# White House Warns China of Cyber Retaliation Over Infrastructure Hacks
In a recent address at the RSA 2025 conference in San Francisco, Senior Director for Cyber at the National Security Council, Alexei Bulazel, issued a stern warning to China: the Trump Administration is prepared to launch retaliatory cyber-attacks in response to intrusions into US critical infrastructure. This statement marked a significant escalation in the ongoing tensions between the two nations.
According to Bulazel, failing to respond robustly to nation-state attacks on critical infrastructure is itself escalatory. "There's so much concern that offensive cyber could be escalatory and if you continually let the adversary hack you and do nothing, that in itself sets a norm with the adversary that America is not going to respond and that this is acceptable behavior," he warned during his keynote address.
The warning comes after reports of intrusions into US critical infrastructure systems by Chinese APT groups Volt Typhoon and Salt Typhoon over the past year. Volty Typhoon was found to have infiltrated networks in sectors such as energy and water for over a year, which officials warned may be laying the groundwork for destructive attacks on the US in the future.
"Salt has been more recent, but Volt is a lot more concerning," Bulazel stated. He argued that Volt Typhoon's activities were the cyber equivalent of preparing for physical attacks on critical services. "If you had a terrorist organization or a foreign military who's putting packs of C-4 around companies' buildings, or around critical infrastructure, we would very clearly see that as very provocative, as an attack. You'd have law enforcement response, you might have military response," Bulazel pointed out.
However, when it comes to cyber attacks, the response tends to focus on the victim's security failings, including potential investigations by regulators. Bulazel argued this response is unfair when dealing with highly resourced nation-state actors such as China. "When you're being hacked by a foreign military or intelligence service, it's not necessarily the time to blame a company. Even if you had better cybersecurity, actors like that will find a way in," he noted.
Bulazel also emphasized the difficulty of deterring cyber attacks. He advocated for a focus on degrading adversary capabilities post-initial intrusion to limit their impact. This includes the government working with the private sector to proactively patch vulnerabilities before state actors exploit them. "There's a lot we can do to not necessarily stop them from attacking but defang them as they're trying to attack and impose costs if they do," Bulazel said.
Furthermore, Bulazel highlighted the administration's intent to make reforms to the operations of Cybersecurity and Infrastructure Security Agency (CISA). He described the agency as having a "troubled past" over the past six years. "At this administration we're very committed to having CISA stay laser focused on the two things that are in its name, which are cybersecurity and infrastructure security," Bulazel said.
The remarks were made during a keynote address at RSA 2025, following a speech by Secretary of Homeland Security Kristi Noem, who accused CISA of behaving like "the ministry of truth" as a result of its focus on tackling disinformation and losing sight of its original mission.
In summary, the White House has issued a clear warning to China, stating that it will respond with cyber-retaliation if China continues to breach US critical infrastructure. Bulazel emphasized the need for a proactive approach to cybersecurity, focusing on degrading adversary capabilities post-initial intrusion, and highlighted the administration's commitment to reforming CISA to ensure its focus remains on cybersecurity and infrastructure security.