In a sharp pivot from previous administrations, the Biden-era National Security Council is signaling a more aggressive stance on cyber deterrence. Senior White House official Alexei Bulazel has warned that nation-state intrusions into US critical infrastructure particularly by Chinese APT groups may now trigger direct retaliatory cyber-attacks. His remarks at the RSA Conference 2025 reflect a turning point in US cyber policy, raising new questions about deterrence, responsibility, and the role of private companies under digital siege.
A Shift Toward Offensive Cyber Retaliation
In a keynote address that reverberated through the RSA Conference 2025 in San Francisco, Alexei Bulazel, Senior Director for Cyber at the National Security Council (NSC), issued a stark warning to adversarial states, particularly China. He declared that the US is prepared to retaliate with offensive cyber capabilities in response to state-sponsored intrusions targeting American critical infrastructure.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
There’s so much concern that offensive cyber could be escalatory, Bulazel said, but if you continually let the adversary hack you and do nothing, that in itself sets a norm with the adversary that America is not going to respond.
The remarks followed high-profile revelations about Chinese APT groups Volt Typhoon and Salt Typhoon, which infiltrated critical infrastructure systems in the United States over the past year, targeting sectors including energy, water, and telecommunications. These intrusions, which experts warn may be precursors to future disruptive or destructive operations, have reignited debates over deterrence strategy and digital sovereignty.
Bulazel emphasized that the Trump administration under which he currently serves views offensive cyber response not as escalation, but as deterrence. The implication was clear: if Chinese-backed hackers continue probing or undermining key systems, the U.S. will “punch back.”
Beyond Blame: Redefining Responsibility in State-Sponsored Attacks
Bulazel’s keynote also took aim at what he called an outdated mindset that blames the victims namely private sector companies for breaches carried out by nation-state actors. Drawing a vivid analogy, he likened Chinese cyber intrusions to physical sabotage.
If you had a terrorist organization or foreign military placing explosives around critical infrastructure, Bulazel noted, the response would be swift and forceful. But in cyber, we spend more time investigating what the company did wrong.
This, he argued, is counterproductive when confronting adversaries like Volt Typhoon, whose mission is not mere espionage but potentially preparing the digital battlefield for broader conflict. Volt Typhoon, which remained undetected for over a year, reportedly compromised key operational systems, while Salt Typhoon focused on espionage within major U.S. telecom networks.
Cybersecurity analysts say Bulazel’s comments reflect a growing consensus in Washington: companies, even with best practices, cannot defend alone against advanced persistent threats (APTs) backed by nation-state resources. Instead, government collaboration must move from advisories to active operational defense and capability disruption.
CISA’s Realignment and the Future of US Cyber Strategy
Bulazel also touched on the future direction of the Cybersecurity and Infrastructure Security Agency (CISA), the frontline federal body for cyber defense. He noted that the administration intends to realign CISA’s mission to focus strictly on “cybersecurity and infrastructure security,” implicitly critiquing its recent ventures into disinformation monitoring.
We’re very committed to having CISA stay laser focused on the two things in its name, he said, referencing criticism from DHS Secretary Kristi Noem, who earlier called the agency the “ministry of truth” for its role in countering disinformation.
CISA’s evolution will likely involve closer partnerships with private entities in patching vulnerabilities and dismantling threat actor footholds in real time rather than merely issuing post-intrusion bulletins. Bulazel called for “imposing costs” on adversaries post-intrusion, potentially through cyber countermeasures, legal action, and international sanctions.
He concluded by acknowledging the difficulty of deterring cyber-attacks entirely but stressed the need to degrade adversary capabilities before they escalate. There’s a lot we can do to not necessarily stop them from attacking but defang them as they’re trying to attack, he said.