Key Takeaways:
- The Trump administration is preparing to release a new national cybersecurity strategy that prioritizes offensive cyber operations over defense.
- This approach is unlikely to be effective against China, which has a large and sophisticated cyber apparatus that is deeply integrated into its national security strategy.
- The administration’s emphasis on offense is coming at the expense of defense, with budget cuts and staffing reductions at the Cybersecurity and Infrastructure Security Agency (CISA) and other cyber defense offices.
- A more effective approach would focus on strengthening U.S. cyber defenses, including implementing minimum security requirements for critical infrastructure and hardening military command and control systems against disruption.
- The U.S. should also prioritize integrating cyber effects with joint military operations and demonstrating to China that cyber operations cannot achieve their objectives.
Introduction to the National Cybersecurity Strategy
The Trump administration is set to release a new national cybersecurity strategy that prioritizes offensive cyber operations over defense. This approach is based on the idea that the U.S. can take the fight to its adversaries and disrupt their malicious activity at its source. However, this strategy is unlikely to be effective against China, which has a large and sophisticated cyber apparatus that is deeply integrated into its national security strategy. China’s cyber operations are designed to advance its core national interests, including technological self-sufficiency, political control, and pre-positioning for crisis and conflict.
The Allure of Cyber Offense
The idea of taking the fight to the enemy is seductive, and the U.S. has had some successes with cyber operations in the past. For example, U.S. Cyber Command has dismantled ISIS’s online propaganda infrastructure and disrupted Russian election interference. However, these successes have been against relatively weaker adversaries, and it is unlikely that the same approach will be effective against a powerful and sophisticated adversary like China. China’s cyber apparatus operates at an unprecedented scale, with a vast ecosystem of private contractors, universities, and technology firms that provide infrastructure, capabilities, and operational assistance.
The Limitations of Cyber Offense
The theory behind the U.S. approach is that continuous offensive operations will cumulatively degrade adversary capabilities. However, against China, this logic breaks down. China’s distributed ecosystem can reconstitute faster than U.S. operators can disrupt it, and the U.S. lacks the necessary access and intelligence to launch effective cyber operations against China’s layered defenses. Furthermore, China’s cyber operations are designed to advance its core national interests, and it is unlikely that the U.S. can deter China from pursuing these interests through cyber operations alone.
The Cost to Military Readiness
The U.S. emphasis on offense is also coming at the expense of defense, with budget cuts and staffing reductions at CISA and other cyber defense offices. This is a mistake, as the U.S. needs to prioritize strengthening its cyber defenses in order to prevent China’s cyber campaigns from causing systemic harm. The U.S. should focus on implementing minimum security requirements for critical infrastructure, hardening military command and control systems against disruption, and integrating cyber effects with joint military operations.
A More Effective Approach
A more effective approach to cybersecurity would prioritize defense over offense. This would involve implementing minimum security requirements for critical infrastructure, hardening military command and control systems against disruption, and integrating cyber effects with joint military operations. The U.S. should also prioritize demonstrating to China that cyber operations cannot achieve their objectives, in order to deny China the confidence that it can use cyber operations to achieve a strategic advantage. This approach would require a fundamental shift in the U.S. approach to cybersecurity, from one that prioritizes offense to one that prioritizes defense.
Conclusion
The forthcoming national cybersecurity strategy promises to prioritize offense over defense, but this approach is unlikely to be effective against China. The U.S. needs to prioritize strengthening its cyber defenses, including implementing minimum security requirements for critical infrastructure and hardening military command and control systems against disruption. The U.S. should also prioritize integrating cyber effects with joint military operations and demonstrating to China that cyber operations cannot achieve their objectives. Only by taking a more comprehensive and defensive approach to cybersecurity can the U.S. hope to protect itself against the growing threat of Chinese cyber operations.
