In addition to trained cyber warriors, China can fully utilize the talents of its civilians who require the kind of security clearance for which only about 20% of U.S. population would qualify if the same cyber missions were carried out by United States, according to Kevin G. Coleman, security technology expert at Technolytics Institute.
So why do I argue against the "China threat" thesis (other than out of my sophomoric impulse to contradict the professor)?
Threat = Capability × Intent (%)
In this equation, intent ranges from zero to 100% (100% meaning the country is willing to devote all capability to one mission). Even if China's capability in the cyber arena is increasing, it does not make it a threat to U.S. national security if China does not have the intent to use that capability in an attack against the United States. It would hardly be surprising to learn that China, like all countries with such capabilities, is engaged in cyber espionage. But real or threatened attacks against either U.S. military or the civilian infrastructure would not be in China's interests for a variety of reasons: the negative effects on trade which would have a direct impact on its volatile migrant labor population, the international backlash that would destroy its hard-earned position in the international organizations in which it has strong interests, not to mention the danger of confronting the full weight of U.S. military.
Intent: Internally, rather than Externally-Focused
China's efforts in cyber space have mainly been internally rather than externally focused. This would support the regime's main concern of domestic stability, rather than an intensified confrontation with a foreign entity.
Chinese citizens' limited access to foreign websites is often seen as one of the defenses China has in a future cyber war scenario. Aside from the infamous Great Firewall, China only has nine ports through which the Chinese Internet is connected to the foreign Internet (as last reported in 2008, after which all information on this is withheld). Therefore, it is conceivable that China could cut itself off the Internet and operate a de facto Intranet. However, it also means that in the case of a large-scale outbreak of domestic instability, the government can cut its people off from the outside world (as what happened in Egypt).
If the first use is the main purpose of China's cyber setup, then the defense effort would be severely undermined because the government and big state-owned-enterprises are whitelisted to have full and unrestricted access to foreign networks, and many big private firms use satellite or microwave connections which do not go through the state's control mechanism, thus they will not be effectively immune from a cyber attack.
The domestically-focused use of this cyber structure actually occurred in Xinjiang after the July 2009 riots when the Internet was shut down for 10 months. In fact, The National Defense Mobilization Law, enacted in July 2010, stipulates that the state has broad authority in times of national defense mobilization and can, according to Article 63(1), take control of the telecommunication industry, the media, the information networks, and the energy and the water supply systems, among other things.