Defense through Offense: Examining US Cyber Capabilities to Deter & Disrupt Malign Foreign Activity
Cybersecurity and Infrastructure Protection
2026-01-13
Loading video...
Source: Congress.gov
Summary
No summary available.
Participants
Transcript
The Committee on Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will come to order. Without objection, the Chair may declare the committee in recess at any point. The purpose of today's hearing is to examine the current state of U.S. capabilities or how those capabilities are used to deter, disrupt, and impose real cost on foreign adversaries that target the homeland. and our nation's critical infrastructure. The hearing will also assess the legal authorities that govern offensive cyber operations across the federal government and examine the evolving role of the private sector as the U.S. government considers whether and under what circumstances private entities may be authorized to support or conduct offensive and disruptive cyber activity. I now recognize myself for an opening statement. Today, the subcommittee is meeting to examine a reality that the United States can no longer afford to avoid, namely that deterrence in cyberspace does not exist without credible, lawful, and operational offensive cyber capabilities. Defense alone is not sufficient. Resilience alone is not sufficient. Public attribution alone is not sufficient. For more than a decade, the United States has invested heavily in cyber defense and for information sharing and resilience. Those investments are necessary and they have improved our ability to withstand attacks, but they have not altered adversarial behavior. Maligned cyber actors continue to penetrate American networks, steal sensitive data, surveil communications, and position themselves inside critical infrastructure with little fear of meaningful consequence. That reality was reinforced again just days ago. when public reporting revealed that a Chinese state-sponsored cyber actor known as Salt Typhoon compromised email systems used by staff supporting several congressional committees.
This incident was the latest operation in a sustained campaign conducted by a broader group of Chinese cyber actors commonly referred to as the Typhoon Cluster. These actors are not criminals acting for profit. They are instruments of state power, and that needs to be underscored. Their operations are deliberate, persistent, and strategic in nature. They are designed to extract intelligence, pre-position access, and shape the battlefield long before a crisis or conflict emerges. I'm gonna say that again. Pre-position access and shape the battlefield long before a crisis or conflict emerges. They target not only the executive branch and private industry, but now once again, the legislative branch itself. The question before this subcommittee is not whether these threats exist, that is no longer in dispute. The question is why they continue and what it will take to change the cost-benefit calculation for adversaries who believe they can operate against the United States with impunity. Currently, authorities for offensive cyber operations are dispersed across the Department of War, the intelligence community, law enforcement, while civilian agencies like CISA play critical roles in defense, response, and resilience. Existing policy frameworks were developed for an earlier phase of the cyber threat environment, one that did not fully anticipate today's scale, speed, and persistence of state-sponsored activity. Again, the speed and the scale of the battlefield has changed. They're also not designed for a world in which the vast majority of digital infrastructure targeted by adversaries is owned and operated by the private sector. The reality is forcing a broader reassessment across the federal government. The Trump administration has signaled its intent to pursue a more proactive and assertive cyber posture, one that emphasizes disrupting adversary capabilities before harm occurs, resetting adversarial risk calculations, and exploring new ways to integrate private sector expertise into national cyber efforts.
This reflects an important recognition. The private sector is not merely a victim in cyberspace. American cybersecurity companies, cloud providers, telecommunications firms, and emerging technology startups are often the first to detect malicious activity. the first to analyze adversarial tradecraft, and the first to develop tools capable of disrupting hostile infrastructure. In many cases, they already possess visibility and technical insight that rivals or exceeds that of the federal government. The challenge is that much of this activity exists in legal and policy gray space. Companies face uncertainty about liability, retaliation, and regulatory risk. Government agencies face constraints on how they can partner, share information, and act with speed. Adversaries exploit these scenes operating continuously below the threshold of armed conflict while benefiting from ambiguity and restraint. Today, our witnesses will help us assess how offensive cyber capabilities can be responsibly integrated into a modern homeland security framework. I appreciate our witnesses for being here, and I look forward to their testimony in the discussion ahead. And again, thank you all for being here. I now recognize the ranking member, the gentleman from Mississippi, Mr. Thompson, for his opening statement.
Thank you, Mr. Chairman. Good morning. I appreciate the opportunity to discuss opportunities to disrupt and deter malicious cyber activities on domestic networks and impose costs on our adversaries. And I thank the witnesses for participating. Before I begin, however, I'd like to send my deepest condolences to the family of Renee Good, particularly her partner and six-year-old child, who's now without a mother. From everything I've seen, Ms. Good was attempting to deescalate and leave the situation, and there was no reason to take her life.
Sign up for free to see the full transcript
Accounts help us prevent bots from abusing our site. Accounts are free and will allow you to access the full transcript.