CyberWire Daily: Confronting China’s Expanding Cyber Threats [Threat Vector]

Release Date: January 1, 2026
Host: David Moulton (N2K Networks / Palo Alto Networks)
Guest: Wendy Whitmore, Chief Security Intelligence Officer, Palo Alto Networks

Episode Overview

This episode of CyberWire Daily dives deep into the escalating scale and sophistication of Chinese nation-state cyber threats. Host David Moulton is joined by veteran threat intelligence leader Wendy Whitmore, who shares insights from over two decades of frontline experience against advanced persistent threats (APTs). The discussion emphasizes how Chinese actors are rapidly targeting critical infrastructure and leveraging AI, requiring defenders to rethink detection, resilience, and collaboration. Listeners are treated to practical examples, current threat intelligence, and strategic guidance for staying ahead in an era of accelerating cyber risk.

Key Discussion Points & Insights

1. China’s Expanding Threat Landscape [03:10–06:03]

• Unprecedented Scale and Speed:

  • Wendy Whitmore asserts, “We have never seen before during that timeframe this scale of persistent threat activity that we're seeing today from Chinese nation-state threat actors.”
  • Chinese APTs are exploiting vulnerabilities—sometimes within minutes—at volume, targeting both critical infrastructure and corporate environments.

• Global Impact:

  • Not just US organizations at risk—recent research showed 23 Cambodian government agencies compromised nearly simultaneously.
  • Trade route vulnerability: “Europe in particular has 40% of its trade moving through the South China Sea. … That’s a concern in terms of just the discussions at the forefront of everyone’s mind.” [05:33]

2. Vulnerabilities in OT and Critical Infrastructure [06:03–09:16]

• Legacy OT Systems:

  • Many operational technology (OT) and industrial control systems (ICS) were designed for uptime, not security.
  • “You have legacy systems, which in many cases are end of life. They're not able to be patched, and they're critical to making sure manufacturing environments are running correctly…” [06:22]

• Human Factor Weaknesses:

  • Password reuse across IT/OT is “a big target from these attackers.”
  • Cultural change is needed: realization often comes only after a breach.
  • Whitmore calls for “really zero trust principles within those OT environments.” [08:18]

3. AI’s Dual Role: Threat and Opportunity [09:16–09:59, 17:17–18:54]

• AI Enhancing Development & Defense:

  • AI can identify vulnerabilities earlier in the software lifecycle, reducing post-deployment risk.
  • “AI has the ability to inject into that software development lifecycle … to identify potential vulnerabilities … much earlier than we used to.” [09:23]
  • “Organizations should be fighting AI with AI.” [18:03]
    • Using AI to automate detection, triage, and allow humans to focus on the hardest problems.

• AI as an Offensive Tool:

  • The FBI recently indicated Chinese attackers are integrating AI “as part of the entire attack lifecycle.” [17:45]

4. Effective Threat Intelligence Sharing [10:23–11:26]

• Real-time and Contextual Sharing:

  • Threat intel teams (e.g., Palo Alto Networks & Microsoft) are “in Slack channels together, … on the phone together on a daily basis sharing information in real time.” [10:37]
  • To be effective, intelligence must be “contextualized and actionable … can’t be slow and gated and working through bureaucratic means.” [10:52]

• Post-Invasion Paradigm Shift:

  • Russia’s invasion of Ukraine broke down barriers, especially among competitors, for critical threat information sharing. [11:26]
  • “When it actually came time to say, wow, okay, … there are people's lives we need to protect here, I think a lot of those barriers broke down.” [11:39]

5. Scenario Planning and Readiness [12:26–16:45]

• Holistic Exercises:

  • Effective exercises involve all organizational layers—boardroom to security operations, vendors, law enforcement, regulators.
  • “The most prepared organizations we see are … making sure those relationships are in place in advance of an attack…” [12:52]
  • Example: Unit 42 and Microsoft ran a cross-industry AI attack tabletop as part of JCDC. “Those are the type of … comprehensive planning scenarios that we all want to be involved in…” [13:34]

• Case Study: Securing the Paris Olympics:

  • “We worked with critical infrastructure providers … everything from a train going down to the inability to process ticketing systems … to figure out, okay, how are we going to adapt quickly?” [15:38]

6. Future Blind Spots and Guidance [16:45–19:30]

• AI-Driven Blind Spots:

  • Fast AI adoption may introduce unforeseen vulnerabilities.
  • Both nation-states and cybercriminals are expected to exploit these weaknesses.

• Concrete Defensive Steps:

  • Leverage AI in defensive workflows: “There is no way that we are going to defeat these adversaries if we are working at manual speed…” [18:24]
  • “Cybersecurity has never been more important than it is today. … Investments that need to be made in making sure that their organization is in a consistent shields up posture at all times.” [18:59]

Notable Quotes & Memorable Moments

• On the alarming scale of Chinese cyber operations:
  “Hands down, you know, bar none, that is the reality today.” — Wendy Whitmore @ 03:50

• On the failing paradigm for protecting OT:
  “Security is oftentimes bolted on after the fact. … The way we've been doing it isn't going to be effective moving forward.” — Wendy Whitmore @ 06:27, 07:32

• On need for cultural change:
  “We want more organizations to be thinking of this proactively and … implement really zero trust principles within those OT environments.” — Wendy Whitmore @ 08:26

• AI’s role in development and defense:
  “We can identify potential vulnerabilities in the code much earlier than we used to.” — Wendy Whitmore @ 09:26

• On collaboration after geopolitical crises:
  “Russia Ukraine invasion really was a catalyst for a lot of [intel sharing]. … A lot of those barriers broke down between competitors…” — Wendy Whitmore @ 11:27

• On scenario planning:
  “It cannot be just security professionals who are involved ... really needs to be from the boardroom to the security operations center … and even better yet, bring the regulators into this dialogue.” — Wendy Whitmore @ 12:31

• On fighting AI-enabled threats:
  “Organizations should be fighting AI with AI...” — Wendy Whitmore @ 18:03

• Final takeaway:
  “Cybersecurity has never been more important than it is today. … Be in a consistent shields up posture at all times.” — Wendy Whitmore @ 18:59

Timeline of Key Segments

| Timestamp | Topic | |------------|--------------------------------------------------------| | 03:10–06:03| The scale, speed, and implications of Chinese APTs | | 06:03–09:16| Legacy OT, critical infra risk, and zero trust need | | 09:16–10:23| How AI transforms both attack and defense | | 10:23–11:26| Real-time threat intelligence sharing | | 12:26–16:45| Scenario planning, supply chain risk, Olympic case | | 17:17–18:54| AI-driven future threats and what defenders must do | | 18:59 | Crucial takeaway: Be “shields up” at all times |

Practical Advice for Defenders

• Engage in real-time, actionable intelligence sharing—bypass bureaucratic delays.
• Modernize OT/ICS security, adopt zero trust, and anticipate attacks on legacy systems.
• Involve all business units, vendors, and regulators in live scenario planning.
• Implement AI defensively for rapid detection and incident response.
• Acknowledge that scale, speed, and collaboration are the new baselines.

For listeners:
This episode offers a candid, expert exploration of fast-moving, AI-driven threats—especially from China—and gives actionable steps and strategies for resilience. Wendy Whitmore’s firsthand cases and straightforward advice make clear that organizations must evolve faster and collaborate better to keep pace with adversaries.