Trump’s offensive cyber team takes shape

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Mar 03, 2025 View in browser   By Sam Skove With help from John Sakellariadis Driving the Day — Four key cyber staff at the National Security Council are now in place — several have been strong advocates for offensive cyber operations in a likely preview of where President Donald Trump’s cyber policy is heading. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I belatedly watched Oscar-contender “A Real Pain” this weekend. It’s a quiet, sweet movie that I wholeheartedly recommend, especially for anyone wishing for a little perspective on what matters in life amid the 24-hour news cycle. Follow POLITICO’s cybersecurity team on X at @RosiePerper, @johnnysaks130 and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories. Today's Agenda Nothing on the schedule today. At the Agencies HACK BACK — President Donald Trump’s appointments to the National Security Council signal the administration wants to get more aggressive in cyberspace following major Chinese breaches of U.S. networks. National Security Advisor Mike Waltz set the tone early in the administration, telling Breitbart that he was open to offensive cyber action to deter China and other actors. Offensive cyber operations are those that seek to sabotage, block user access, or otherwise disrupt adversary systems. Waltz’s advisers on the National Security Council, meanwhile, suggest he’ll have eager supporters of his vision. At the top of the cyber chain of command stands Alexei Bulazel, who serves as senior director for cyber at the National Security Council. Bulazel comes from a background in private sector cyber security, and served as a director for cyber policy in the National Security Council under Trump, according to his LinkedIn page. Bulazel has been vocal on the need to use offensive cyber operations. “America has incredible offensive cyber power. We need to stop being afraid to use it,” he posted on X on Dec. 24. Bulazel has also been critical of the U.S.’s current defensive operations in cyberspace, which he called the product of a “sclerotic and risk-averse bureaucracy,” that offers “press releases” rather than action. — Hunt forward: Under Bulazel sits Emily Goldman, who previously worked as a cyber strategist for U.S. Cyber Command. Goldman worked on the aggressive “persistent engagement” strategy under the first Trump administration and later co-wrote a book on it. The term encompasses U.S. activities like “hunt forward” operations in which the U.S. sent cybersecurity teams abroad to root out adversary malware in the networks of allies. Goldman will be joined by JD Work, a former intelligence official and subsequently a professor at National Defense University specializing in cyber intelligence and strategy. Work has argued against simply securing U.S. networks, which he has framed as shifting responsibility to the private sector. An alternative to defensive policy, he has argued, would consist of offensive actions that “erode adversary capabilities,” combined with other, non-cyber tools. Bulazel frequently reshares Work’s postings to X, suggesting that he shares Work’s views. — Intel community: The latest addition to the team is Robert Brose, who has been appointed director of cyber intelligence, said two people familiar with the appointment. A White House spokesperson, speaking on background, confirmed the appointment. Brose formerly served within the Office of the Director of National Intelligence. Brose also worked as a China and Southeast Asia expert, in what could be a nod to the geographic focus of the National Security Council’s cyber team. Brose has written little publicly on offensive cyber. However, his biography suggests he will bring deep knowledge of the intelligence community to the job, a background likely to come in useful for offensive action. Industry Intel CONTRACTOR SECURITY — Top companies working in cyber defense, including Microsoft and Trend Micro, are urging representatives to back legislation that would require federal contractors to raise their cyber security standards, according to a letter sent by them to House leaders and seen by POLITICO. The bill, dubbed the Federal Contractor Cybersecurity Vulnerability Reduction Act, would require contractors to enact a vulnerability disclosure policy. Vulnerability disclosure policies define how ethical hackers and others can inform companies of vulnerabilities in their systems, as well as provide legal guarantees to those testing the systems. Other companies pushing for the act include HackerOne, Bugcrowd, Infoblox, Rapid7, and Tenable. — Bipartisan: The House legislation is bipartisan, with the House legislation introduced by Reps. Nancy Mace (R-S.C.) and Shontel Brown (D-Ohio). A previous iteration of the bill was matched with a Senate bill introduced by Sens. Mark Warner (D-Va.) and James Lankford (R-Okla.), but was not ultimately passed. On The Hill BEIJING ON MY MIND — A House committee focusing on competition with China will hear from top cyber experts on what to do against Chinese cyber activity on Wednesday, adding to the chorus of voices on how best to deter Beijing. The hearing, dubbed “End the Typhoons: How to Deter Beijing's Cyber Actions and Enhance America's Lackluster Cyber Defenses," will hear from Robert Joyce, former director of cybersecurity in the National Security Agency, and Laura Galante, director of the Cyber Threat Intelligence Integration Center in the Office of the Director of National Intelligence. Emma Stewart, chief power grid scientist at the Idaho National Laboratory, will also speak. The hearing will likely be focused on critical infrastructure, given both Stewart’s role and Joyce’s background in advocacy for protecting utility companies and other key services from hackers. — Why it matters: Chinese hackers have increasingly targeted U.S. infrastructure, in some instances seeking out facilities that would be necessary to any U.S. response to an invasion of Taiwan. The Trump administration appears to favor threats of offensive action as a way of deterring China from further activity. However, experts have warned that the exploits themselves may not have the impact that officials worry about — attacks on civilian infrastructure, for example, might actually spur U.S. support for Taiwan. Quick Bytes NO RUSSIAN — Defense Secretary Pete Hegseth has told Cyber Command to stop all planning related to Russia, Recorded Future's Martin Matishak reports. Chat soon. Stay in touch with the whole team: Rosie Perper (rperper@politico.com); John Sakellariadis (jsakellariadis@politico.com); and Maggie Miller (mmiller@politico.com), and Sam Skove (sskove@politico.com)    Follow us on Twitter Heidi Vogt @HeidiVogt Maggie Miller @magmill95 John Sakellariadis @johnnysaks130   Follow us

To change your alert settings, please log in at https://login.politico.com/?redirect=https%3A%2F%2Fwww.politico.com/settings This email was sent to salenamartine360.news1@blogger.com by: POLITICO 1000 Wilson Blvd Arlington, VA, 22209, USA Unsubscribe | Privacy Policy | Terms of Service