US Government Urged to Leverage Private Sector for Offensive Cyber Operations
A new report from Dartmouth's Institute for Security, Technology and Society calls for the US government to develop a comprehensive strategy to better utilize its private sector in scaling up offensive cyber activities. The report, based on input from 30 experts from government, industry, and academia, highlights a significant capability gap between the US and China in cyberspace. While China conducts both targeted and opportunistic cyber operations, the US approach remains narrowly focused and top-down, limiting its operational tempo and agility. The report suggests that the US private sector, with its agility and technical expertise, could help close this gap and enable more effective cyber operations at scale.
The analysis contrasts the US and Chinese models, noting that China often steals data broadly and determines its value later, whereas the US prioritizes select, high-value targets. The report references leaks from Chinese cyber espionage firm i-SOON to illustrate the opportunistic nature of Chinese operations. It concludes that integrating private sector capabilities could help the US achieve greater cyberspace dominance and respond more flexibly to emerging threats, recommending a shift in strategy to harness both high- and low-end offensive cyber capabilities.
Sources
Related Stories
U.S. Cyber Policy Emphasizes Private-Sector Defense Partnerships Over Offensive Hacking
The U.S. government signaled that **private industry is not expected to conduct offensive cyber operations** on the government's behalf, even as the new national cyber strategy calls for stronger collaboration with commercial partners. National Cyber Director Sean Cairncross said the administration wants to use private-sector capabilities for **information sharing, threat intelligence, and defensive support**, while offensive action remains the responsibility of agencies that already hold that authority, including the **NSA, CIA, FBI, and U.S. Cyber Command**. The same policy direction is reflected in the Energy Department's planned **first-ever cyber strategy**, which is intended to align with the national strategy and focus on protecting the energy grid through stronger public-private coordination. Energy officials said the plan will prioritize getting **timely, actionable information** to operators, improving the sector's **security resilience**, and investing in **AI for cyber defense** to counter adversaries using AI-enabled offensive capabilities against critical infrastructure.
Today
House hearing debates expanding US offensive cyber operations amid China-linked intrusions
US lawmakers and expert witnesses used a House Homeland Security hearing to debate whether the United States should **expand offensive cyber operations** in response to **China-linked intrusions** into US critical infrastructure and telecom networks, including reported access to “lawful intercept” systems used for court-authorized surveillance. Witnesses argued for embedding offensive cyber thinking across government and integrating cyber more deeply into military doctrine, while also pointing to an emerging national cyber strategy expected to include an offensive-operations pillar and greater public-private collaboration. Several participants cautioned that expanding cyber offense without strengthening domestic resilience could increase escalation risk and leave US networks exposed, citing concerns such as **CISA’s reported loss of roughly one-third of its workforce** and the need to fund defensive modernization of federal systems. Separately published commentary about “gray zone” cyber disruption tied to Venezuela reflects the broader policy narrative around cyber-enabled coercion, but it does not add substantiated technical details about the hearing’s core issue or the China-linked intrusions driving the push for a more aggressive posture.
2 months ago
Reports Highlight China-Led Expansion of Offensive Cyber Operations and Targeting of Defense and Critical Infrastructure
Multiple reports and leaked documents indicate **China-linked cyber operations** are expanding in scale and sophistication, with a strong emphasis on targeting government, telecommunications, and other strategic sectors. A Forescout *Vedere Labs* analysis cited by Cybernews reported China as the top origin of threat operations last year (210), with Russia and Iran also major contributors; the reporting also highlighted suspected China-linked activity tied to a multi-year compromise of South Korea’s **Onnara System**, including theft of civil servants’ **GPKI certificates and credentials**, and noted Taiwan’s National Security Bureau reporting an average of **2.63 million attacks per day** last year. Separately, leaked technical materials reviewed by Recorded Future News describe a purported Chinese internal training environment—part of an integrated system called **“Expedition Cloud”**—used to rehearse offensive cyberattacks against replicas of neighboring countries’ real-world networks, including **power/energy transmission, transportation, and smart home infrastructure**. In parallel, a Google Threat Intelligence Group report warned of a “relentless barrage” of nation-state activity against the **U.S. defense industrial base**, describing a shift beyond classic espionage into **supply-chain attacks, workforce infiltration, and battlefield-adjacent operations**; Google attributed much of the activity to **Chinese, Russian, Iranian, and North Korean** actors and noted continued Russian targeting of organizations supporting Ukraine, including phishing, malware aimed at mobile battlefield-management apps, and attempts to access encrypted messaging platforms.
1 months ago