Washington, D.C. — Calls to expand U.S. offensive cyber operations in response to escalating threats from China and other adversaries are gaining political traction, but cybersecurity experts caution that the strategy is far more complex—and potentially less effective—than its proponents suggest.
The discussion has intensified among lawmakers and incoming national security officials aligned with the Trump administration, including national security adviser Mike Waltz, who have argued that the United States should impose higher costs on adversaries through more aggressive cyber actions.
However, analysts and former officials warn that expanding cyber offense raises unresolved questions about feasibility, escalation risks, and strategic effectiveness.
Growing Push for Offensive Cyber Posture
Supporters of a more aggressive stance argue that the United States should respond more forcefully to foreign cyber intrusions, particularly those attributed to Chinese-linked groups such as Volt Typhoon and Salt Typhoon.
They suggest that cyber deterrence should mirror Cold War-era nuclear strategy, where adversaries are discouraged through the threat of reciprocal harm in cyberspace.
Some policymakers have pointed to past operations such as the Stuxnet campaign, which targeted Iranian nuclear infrastructure, as an example of successful offensive cyber action.
Experts Warn of Oversimplified Expectations
Cybersecurity scholars and former intelligence officials argue that offensive cyber operations are often misunderstood and significantly more complex than public rhetoric suggests.
Herb Lin, a cybersecurity policy expert at Stanford University, noted that calls for expanded cyber offense often lack clear operational definitions. He said many proposals fail to explain what specific actions would be taken or how they would achieve meaningful deterrence outcomes.
Erica Lonergan of Columbia University also warned that policymakers often conflate espionage with offensive cyber operations, even though intelligence gathering does not necessarily translate into effective deterrence strategy.
Offensive Cyber Operations Are Slow and Complex
Experts emphasize that offensive cyber operations require long preparation cycles, including identifying vulnerabilities, infiltrating networks, and maintaining persistent access without detection.
Emerson Brooking of the Atlantic Council said such operations are inherently slow and resource-intensive, often taking months or years to execute effectively. He added that tools used in one operation can be discovered and rendered useless if exposed, limiting their long-term utility.
Former U.S. Cyber Command officials also note that successful operations require coordination across multiple government agencies and must balance secrecy with strategic signaling.
Debate Over Deterrence and Escalation Risks
A key concern among analysts is whether increased offensive cyber activity would actually deter adversaries—or instead escalate global cyber conflict.
Kurt Sanger, former deputy general counsel at U.S. Cyber Command, warned that the boundaries of cyber escalation remain poorly understood. He said there is limited evidence that cyber retaliation alone reliably changes adversary behavior, making it difficult to predict outcomes of more aggressive postures.
Others argue that offensive cyber actions lack the visible signaling power of traditional military responses, such as airstrikes or sanctions, which are more easily attributed and publicly communicated.
Calls for “Cyber Campaigning” Approach
Some defense officials advocate for a more structured long-term strategy known as “cyber campaigning,” in which operations are conducted continuously toward defined strategic goals rather than through isolated missions.
Former Cyber Command official Charles Moore said this approach would improve consistency and impact, but would require stronger coordination across defense and intelligence agencies.
However, critics caution that even a campaign-based approach does not resolve the fundamental challenges of attribution, escalation risk, or operational speed.
Limited Evidence of Strategic Impact
Despite growing interest in offensive cyber operations, researchers say there is little conclusive evidence that cyberattacks alone effectively deter state behavior.
Experts argue that alternative tools—such as sanctions, diplomatic pressure, and defensive hardening—may be more reliable for shaping adversary conduct.
As a result, many analysts believe offensive cyber capabilities should remain part of a broader strategy rather than serving as the primary response mechanism.
Outlook: Policy Direction Still Unsettled
While political momentum for stronger cyber offense is increasing, experts say the U.S. government has not yet resolved key questions about implementation, effectiveness, and risk.
The central challenge remains balancing deterrence with stability in cyberspace, where actions are often hidden, attribution is uncertain, and escalation pathways are difficult to predict.
For now, the debate underscores a broader reality: cyber offense is not a simple solution to rising digital threats, and its strategic value remains contested
