The Trump administration’s cyber strategy fundamentally misunderstands China’s threat

Against a steady drumbeat of ransomware attacks, data breaches, and sophisticated intrusions, President Donald Trump’s administration is preparing to release a new national cybersecurity strategy this month centered on offensive cyber operations. Senior officials have repeatedly emphasized hitting back at the hackers and nation-states who have compromised U.S. networks with seeming impunity. If early signals are any indication, the strategy will treat offense as the primary solution to the United States’ cybersecurity challenges.

Meanwhile, the administration has weakened the foundations of U.S. cyber defenses. The Cybersecurity and Infrastructure Security Agency (CISA) has seen its budget reduced and staffing slashed, and the agency still lacks a Senate-confirmed director. Similar cuts have affected cyber defense offices across federal agencies, and the administration is rolling back cybersecurity requirements for critical infrastructure operators.

This combination—more offense, less defense—reflects a seductive logic: why play defense when you can take the fight to the enemy? But against China, now the most active and persistent cyber threat to U.S. networks, an offense-first strategy is a dangerous miscalculation. Cyber operations cannot stop or even substantially diminish Beijing’s campaigns. Doubling down on offense while neglecting defense will leave the United States more vulnerable, not less.

Read more at Council on Foreign Relations