The Trump Administration’s Cyber Strategy Fundamentally Misunderstands China’s Threat
The Trump Administration’s Cyber Strategy Fundamentally Misunderstands China’s Threat
Publish Date: 2026-01-26 16:06:00
Source Domain: www.cfr.org
Against a steady drumbeat of ransomware attacks, data breaches, and sophisticated intrusions, President Donald Trump’s administration is preparing to release a new national cybersecurity strategy this month centered on offensive cyber operations. Senior officials have repeatedly emphasized hitting back at the hackers and nation-states who have compromised U.S. networks with seeming impunity. If early signals are any indication, the strategy will treat offense as the primary solution to the United States’ cybersecurity challenges.
Meanwhile, the administration has weakened the foundations of U.S. cyber defenses. The Cybersecurity and Infrastructure Security Agency (CISA) has seen its budget reduced and staffing slashed, and the agency still lacks a Senate-confirmed director. Similar cuts have affected cyber defense offices across federal agencies, and the administration is rolling back cybersecurity requirements for critical infrastructure operators.
This combination—more offense, less defense—reflects a seductive logic: why play defense when you can take the fight to the enemy? But against China, now the most active and persistent cyber threat to U.S. networks, an offense-first strategy is a dangerous miscalculation. Cyber operations cannot stop or even substantially diminish Beijing’s campaigns. Doubling down on offense while neglecting defense will leave the United States more vulnerable, not less.
The allure of cyber offense
Since 2018, the Pentagon has pursued [PDF] an increasingly proactive approach to cyberspace competition under the doctrine of “persistent engagement.” Instead of waiting for attacks to reach U.S. networks, U.S. Cyber Command would disrupt malicious activity at its source—dismantling adversary infrastructure, degrading their tools, and frustrating operations before execution. Disrupt enough infrastructure, burn enough access, keep attackers perpetually off balance, and eventually you neutralize the threat.
Successive…
