**Experts Press for Large-Scale US Offensive Cyber Operations at House Hearing**

The United States will be "hamstrung" until it fully integrates cyber and computer network matters into its military doctrine, according to Frank Cilluffo, head of the McCrary Institute for Cyber and Critical Infrastructure. This warning was made during a recent House Homeland cybersecurity hearing, where experts largely aligned with the sentiment that a more aggressive US approach against foreign hackers is necessary.

The discussion comes on the heels of high-profile Chinese intrusions into critical infrastructure across the nation, prompting calls for a more offensive US stance in cyberspace. In the last year, offensive cyber operations have become a common talking point, with the release of a national cyber strategy expected soon that includes a pillar focusing on such efforts.

However, witnesses at the hearing emphasized that the goal should be to embed offensive cyber thinking across all levels of government. Cilluffo noted that "cyber is its own domain that transcends all other domains" and that the US will remain hindered until it fully integrates cyber and computer network matters into its military doctrine.

The idea of using a more forceful cyber approach originated near the end of 2024, when incoming Trump officials and allies scorned China over its hacks into telecom firms in the US and around the world. The hackers also accessed US "lawful intercept" systems that allow the FBI to retrieve targets' communications with a court warrant.

Additionally, officials and analysts are tracking another China-tied hacking collective that has burrowed into troves of non-military critical infrastructure. They assess that Beijing intends to sabotage those systems in the event the US military needs to quickly mobilize, especially if it becomes involved in a Chinese invasion of Taiwan.

Joe Lin, co-founder and CEO of offensive-focused cyber firm Twenty, told lawmakers that the United States "is not postured to deter or defeat its adversaries in cyberspace" despite having some of the world's most talented operators and cyber warriors. He stated that "these are not episodic breaches," but rather continuous, increasingly automated shaping operations designed to hold US society at risk.

Lin argued that the US response is unnecessarily constrained, particularly in the use of offensive cyber, which has encouraged escalation rather than prevented it. He urged Congress to help "industrialize offensive cyber capabilities" by turning elite hacking tradecraft into software systems that execute under human authorization at machine speed.

Emily Harding, a former CIA officer who now leads intelligence and technology work at the Center for Strategic and International Studies, said that the US has failed to establish deterrence in the cyber domain, and its adversaries hold the escalation ladder. She encouraged Congress to stand up a formal US Cyber Force, a long-debated concept among cyber policy practitioners.

Drew Bagley, chief privacy officer at CrowdStrike, cautioned against devolving offensive activity to victimize companies through "hack back" schemes, calling that a recipe for geopolitical blowback. He stated that hack back operations risk re-victimization and collateral damage, as well as disruption of ongoing investigations and waves of escalation.

"Ongoing investigations can be disrupted, and retaliation can lead to waves of geopolitical escalation," Bagley warned. "For these reasons, offense is best left to professionals with relevant authorities, de-confliction processes and clear oversight."