Take fight to the enemy, US cyber boss says
(2025/11/18)
- Reference: 1763488132
- News link: https://www.theregister.co.uk/2025/11/18/the_us_wants_to_go/
- Source link:
America is fed up with being the prime target for foreign hackers. So US National Cyber Director Sean Cairncross says Uncle Sam is going on the offensive – he just isn't saying when.
Speaking at the Aspen Cyber Summit in Washington, D.C., on Tuesday, Cairncross said his office is currently working on a new National Cyber Strategy document that he said will be short, to the point, and designed to pair policy with actions that go beyond improving defensive posture. He wants the US government, in cooperation with private industry, to start going after threat actors directly.
"As a country we have not done a terrific job sending a signal to our adversaries that this behavior is not consequence-free," Cairncross said, adding that he wants the new National Cyber Strategy to introduce cost and consequences into the mix for America's adversaries that keep hitting US critical infrastructure.
[1]
Cairncross noted that the US government and many private companies have become experts at identifying and responding to threats and remediating damage, but the fractured way the US responds to incidents means there's no long-term, cohesive strategy to hamper continued attacks.
[2]
[3]
"There has never been a top-cover strategy," Cairncross said. "What we haven't been good at is saying 'what can we do over the course of 12 months to really put a dent in the incentive to engage in this sort of behavior?'"
The cyber boss didn't go into detail about the strategy document he's working on aside from mentioning it would have six pillars and function as a "single coordinated strategy" that has never existed in the US cyber domain before.
[4]
"The private sector is responsible for our critical infrastructure. It's a design of our system," Cairncross said. "It's a double-edged sword. It makes it somewhat more disparate and harder to protect, but there is a way to do this collaboratively that is effective."
The industry responds
Sitting alongside Cairncross was Mandiant cofounder Kevin Mandia, who argued that the current asymmetry in US cyber posture, with American companies and critical infrastructure entirely on the defensive, wasn't sustainable, especially in the age of AI.
"The criminal element always gets [new tech] enabled before the good guys," said Mandia, who's now a cofounder and partner at Ballistic Ventures. "Five years from now, primarily attacks will be AI agents doing the offense at a scale and scope we have to be ready for."
Better defense "will never stop the problem," he added.
In a panel discussion on offensive cybersecurity following Cairncross' keynote, Google Threat Intelligence VP Sandra Joyce echoed some of what Mandia said, with a focus on the threat-sharing element of the current public/private world of cybersecurity.
[5]
Joyce doesn't believe the current paradigm is successful, either.
"We have collectively decided that government will take the action and industry will share intelligence. If that was going to work, it would have worked by now," Joyce said. It's actually been the opposite, with increases in ransomware attacks and critical infrastructure intrusions. "We both need to do more - it's been open season on American businesses and government organizations for way too long."
Rather than private industry dumping its information on the government, Joyce posited, firms need to give specific intelligence that will help the feds decide how to act offensively.
[6]Ex-CISA head thinks AI might fix code so fast we won't need security teams
[7]Trump's cyber czar pick grilled over CISA cuts: 'If we have a cyber 9/11, you're the guy'
[8]US infrastructure could crumble under cyberattack, ex-NSA advisor warns
[9]Ex-US cyber boss slams politics getting in the way of preparedness
Joyce also believes that the current government model of responding defensively to cyber threats has largely failed.
"If we take six months to do something thoughtful that's great, but in two weeks if they're back up and running that's not going to give the effects we need," Joyce said.
Case in point, take the Lumma infostealing malware. [10]Disrupted by the FBI and other agencies over the summer, the malware is [11]already back with newly-improved features. That's only the most recent example of such cybercriminal gangs roaring back after government disruption.
Cairncross' talking points suggest the US is damn well going to try to turn the tables, but when asked for a timeline on release of the document, he deflected. Hard.
"We're going to roll out a strategy, we're going to roll out an action plan … and then we'll start moving deliverables," Cairncross said. Until then, it's going to be entirely defensive, with [12]fewer people keeping watch . Business as usual. ®
Get our [13]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/10/27/jen_easterly_ai_cybersecurity/
[7] https://www.theregister.com/2025/06/05/trump_cyber_nominee_cairncross/
[8] https://www.theregister.com/2025/06/08/exnsc_official_not_sure_us/
[9] https://www.theregister.com/2025/10/02/exnational_cyber_boss_us_cyber/
[10] https://www.theregister.com/2025/05/21/lumma_infostealer_service_busted/
[11] https://www.theregister.com/2025/11/16/infosec_news_in_brief/#:~:text=be%20very%20careful.-,Lumma%20Stealer%20returns,-It%20was%20nice
[12] https://www.theregister.com/2025/10/14/cisa_jettisoning_more_staff_reassigning/
[13] https://whitepapers.theregister.com/
Speaking at the Aspen Cyber Summit in Washington, D.C., on Tuesday, Cairncross said his office is currently working on a new National Cyber Strategy document that he said will be short, to the point, and designed to pair policy with actions that go beyond improving defensive posture. He wants the US government, in cooperation with private industry, to start going after threat actors directly.
"As a country we have not done a terrific job sending a signal to our adversaries that this behavior is not consequence-free," Cairncross said, adding that he wants the new National Cyber Strategy to introduce cost and consequences into the mix for America's adversaries that keep hitting US critical infrastructure.
[1]
Cairncross noted that the US government and many private companies have become experts at identifying and responding to threats and remediating damage, but the fractured way the US responds to incidents means there's no long-term, cohesive strategy to hamper continued attacks.
[2]
[3]
"There has never been a top-cover strategy," Cairncross said. "What we haven't been good at is saying 'what can we do over the course of 12 months to really put a dent in the incentive to engage in this sort of behavior?'"
The cyber boss didn't go into detail about the strategy document he's working on aside from mentioning it would have six pillars and function as a "single coordinated strategy" that has never existed in the US cyber domain before.
[4]
"The private sector is responsible for our critical infrastructure. It's a design of our system," Cairncross said. "It's a double-edged sword. It makes it somewhat more disparate and harder to protect, but there is a way to do this collaboratively that is effective."
The industry responds
Sitting alongside Cairncross was Mandiant cofounder Kevin Mandia, who argued that the current asymmetry in US cyber posture, with American companies and critical infrastructure entirely on the defensive, wasn't sustainable, especially in the age of AI.
"The criminal element always gets [new tech] enabled before the good guys," said Mandia, who's now a cofounder and partner at Ballistic Ventures. "Five years from now, primarily attacks will be AI agents doing the offense at a scale and scope we have to be ready for."
Better defense "will never stop the problem," he added.
In a panel discussion on offensive cybersecurity following Cairncross' keynote, Google Threat Intelligence VP Sandra Joyce echoed some of what Mandia said, with a focus on the threat-sharing element of the current public/private world of cybersecurity.
[5]
Joyce doesn't believe the current paradigm is successful, either.
"We have collectively decided that government will take the action and industry will share intelligence. If that was going to work, it would have worked by now," Joyce said. It's actually been the opposite, with increases in ransomware attacks and critical infrastructure intrusions. "We both need to do more - it's been open season on American businesses and government organizations for way too long."
Rather than private industry dumping its information on the government, Joyce posited, firms need to give specific intelligence that will help the feds decide how to act offensively.
[6]Ex-CISA head thinks AI might fix code so fast we won't need security teams
[7]Trump's cyber czar pick grilled over CISA cuts: 'If we have a cyber 9/11, you're the guy'
[8]US infrastructure could crumble under cyberattack, ex-NSA advisor warns
[9]Ex-US cyber boss slams politics getting in the way of preparedness
Joyce also believes that the current government model of responding defensively to cyber threats has largely failed.
"If we take six months to do something thoughtful that's great, but in two weeks if they're back up and running that's not going to give the effects we need," Joyce said.
Case in point, take the Lumma infostealing malware. [10]Disrupted by the FBI and other agencies over the summer, the malware is [11]already back with newly-improved features. That's only the most recent example of such cybercriminal gangs roaring back after government disruption.
Cairncross' talking points suggest the US is damn well going to try to turn the tables, but when asked for a timeline on release of the document, he deflected. Hard.
"We're going to roll out a strategy, we're going to roll out an action plan … and then we'll start moving deliverables," Cairncross said. Until then, it's going to be entirely defensive, with [12]fewer people keeping watch . Business as usual. ®
Get our [13]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aRz6hmAMIC9ZKVSh0rs8RQAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/10/27/jen_easterly_ai_cybersecurity/
[7] https://www.theregister.com/2025/06/05/trump_cyber_nominee_cairncross/
[8] https://www.theregister.com/2025/06/08/exnsc_official_not_sure_us/
[9] https://www.theregister.com/2025/10/02/exnational_cyber_boss_us_cyber/
[10] https://www.theregister.com/2025/05/21/lumma_infostealer_service_busted/
[11] https://www.theregister.com/2025/11/16/infosec_news_in_brief/#:~:text=be%20very%20careful.-,Lumma%20Stealer%20returns,-It%20was%20nice
[12] https://www.theregister.com/2025/10/14/cisa_jettisoning_more_staff_reassigning/
[13] https://whitepapers.theregister.com/
Umm, how?
Eclectic Man
You missed antagonising and going after highly respected Computer Security experts like Chris Krebs and Jen Easterly, his replacement at CISA:
https://www.theregister.com/2020/11/18/trump_fires_krebs/
https://www.theregister.com/2025/07/31/jen_easterly_west_point_termination/
This does not give me a good feeling that actions will be either sound or effective.
I must admit that I am somewhat concerned at this. I agree that something must be done, but blowing up people like the alleged drug smugglers without any pretence of 'due process' in the Caribbean is contentious to say the least . The nature of any aggressive action against foreign actors would have to be carefully considered, and have some semblance of legality. Kinetic responses on foreign territory could legally constitute an act of war.
I fear the world is becoming a more dangerous place by the day.
Edit: It seems the UL has not stopped sharing Intel with the USA on drug smugglers, so I have amended the text accordingly. Sorry.
America sees 'enemies' everywhere.
VoiceOfTruth
Now why is that?
It's a bit of hypocrisy from the world's number one hacker to cry about being hacked. The USA is not our friend.
Anonymous Coward
I thought Microso$t was their offensive arm given the number of bugs and incompetence they fling around like monkey poo.
VoiceOfTruth
MS is a weaponised tool for mass spying.
First, we're going to shut down the investigation into Salt Typhoon, then we will remove funding for multi-state defense against the dark arts, then we attack! But, before we attack, we'll telegraph our punches by making lectures. Then, lookout buddy, because we attack for real sometime after that, and before the next administration gets into office. No, really.