House hearing debates expanding US offensive cyber operations amid China-linked intrusions
US lawmakers and expert witnesses used a House Homeland Security hearing to debate whether the United States should expand offensive cyber operations in response to China-linked intrusions into US critical infrastructure and telecom networks, including reported access to “lawful intercept” systems used for court-authorized surveillance. Witnesses argued for embedding offensive cyber thinking across government and integrating cyber more deeply into military doctrine, while also pointing to an emerging national cyber strategy expected to include an offensive-operations pillar and greater public-private collaboration.
Several participants cautioned that expanding cyber offense without strengthening domestic resilience could increase escalation risk and leave US networks exposed, citing concerns such as CISA’s reported loss of roughly one-third of its workforce and the need to fund defensive modernization of federal systems. Separately published commentary about “gray zone” cyber disruption tied to Venezuela reflects the broader policy narrative around cyber-enabled coercion, but it does not add substantiated technical details about the hearing’s core issue or the China-linked intrusions driving the push for a more aggressive posture.
Related Entities
Organizations
Sources
Related Stories
US Policy Debate on Countering Chinese Cyber Threats and Securing Telecom Networks
US national security commentary and Defense Department testimony emphasized that **trust and cybersecurity** are being positioned as strategic differentiators in competition with China, particularly as AI capabilities proliferate. One argument framed cybersecurity as a key factor in global adoption of US AI and cloud technologies, contrasting the US private-sector ecosystem with China’s more consolidated AI cloud market and linking security posture to international trust and influence. Separately, senior DoD officials described **CYBERCOM 2.0** as a new force-generation model intended to improve agility against intensified Chinese cyber activity, including attacks on critical infrastructure involving **industrial control system (ICS) abuse** and **AI-enabled intrusions**, and highlighted efforts to “close the loop” between offensive learning and defensive readiness. A related policy critique pointed to the **Salt Typhoon** espionage campaign against US telecommunications providers as evidence that China’s access was enabled by basic security failures (e.g., legacy equipment, weak passwords, unpatched systems) and argued for mandatory operational baselines and tighter controls around **lawful intercept systems**, noting that major carriers had not convincingly demonstrated full eviction of intruders per Senate Commerce Committee discussions.
1 months agoUS Government Urged to Leverage Private Sector for Offensive Cyber Operations
A new report from Dartmouth's Institute for Security, Technology and Society calls for the US government to develop a comprehensive strategy to better utilize its private sector in scaling up offensive cyber activities. The report, based on input from 30 experts from government, industry, and academia, highlights a significant capability gap between the US and China in cyberspace. While China conducts both targeted and opportunistic cyber operations, the US approach remains narrowly focused and top-down, limiting its operational tempo and agility. The report suggests that the US private sector, with its agility and technical expertise, could help close this gap and enable more effective cyber operations at scale. The analysis contrasts the US and Chinese models, noting that China often steals data broadly and determines its value later, whereas the US prioritizes select, high-value targets. The report references leaks from Chinese cyber espionage firm i-SOON to illustrate the opportunistic nature of Chinese operations. It concludes that integrating private sector capabilities could help the US achieve greater cyberspace dominance and respond more flexibly to emerging threats, recommending a shift in strategy to harness both high- and low-end offensive cyber capabilities.
4 months ago
Reports Highlight China-Led Expansion of Offensive Cyber Operations and Targeting of Defense and Critical Infrastructure
Multiple reports and leaked documents indicate **China-linked cyber operations** are expanding in scale and sophistication, with a strong emphasis on targeting government, telecommunications, and other strategic sectors. A Forescout *Vedere Labs* analysis cited by Cybernews reported China as the top origin of threat operations last year (210), with Russia and Iran also major contributors; the reporting also highlighted suspected China-linked activity tied to a multi-year compromise of South Korea’s **Onnara System**, including theft of civil servants’ **GPKI certificates and credentials**, and noted Taiwan’s National Security Bureau reporting an average of **2.63 million attacks per day** last year. Separately, leaked technical materials reviewed by Recorded Future News describe a purported Chinese internal training environment—part of an integrated system called **“Expedition Cloud”**—used to rehearse offensive cyberattacks against replicas of neighboring countries’ real-world networks, including **power/energy transmission, transportation, and smart home infrastructure**. In parallel, a Google Threat Intelligence Group report warned of a “relentless barrage” of nation-state activity against the **U.S. defense industrial base**, describing a shift beyond classic espionage into **supply-chain attacks, workforce infiltration, and battlefield-adjacent operations**; Google attributed much of the activity to **Chinese, Russian, Iranian, and North Korean** actors and noted continued Russian targeting of organizations supporting Ukraine, including phishing, malware aimed at mobile battlefield-management apps, and attempts to access encrypted messaging platforms.
1 months ago