A senior White House official has warned China that the Trump Administration is prepared to launch retaliatory cyber-attacks in response to intrusions into US critical infrastructure.
Alexei Bulazel, Senior Director for Cyber at the National Security Council, said that failing to respond robustly to nation-state attacks on critical infrastructure is in itself escalatory.
“There’s so much concern that offensive cyber could be escalatory and if you continually let the adversary hack you and do nothing, that in itself sets a norm with the adversary that America is not going to respond and that this is acceptable behavior,” he commented during his keynote address at RSA 2025 in San Francisco.
“If you come and do this to us, we’ll punch back,” Bulazel warned.
He added that the previous US administrations have been “hesitant” to take such steps, and as such had “abdicated” their responsibility of protecting the private sector.
The remarks were made in response to a question about intrusions into US critical infrastructure systems by the Chinese APT groups Volt Typhoon and Salt Typhoon in the past year.
Volt Typhoon was found to have infiltrated networks in sectors such as energy and water for over a year, which officials warned may be laying the groundwork for destructive attacks on the US in the future.
In late 2024, the Salt Typhoon group was found to have hacked major telecoms providers in the US as part of a large-scale espionage campaign.
“Salt has been more recent, but Volt is a lot more concerning,” said Bulazel.
Stop Blaming Chinese Hack Victims
Bulazel argued that Volt Typhoon’s activities was the cyber equivalent of preparing for physical attacks on critical services.
“If you had a terrorist organization or a foreign military who’s putting packs of C-4 around companies’ buildings, or around critical infrastructure, we would very clearly see that as very provocative, as an attack. You’d have law enforcement response, you might have military response,” Bulazel pointed out.
Yet, he argued, when it comes to cyber the response is very different and tends to focus on the victim’s security failings, including potential investigations by regulators.
Bulazel said this response is unfair when it comes to dealing with highly resourced nation-state actors such as China.
“When you’re being hacked by a foreign military or intelligence service, it’s not necessarily the time to blame a company. Even if you had better cybersecurity, actors like that will find a way in,” he noted.
Bulazel also said it is “very difficult” to deter cyber-attacks. He advocated for a focus on degrading adversary capabilities post-initial intrusion to limit their impact.
This includes the government working with the private sector to proactively patch vulnerabilities before state actors exploit them.
“There’s a lot we can do to not necessarily stop them from attacking but defang them as they’re trying to attack and impose costs if they do,” Bulazel commented.
CISA Must Be Focused on Cybersecurity
Bulazel also emphasized the administration’s intent to make reforms to the operations of Cybersecurity and Infrastructure Security Agency (CISA).
He described the agency as having a “troubled past” over the past six years.
“At this administration we’re very committed to having CISA stay laser focused on the two things that are in its name, which are cybersecurity and infrastructure security,” Bulazel said.
The comments follow a keynote by Secretary of Homeland Security Kristi Noem at the RSA Conference, in which she accused CISA of behaving like “the ministry of truth” as a result of its focus on tackling disinformation and losing sight of its original mission.
