In order for the US to have reason to respond to China‘s cyberattacks, the malicious activity must do one (or more) of the following:
1) Attack critical infrastructure like utilities.
2) Disrupt major computer networks.
3) Steal trade secrets and intellectual property.
4) Benefit from stolen trade secrets and property.
On the retaliation side, the US is considering:
3) Diplomatic responses.
4) Ouster of known Chinese agents.
5) Covert cyber actions.