The US CyberForce: America's Offensive Answer to Asymmetric Cyber Warfare
Aaron Beardslee
Securonix Threat Research
January 13, 2025
Commentary on the January 13, 2026 House Homeland Security Hearing
On January 13, 2026, the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection held a hearing titled "Defense through Offense: Examining U.S. Cyber Capabilities to Deter and Disrupt Malign Foreign Activity Targeting the Homeland." The witnesses—Joe Lin (Twenty Technologies), Emily Harding (CSIS), Frank Cilluffo (Auburn University), and Drew Bagley (CrowdStrike)—presented a compelling case for fundamentally changing how America approaches cyber warfare through the creation of a US CyberForce.
The Core Problem: Fighting With One Hand Tied Behind Our Back
The hearing laid bare an uncomfortable truth: America is losing the cyber war not because we lack talent, but because we lack the operational framework to deploy it effectively. While China, Russia, Iran, and North Korea incorporate AI into their attack strategies and receive direct government backing to execute operations against US targets, we're hamstrung by bureaucratic red tape, personnel shortages, and a purely defensive mindset.
Our adversaries don't have to watch their flanks. They attack US critical infrastructure, steal intellectual property, and disrupt operations without consequence. There's so much red tape for the FBI, CIA, and NSA to cut through before planning any operation that we're way behind the curve. Meanwhile, Russian, Chinese, Iranian, and North Korean offensive groups operate freely—sometimes even with direct government funding—to cause damage to or steal resources from US organizations.
From a threat research perspective, this asymmetry is unsustainable. Nothing is unhackable, and there's always a way around a defense. But if defenders are only playing defense, attackers have unlimited opportunities to probe, learn, and eventually succeed.
The Proposed Solution: A Coalition-Based US CyberForce
The witnesses proposed creating a US CyberForce—a coalition model that blends public and private sector operators to provide the US with offensive cyber capabilities. While still in the development stage and requiring significant investment to take shape, the concept addresses several critical needs:
1. Speed and Agility at Machine Speed The CyberForce would leverage AI adoption to operate at the tempo required to compete with adversaries who are already there. This isn't about matching capabilities—it's about matching operational speed.
2. Targeted Disruption of Adversary Infrastructure Emily Harding articulated the approach clearly: identify specific adversary-controlled "nodes" that are part of their critical infrastructure and disrupt them. As she put it, we need to "hold to American morals and values but still mess with the other guys." The goal is surgical disruption of malicious infrastructure, not indiscriminate retaliation.
3. Rapid Response with Allied Coordination The model incorporates global allies for rapid response operations, creating a force multiplier effect while maintaining international legitimacy.
4. Public-Private Sector Integration By bringing together government operators and private sector talent, the CyberForce can draw on the best capabilities from both domains.
Implementation Challenges
Personnel Crisis - The hearing acknowledged a harsh reality: the impact of DOGE (Department of Government Efficiency) cuts and the government shutdown has caused the loss of many talented operators who could have been key players on this new CyberForce. Now we face a critical question: where do we recruit from?
The answer requires a paradigm shift. We need to move away from the traditional credentialed-only hiring approach and look where the actual talent is—operators who learned their creativity and tactics "in the wild." This doesn't mean abandoning vetting or standards, but it does mean recognizing that some of the best offensive cyber talent didn't come through traditional government channels.
The Defensive Security Mindset There's currently a massive discrepancy between offensive and defensive security priorities. Organizations are almost completely focused on defensive security due to compliance requirements and protecting revenue-generating assets. They don't really care about offensive security beyond a checkbox on a penetration test report.
This creates a talent pool problem: the private sector doesn't develop offensive operators at scale because there's no business case for it. Meanwhile, our adversaries are producing offensive operators as a national priority.
Governance and Guardrails All four witnesses emphasized the need for smart, well-regulated, and governed operations. This isn't about creating a "Wild West" of cyber retaliation or risking escalation. The CyberForce must operate within legal frameworks that avoid uncontrolled escalation while still giving our operators the ability to compete effectively in this domain.
Funding and Authority
Congress has already shown commitment by passing $1 billion in the Reconciliation Bill plus an additional $250 million specifically for AI in offensive cyber operations. While the hearing didn't specify exact organizational placement, indications suggest this would likely sit within DHS, though the specifics remain to be determined.
This was intentionally a high-level public hearing—the "in the weeds" technical and operational discussions were reserved for classified settings. No specific adversary operations or targets were mentioned, which is appropriate for an unclassified forum focused on building Congressional support for the concept.
Strategic Rationale: Why Offense Matters
From both a military and cybersecurity perspective, the strategic logic is sound: offensive capability creates deterrence.
Currently, adversaries face no meaningful consequences for attacking US targets. They can probe our defenses, learn our capabilities, and strike when ready. A functional CyberForce changes that calculus entirely. If attacking US infrastructure means your own infrastructure becomes a target for disruption, suddenly the risk-reward equation looks very different.
The goal isn't to match our adversaries attack-for-attack. It's to create strategic friction—to make their operations so difficult, so costly, and so risky that they lose their appetite for attacking us at all. At minimum, we force them to divert resources to defending their own infrastructure instead of exclusively focusing on offense.
As Emily Harding said, we need to "unleash our operators and let them play." Not as a call for reckless action, but as recognition that we have talented operators who could be effective if given the proper authority, resources, and operational framework.
My Assessment
I completely agree with the need for this CyberForce and the approach Lin, Harding, Cilluffo, and Bagley are taking. From everything I've seen over the years in my own research, we cannot defend our way to victory in this fight. Defense is necessary but insufficient.
The hard truth: our adversaries are already at war with us, and we're still debating whether we're allowed to fight back.
We need to show our adversaries that they have something to fear from us—that they are not safe anymore. Not through reckless escalation, but through calculated, strategic operations that impose real costs on those who attack American interests.
The CyberForce represents a pragmatic recognition that the current approach isn't working. We're losing the cyber war because we're bringing defensive tools to an offensive fight. It's time to change that.
Open Questions
Several critical details still need to be worked out:
- Exact organizational structure and leadership: Will this be a standalone agency or embedded within existing structures?
- Operational authorities: What legal frameworks govern target selection and operations?
- Success metrics: How do we measure effectiveness beyond "protecting US assets"?
- Recruitment and vetting: How do we balance bringing in non-traditional talent with necessary security clearances and vetting?
- International law compliance: How do we ensure operations comply with international norms while remaining effective?
These questions will likely be addressed in the classified discussions and subsequent legislative development. For now, the fact that this conversation is happening at all—and with $1.25 billion in Congressional backing—represents significant progress.
The cyber battlefield has no perimeter. It's time we stopped pretending defense alone will win this fight.