear obligations for critical infrastructure and situating cyber threats within a deepening geopolitical contest. For instance, while the 2020 strategy primarily framed cyber threats around financial gain, the latest strategy views them as part of broader strategic rivalry and unchecked coercion in the Indo-Pacific (Australian Government, 2020, 2023a). Therefore, Australia’s responses to evolving cyber threats involve a combination of institutional, legislative, and diplomatic responses.

Following major cyber incidents such as the Optus and Medibank breaches, one of the most notable developments in Australia’s cyber ecosystem has been the appointment of a dedicated Minister for Cyber Security, alongside the Minister for Home Affairs, to strengthen strategic coordination at the national level (CSO Online, 2024). Besides, in Australia, ASD and ACSC are the pivotal institutions in national cybersecurity governance. ASD operates across the full spectrum of signals intelligence and cybersecurity operations (Australian Government, 2025c). Within this framework, the ACSC, as a part of ASD, leads the Australian Government’s efforts to enhance national cyber resilience and coordinate cybersecurity initiatives (Australian Government, 2025b).

Computer Emergency Response Team Australia (CERT Australia) operates under ACSC and provides support to critical infrastructure operators and shares information (Australian Government, 2025d). One of the most recent aspects of the latest strategy is the commitment to establish an “Executive Cyber Council” and to engage industry leaders in order to consolidate public–private partnerships on cybersecurity. From a legislative perspective, Australia has introduced a dedicated Cybersecurity Act in 2024, which includes provisions for mandatory ransomware payment reporting and the establishment of a Cyber Incident Review Board (Australian Government, 2024e).

From the perspective of critical infrastructure protection, the CISC, plays a central role in supporting the implementation of regulatory obligations for critical infrastructure sectors, including mandatory incident reporting. Despite criticism over the lack of a publicly articulated doctrine, such as the UK’s Responsible Cyber Power framework (Scott, 2023), Australia is also among the few countries that openly acknowledge possessing offensive cyber capabilities, including tools for deterrence and disruption, even though the specifics of such operations remain classified. While the REDSPICE Project aims to triple the offensive cyber effects capability, ASD has been described as both a “poacher” and a “gamekeeper,” reflecting its dual role in conducting offensive cyber operations while also defending national assets (Australian Government, 2022).

As attacks on critical infrastructure are no longer isolated incidents but increasingly reflect broader geopolitical contests, thus necessitating proactive cyber diplomacy. International engagement is defined as a core tenet of Australia’s foreign policy, with the country playing a pivotal role in advancing cyber diplomacy practices coordinated by the Ambassador for Cyber Affairs and Critical Technology within the Department of Foreign Affairs and Trade.

The International Cyber and Critical Technology Engagement Strategy delineates three fundamental principles that guide Australia’s global approach to cyber policy: values, security, and prosperity. The values pillar embodies Australia’s dedication to employing technology in a manner that safeguards liberal democratic principles. Conversely, the security pillar underscores its aspiration to foster resilience both domestically and within the Indo-Pacific region. The prosperity pillar emphasizes Australia’s aspiration to leverage technology for economic efficiency and innovation, while opposing the fragmentation of global technology markets (Australian Government, 2025e). Australia is also an active member of the UN GGE and chaired the UN GGE on cyber norms in 2013, while its position in UN processes is shaped by its Five Eyes partnership (Austin, 2025).

Based on documented practices and observed strategies, it would not be inaccurate to argue that Australia’s cyber diplomacy efforts to counter cyber coercion and safeguard its national assets rely also on direct instruments such as sanctions, public attribution, joint statements, and coordinated naming-and-shaming with like-minded coalitions, which are coupled with signaling its offensive cyber capabilities to shape both the current and future operational and normative environment (Egloff, 2020a; Manantan, 2021). For instance, since 2017, Australia has publicly attributed malicious cyber activities to North Korea, Russia, China, and Iran, efforts that are reinforced by an autonomous sanctions framework (Australian Government, 2021b, 2023b).

Strategies to counter coercion may be pursued through national, minilateral, and multilateral avenues (Hunter et al., 2023). Consequently, states addressing cyber coercion may utilize a combination of institutional and diplomatic channels. While institutional channels encompass different state agencies or legislative reforms, diplomatic channels concern alliances, partnerships, and implementation of cyber diplomacy tools, including public attribution. Adopting an actor-centric perspective is crucial for examining these strategic responses to cyber coercion, as the perception of cyber threats and the strategic preferences among actors may not be uniform. As Gomez emphasized, various factors, including material and strategic considerations, can influence the cybersecurity preferences of states (Gomez, 2022).

Acknowledging this diversity, in the preceding two parts, we analyzed the digital landscape, key incidents, the institutional and (cyber) diplomatic landscape of India and Australia to counter cyber coercive attempts, particularly posed by China. Based on detailed examination of these cases, we found that both countries, which are pivotal actors in the Indo-Pacific region, are increasingly pursuing digitalization efforts and confronting advanced threats employing sophisticated techniques aimed at their critical infrastructures, including maritime and energy assets. Yet, their responses to cyber coercion have notably diversified in both national and international contexts (Table 2).

To put this with further details, India’s responses to cyber coercion tactics reflect a “diversity-driven ambiguity.” This stance emphasizes both an ambiguous stance regarding its capabilities and intentions and an active cyber diplomacy approach grounded in strategic sovereignty, marked by multilateralism and diversification efforts. In other words, while the country seeks to advance its interests in cyberspace through institutional engagement and policy reforms, India also attempts to counter coercive actions by cautiously yet proactively participating in international cyber cooperation efforts with multiple parties, including both the Quad and the SCO.

On the other hand, this diversity encompasses not just India’s international engagement preferences to address cyber coercion but also illustrates its institutional framework, which is fragmented among various parties and lacks coordinated, harmonious, or unified cyber leadership. It should be equally noted that India has a population almost 50 times larger than that of Australia, necessitating a more nuanced understanding of differences in digitalization rates, online population, attack surface, and, consequently, cybersecurity governance efforts.

India’s cybersecurity focus extends beyond China to include other actors, especially Pakistan. This may explain its preference for ambiguity in responding to cyber coercion, which is not solely due to its non-alignment stance. The multiplicity of threat actors, institutional fragmentation, and cyber security leadership contribute to this approach. India’s emphasis on strategic ambiguity and decentralized incident response reflects a broader strategy to maintain autonomy and avoid direct confrontation. The effort to evade direct attribution must consider India’s unique threat assessment, influenced by historical conflicts with China, particularly the recent incident in Galwan Valley. This ambiguous position is shaped by both internal institutional dynamics and external confrontational landscape.

This approach significantly differs from Australia’s “alliance-driven transparency” policy, characterized by a proactive and transparent methodology to counter cyber coercion, including a strong alignment with allies such as the U.S. and the Five Eyes intelligence alliance, demonstrating a strategic choice to bolster deterrence and collective security. The focus on transparency reflects Australia’s approach not only in terms of its relative openness about offensive cyber capabilities, but also in its frequent public attributions of cyber incidents. As elaborated by Egloff and Smeets, public attribution is a tedious task necessitating strong intelligence capabilities, decision-making behind public attribution is complex, and it may also carry risks (Egloff and Smeets, 2023).

In terms of its functions, beyond its immediate signaling purpose, Australia’s assertive approach to public attribution and transparency may serve its broader strategic aims, such as norm development, reinforcing accountability, and articulating state behaviors in the evolving domain of cyber operations (Egloff, 2020b). In terms of actor capacity, different than India, Australia’s “whole-of-economy” threat intelligence network, built on strong public-private partnerships and its shared intelligence network with its allies, may also be an enabling factor for Australia’s sharper position on public attribution (Heiding et al., 2025). Unlike India, Australia has access to NATO-led cybersecurity initiatives, as it became a member of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in 2018 and engages in NATO-led cyber exercises such as Locked Shields (Austin, 2025). Overall, Australia’s dedication to international cooperation and robust alliance partnerships influences its strategy for cyber deterrence based on precise attributions and incident response, especially in terms of information exchange and collaborative exercises.

Another factor making Australia’s responses to cyber coercion distinct from India’s is its focus on investing in cyber capacity building across the Indo-Pacific, not only in a technical sense, but also in terms of enhancing the region’s ability to implement and institutionalize international norms (Lewis, 2020). Australia’s $26.2 million investment in the Cyber Rapid Assistance for Pacific Incidents and Disasters (Cyber RAPID) initiative (Australian Government, 2025e), alongside $4.5 million to support cyber incident response efforts in Southeast Asia, exemplify its commitment to technical assistance. In parallel, the Australian Department of Foreign Affairs and Trade sponsors initiatives such as Cyber ASEAN, which aim to foster collaborative policymaking and normative convergence (Cyber ASEAN, 2024).

So far, India’s and Australia’s divergent approaches have been conceptualized through the lenses of diversity-driven ambiguity and alliance-driven transparency to counter cyber coercion. What warrants further inquiry, however, is what drives these divergent strategies beyond explanations rooted in actors’ strategic culture or foreign policy orientation. There is a recent growing academic interest in how bureaucratic dynamics, especially between intelligence and military institutions, inform a state’s strategic cybersecurity choices. For instance, Egloff and Smeets point out the intricacies behind the public attribution decision-making process, arguing that such decisions are shaped not only by inter-agency collaboration but also by competing viewpoints and institutional missions (Egloff and Smeets, 2023). In addition, the framework proposed by Kostyuk et al. (2025), which suggests that when the military prevails, strategy tends to favor aggressive and assertive actions, whereas dominance by intelligence agencies leads to more discreet subversion and espionage, can also be applied to examine India’s and Australia’s strategic preferences in cyberspace.

As illustrated in Table 2, in India, despite the presence of multiple actors, the national cybersecurity ecosystem is more fragmented and distributed across multiple agencies. While the NSC holds a strategic coordination role, operational leadership is largely concentrated in the NTRO, an intelligence-focused institution. Australia demonstrates stronger national cybersecurity leadership, reinforced by the creation of a dedicated Minister for Cyber Security. However, in terms of operational capabilities, the ASD and its sub-agency, the ACSC, take the lead. Unlike NTRO, ASD has a more hybrid character, it is a statutory agency reporting directly to the Minister for Defence under the Intelligence Services Act 2001. In addition to collecting foreign signals intelligence, it also supports the Australian Defence Force (ADF) by providing both intelligence and offensive cyber capabilities (Australian Government, 2025a). In this respect, it may be reasonable to speculate that the dominance of intelligence agencies in India encourages strategic ambiguity, whereas Australia’s institutional hybridity, which combines intelligence and defense within the ASD, enables a more assertive response to cyber coercion through public attribution and offensive signaling.

The final inquiry concerns how cyber coercion attempts and state responses interact over time. Drawing on event data from the Cyber Ops, EuRepoC, and Cyber Events, Chinese-originated cyberattacks on India and Australia between 2020 and 2025 show a significant increase, often aligned with major geopolitical flashpoints, such as the India–China border dispute and the AUKUS security pact.

As illustrated in Figure 1, between 2010 and 2024, the pattern of incidents demonstrates a steady baseline of cyber activity, punctuated by noticeable surges that align closely with diplomatic and security crises. In the case of India, the Doklam standoff in 2017 and the Galwan Valley clashes in 2020 stand out as moments of heightened cyber pressure. During these years, Chinese-attributed operations targeted Indian defense, aerospace, and government institutions, reflecting Beijing’s emphasis on intelligence collection during periods of military escalation. These operations enabled China to closely monitor India’s strategic posture while maintaining plausible deniability.

A similar pattern emerges in Australia. Cyber operations attributed to China rose in the aftermath of Canberra’s exclusion of Huawei from its 5G infrastructure in 2018 and again during the diplomatic rupture of 2020, when Australia called for an international inquiry into the origins of COVID-19. These campaigns extended beyond government targets to include telecommunications networks, universities, and media outlets, indicating an effort both to access sensitive information and to influence key sectors of public life.

This integrated evidence reinforces the notion that Chinese cyber operations against India and Australia are best understood as an extension of statecraft. The timing of operations suggests a deliberate effort to utilize cyberspace as a pressure valve during crises, projecting power, gathering intelligence, and influencing adversaries’ decision-making without escalating into overt military conflict. In this context, cyberspace becomes a domain where the geopolitical contest is both persistent and acutely responsive to moments of tension.

Finally, India’s and Australia’s divergent strategic responses should not be assessed solely by their capacity to prevent attacks, but also by their efforts to shape the cost and consequences of coercive cyber operations. As revealed in Figures 2, 3, the absence of a visible decline in attack frequency suggests that the effectiveness of these responses lies not in elimination but in influencing the attackers’ calculus, through either strategic ambiguity or public attribution, to increase the cost and reduce the operational impact of cyber coercion.

After analyzing India’s and Australia’s strategic responses, it is imperative to assess how these align with the evolving cyber norms framework in the Indo-Pacific region. The Indo-Pacific region is increasingly at the forefront of global discourse on cyber norms and digital governance, as states seek to balance the competing imperatives of openness, national sovereignty, and the protection of critical infrastructures. This dynamic unfolds within an increasingly contested strategic environment, where cyber coercion has become a salient instrument in the geopolitical rivalry between major powers (Murphy and Nagy, 2024).

In the Cold War era, norms played a pivotal role in establishing binding constraints between superpowers with fundamentally divergent worldviews. In the post-Cold War context, where deterrence has become increasingly complex and fragmented, norms can serve to delineate the boundaries of appropriate behavior in cyberspace (Stevens, 2012). In a context where efficient deterrence against cyber coercion is not efficient, norms may serve as tools for making cyber coercion attempts more costly for the coercer or put shared thresholds for signalling.

However, the development of cyber norms is far from straightforward, as it often reflects underlying tensions between competing strategic interests. At the core of this evolving contest is a normative struggle between two dominant models: one that promotes an open, global, and interoperable Internet grounded in multistakeholder governance, and another that advocates for digital sovereignty, wherein states assert greater control over data flows and content regulation (Liaropoulos, 2016; Pohle and Santaniello, 2024). This normative divide is evident in diverging regional policies on data localization, cross-border information sharing, and harmonization of the cybersecurity standards and norms for state behaviors in the context of protecting critical infrastructure (Kouloufakos, 2023).

A notable development within this contested environment is the emergence of the strategic engagement of the so-called middle power in Indo-Pacific. Countries such as Australia, India, Indonesia, Japan, South Korea, and Singapore are not merely responding to great power competition but are actively contributing to cyber norms implementation, institutional capacity building, and confidence-building measures in cyberspace. Numerous initiatives have emerged to foster cyber governance cooperation and strengthen collective resilience. Southeast Asian countries have articulated a regional vision through the ASEAN Cybersecurity Cooperation Strategy, which outlines priorities for regional capacity-building, voluntary adoption of UN Cyber Norms, and incident response coordination among member states (ASEAN, 2022). This strategy leads to the establishment of the ASEAN Regional CERT to bolster coordinated response to cyber threats. ASEAN Regional Forum (ARF) Inter-Sessional Meeting (ISM) on Security of and in the Use of Information and Communication Technologies (ICTs) plays a pivotal role in advancing transparency, trust, and regional stability through cyber confidence-building measures between ASEAN and its external partners in Indo-Pacific. At the bilateral level, the U.S.-Indonesia maritime cyber partnership exemplifies how cyber capacity-building is being integrated into broader maritime and economic cooperation, with an emphasis on protecting undersea cables, port infrastructure, and maritime logistics systems (US Department of Homeland Security, 2024).

Parallel efforts, such as Australia’s Pacific Cyber Cooperation Partnership and Southeast Asia and Pacific Cyber (SEA-PAC) Program, provide targeted technical assistance, incident coordination mechanisms, and training opportunities for Southeast Asian and Pacific Island countries, particularly those with limited cybersecurity resources. These initiatives illustrate how middle powers seek to operationalize cyber norms in practice, mitigating coercive cyber behaviors by fostering transparency, resilience, and cooperative security in a region increasingly shaped by the strategic uses of cyberspace.

However, despite the momentum generated by these initiatives, critical structural gaps continue to impede the emergence of a robust and coherent framework for critical infrastructure protection in Indo-Pacific. Chief among these is the absence of binding international norms or legal instruments specifically dedicated to the protection of critical infrastructure, leaving key sectors such as energy, healthcare, and telecommunications exposed to malicious actors (Kouloufakos, 2023).

The lack of a common framework for attributing cyber incidents also presents a significant challenge. Attribution requires the integration of technical, legal, and diplomatic processes, and without shared standards, coordinated responses to cyber threats remain limited and fragmented (Rid and Buchanan, 2015). Compounding these vulnerabilities is the varying levels of preparedness of the private sector, which controls large segments of the region’s critical infrastructures. Small and medium-sized enterprises (SMEs), in particular, often lack mature cybersecurity capabilities, financial resources, and compliance with regulations (Alahmari and Duncan, 2020; Kabanda et al., 2018). Without stronger public-private partnerships and greater regional alignment on baseline cybersecurity practices, the Indo-Pacific risks becoming increasingly disjointed in its approach to cyber resilience.

As digital interdependence deepens across the Indo-Pacific, reinforcing trust, interoperability, and collective preparedness will be vital to maintaining a secure and inclusive regional digital cyberspace. Achieving this vision will require not only sustained investments in capacity-building and technical cooperation but also renewed political will to advance cyber norm implementation to promote responsible state behavior, and capacity-building measures to manage cyber conflict and escalation risks (Hitchens and Gallagher, 2019; Nye, 2017).

The geopolitical tensions and friction points of the Indo-Pacific are clearly evident in the cyber domain. The persistent and low-intensity cyber operations are shaping regional balances and subtly conveying certain strategic messages to the regional audience. In the realm of international relations literature, cyber coercion is defined as a form of signaling between states. Moving from Schelling’s perspective to the contemporary context, cyber coercion operations are conducted in a gray zone where both the attacker and the attacked actor refrain from escalating the situation to a war-level conflict. Cyber operations, irrespective of their effectiveness, often remain below the threshold of armed conflict while simultaneously serving to exert influence and accomplish strategic objectives without engaging in an overt confrontation.

In this paper, by evaluating the core elements of the Chinese cyber doctrine embedded in the weishe doctrine, we conduct a comparative pattern identification of the responses of India and Australia to Chinese cyber coercion. Our analysis focuses on critical infrastructure as it represents a particularly salient domain of cyber coercion, not only because of its disruptive potential and capacity for strategic signaling, but also because contemporary Chinese cyber campaigns increasingly involve sustained peacetime activity aimed at positioning in critical assets for future crises and conflicts, thereby sustaining coercive impact (Fischerkeller et al., 2025).

We further asserted that two significant actors in the Indo-Pacific, have developed distinct approaches to these challenges. Australia has extensively relied on international coalitions and collaborated with like-minded states, without refraining from making public attributions or signaling its offensive cyber capabilities. India’s approach differs from Australia’s stance. India prefers ambiguity and obscurity not only about its capabilities but also about its potential response options and strategic directions. These preferences are not stand-alone choices but rather reflect each country’s foreign policy orientation and institutional dynamics: for India, the diversity model prioritizes flexibility (Basu and Priyandita, 2025), whereas for Australia, the Five Eyes framework and close bilateral relations with the United States are central (Austin, 2025).

In the ongoing scholarly discourse on cyber coercion, the evidence presented in this study also provides a novel perspective on Chinese cyber operations against India, Australia, and other actors. Our research on the volume of attacks and the tactics, techniques, and procedures (TTP) employed by the threat actors revealed that these cyber operations transcend the conventional boundaries of coercion or cyber coercion, presenting a distinct approach. Coercion typically involves explicit demands, a credible threat of punishment, and clear conditions for restraint. However, the documented Chinese operations do not fully align with this pattern. A closer examination of the Chinese strategy literature and their modus operandi facilitate the identification of the behavior as “persistent pressure,” which better encapsulates a broader strategy. In the face of persistent pressure, actors engage in a continuous and opportunistic exploitation of adversaries’ vulnerabilities, designed to maintain a state of strategic friction and domination.

A defining characteristic of these operations is the rapidity and scope with which Chinese threat actors exploit newly disclosed vulnerabilities. Unlike APTs that invest years in designing highly sophisticated, one-off malware campaigns such as Stuxnet, Chinese APTs are known to move within hours of public vulnerability announcements. They swiftly compromise multiple targets across sectors, including telecommunications networks, defense contractors, universities, and government agencies. This agility emerges as a certain characteristic of Chinese cyber threat actors. This approach prioritizes scalability over customization. Instead of developing bespoke tools to exert pressure on a single adversary in a crisis, Chinese operators seize every opportunity to penetrate exposed systems. Consequently, there is a continuous stream of intrusions, ensuring that rivals such as India and Australia remain in a perpetual state of cyber defense. They are constantly engaged in patching, investigating, and recovering from attacks.

Such activities generate persistent friction rather than discrete, coercive episodes (Fischerkeller et al., 2022). This strategy maintains Beijing’s position of initiative, compelling adversaries into reactive cycles that drain resources and attention. By relying on widely available exploits rather than highly distinctive malware, Chinese groups blur the distinction between state-sponsored and criminal activity, thereby reducing attribution clarity and avoiding escalation triggers. Notably, the absence of explicit demands does not render these operations strategically inconsequential. Conversely, the cumulative impact of continuous exploitation diminishes the resilience of Indian and Australian institutions, complicates policy responses, and guarantees that China retains informational and psychological advantages during periods of heightened geopolitical tension.

In this context, Chinese cyber operations are most accurately characterized as a doctrine of persistent cyber pressure. However, this approach does not disregard the extensive long-term preparation necessary for cyber operations by Chinese APTs. Instead, it endeavors to formulate a distinct type of operation within the cyber domain within the Indo-Pacific region. Rather than seeking immediate concessions through cyber coercion, they aim to gradually shape the strategic environment over time, embedding digital insecurity into the routine realities of their adversaries. This persistence, more than any singular crisis, underscores how cyberspace has emerged as a crucial domain of Chinese statecraft.