A US Strategy for ‘Offense’ in Cybersecurity

higher costs and consequences” for cyberattacks directed at U.S. targets. 
The U.S. has already taken retaliatory action against bad cyber actors; in one of his final acts as president, Joe Biden issued an executive order on cybersecurity that grants expanded authorities for sanctions against those who launch cyberattacks against U.S. critical infrastructure. Soon after, the Treasury Department sanctioned an alleged hacker and companies in China linked to the recent Salt Typhoon hack of U.S. telecommunications firms. Washington has imposed similar sanctions and financial restrictions on entities linked to other recent China-linked attacks, and the Department of Defense’s most recent Cyber Strategy instructed the department to prepare responses to “destructive cyber attacks.” But many experts believe the U.S. still lacks a clear offensive cyber strategy.

The Cipher Brief asked experts what such a strategy might look like. They offered a range of ideas – from offensive “playbooks” to cyber counterstrikes to an increased role for the private sector – all in the name, as one expert put it, of making “the leap from passivity to proactivity.”