We tend to think of conflict between states as something that arrives with a bang: bombs falling, missiles fired, ships sinking, or borders breached. Today, it might come as a whisper in the wires: our power flickering out, our water supply cut, our communications down.
Katherine Mansted fears we are not ready for that kind of fight.
Mansted is executive director of Cyber Intelligence at CyberCX, Australia and New Zealand’s largest cybersecurity firm, and a senior fellow at the Australian National University’s National Security College. She has spent years tracing the blurred line between espionage, cybercrime, and information warfare—watching authoritarian regimes and criminals exploit every online weakness. Her assessment is clear: the battlefield has shifted.
“In my view, any future war will start with surprise cyber sabotage before we even know we're on a war footing.”
And it will be fought in all domains.
“No matter how many boats we have or how many missiles we have, if they're not cyber worthy, if they're not cyber resilient, we won't be in a fight. And we won't be able to mobilize and get to the fight if our logistics are crippled and our social cohesion is upended.”
Grey zone conflict is already raging, with adversaries targeting anyone connected to the internet.
“It is a constant fight. It's a constant cat and mouse game between attacker and defender. And sometimes those attackers are criminals. Often they're organized crime groups. They're sometimes ideologically motivated bad guys. Sometimes it's nation states as well.”
Four nation-state adversaries are well known: China, Russia, Iran, and North Korea. But each has a different profile, a different motivation. Russia, for example, excels in disinformation.
“You put out the fire hose of falsehood, where you put out so many different views that the public becomes bewildered, or you pick up a couple of new polarizing views and you amp them up so the public turns on itself. They mess with the very DNA, the very lifeblood of that information ecosystem in a way that’s so hard to pick apart.”
China’s cyber ambitions are broader. Once focused mainly on economic espionage—“the greatest wealth transfer in history”—Beijing has evolved. It now uses cyber tools to monitor diaspora communities, track dissidents, and gain persistent access to critical systems. This isn’t just about spying. It’s about coercion and sabotage.
The United States has already gone public on Vault Typhoon—a Chinese state-linked cyber operation that’s been quietly embedding itself in American infrastructure.
“Vault Typhoon’s not doing your ye olde espionage. It’s breaking into systems and hiding there, sometimes for five years or more, to maintain access, to be able to sabotage that infrastructure if it wants to, if the Chinese government demands in future.”
It’s not just in the U.S. We’d be “nuts,” Mansted says, to think China isn’t doing the same things here.
What makes the cyber threat uniquely difficult is its ambiguity. You can’t always see the adversary. You may not know whether an outage is a failure or an attack. And because critical infrastructure in Australia is mostly privately owned, securing it is more complex and demands a high level of awareness and resilience across the community.
Hostile nation-states have also enlisted criminal partners and weaponised cybercrime. Many of these operations run out of Russia or former Soviet states. The lines between criminals and governments are vanishing.
“It’s that revolving door between Russian intelligence, the criminal underworld.”
Then there’s the compounding challenge of artificial intelligence. AI isn’t just making things faster—it’s making them cheaper, more scalable, and harder to trace. Mansted’s team at CyberCX recently discovered 8,000 disinformation accounts on X (formerly Twitter) linked to China, likely run by robots.
“That network was controlled end-to-end by a large language model based AI system. One person had probably programmed that system. He was using just pretty low-cost, a low-cost server running on consumer-grade hardware.”
You no longer need a troll farm. You just need one motivated person and a laptop.
What should governments do? It starts with honesty and clarity. Mansted objects to naming foreign hacking groups things like “Vault Typhoon” or “Fancy Bear.”
“I’d prefer us to call things what they are—in this sense, Chinese government.”
If the Australian public is to take threats seriously, they need to know where they’re coming from. And yet, our politicians and officials still balk at naming China.
“So I think we need an even more transparent and open conversation with the public. I don't want to see the C-word diminish from use in Canberra. I want us being open about who the bad guys are and what their objectives are.”
Share this post