Google is preparing to establish a new “disruption unit” designed to identify and counteract cyber threats before they can take hold, signalling a more assertive role for the company in safeguarding both its own systems and potentially broader U.S. infrastructure.
Sandra Joyce, Vice President of Google’s Threat Intelligence Group, announced the initiative during an event hosted by the Centre for Cybersecurity Policy and Law. She described the plan as intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation, highlighting a shift away from reactive defences toward offensive-minded prevention.
Final Call: Be DPDP Act Ready with FCRF’s Certified Data Protection Officer Program
Private Efforts Amid Government Policy Shifts
The move comes as U.S. policymakers intensify their focus on offensive cyber capabilities. In July, Congress approved the “One Big Beautiful Bill Act,” allocating $1 billion to bolster government-led offensive operations. While that measure does not authorize private-sector entities to conduct attacks, it underscores Washington’s growing emphasis on deterrence through active measures rather than purely defensive strategies.
Adding to the debate, lawmakers introduced the Scam Farms Marque and Reprisal Authorization Act on August 15. Drawing on a centuries-old naval precedent, the bill would allow the president to issue letters of marque and reprisal to private actors in response to cyber aggression by criminal enterprises. The proposal has reignited questions over the role private companies should play in carrying out state-aligned cyber actions, and whether such delegation risks blurring the line between corporate responsibility and national defence.
Industry and Infrastructure at the Forefront
For companies like Google, the stakes are high. Ransomware groups, state-backed hackers, and intellectual property theft campaigns continue to disrupt U.S. businesses, while critical infrastructure remains a consistent target for foreign adversaries. Analysts note that private-sector operators often detect attacks faster than federal agencies, positioning them as key players in the country’s evolving cyber posture.
The Centre for Cybersecurity Policy and Law, which published a report in May, raised questions about whether private-sector engagement in offensive operations should be permitted at all, or whether efforts would be better directed toward strengthening resilience. Joyce’s remarks suggest Google intends to tread carefully, framing the disruption unit as a tool for “taking down campaigns” rather than waging cyber conflict.
Still, the creation of such a unit marks a notable turn for one of the world’s largest technology companies. Whether it remains an internal safeguard or evolves into a model for broader collaboration, it signals a growing willingness by corporate actors to stand on the front lines of digital security.