11 hours ago
11
Someone might be taking "the best defense is a good offense" a little too seriously. Despite the Trump administration's efforts to reduce U.S. government spending via mass layoffs, budget cuts, and whatever efficiency gains can be afforded by vibe coded services made by cybercriminals who can't legally drink alcohol, the contentious "One Big Beautiful Bill Act" provides for $1 billion in funding to "offensive cyber operations."
TechCrunch reported Monday that H.R. 1—a bill so sprawling that Congress.gov warns that attempting to load it with XML/HTML "may take several minutes or possibly cause your browser to become unresponsive"—is vague about how this $1 billion will be spent. All we know is "that the money will go toward enhancing and improving the capabilities of the U.S. Indo-Pacific Command" and is meant to be spent over the course of four years.
There is a lens through which the motivation for committing to additional support for offensive cyber operations, especially if they're directed at China and its allies, can be seen clearly. This administration has proven more than willing to provoke other countries (and continents) since January. Conflict with China was also a mainstay of Trump's first term, as was the inconsistency with which various regulations and restrictions were applied.
China is also responsible for more than its fair share of these "offensive cyber operations." As I noted in my July 11 post about Czechia banning DeepSeek due to the company's relationship with the Chinese government, CrowdStrike said earlier this year that "China-nexus adversaries continued to operate in every sector and region across the globe, maintaining the scope of these operations while increasing their scale" throughout 2024.
So it tracks for the Trump administration to engage in some tit-for-tat on the cyber front. The question is what happens when China's activity increases in response—especially since funding for defensive cyber efforts has been cut.
CSO Online reported on July 9 that "Trump’s budget request calls for a reduction in cybersecurity spending across civilian agencies, amounting to a $1.23 billion cut or a 10% drop in cyber expenditures for 2026 when compared to 2024 levels." Axios today reported that the U.S. Cybersecurity and Infrastructure Security Agency has been particularly hard-hit and has already lost roughly a third of its workforce since Trump took office.
These cuts don't always seem to be motivated by prudent spending. Actions involving CISA in particular have often seemed punitive, with the Trump administration suspending security clearances for employees of SentinelOne in April simply because the company employed former CISA director Chris Krebs, who resigned as chief intelligence and public policy officer in a thinly-veiled bid to remove the target from the company's back.
Forgive the football comparison, but the Philadelphia Eagles didn't win Super Bowl LIX by increasing their spend on offense while actively undermining their defense. They won by not pretending Patrick Mahomes is surrounded by a magic force field that prevents anyone from tackling him... erm, I mean, by making savvy investments on both sides of the ball. H.R. 1 seems more like the Cincinnati Bengals: all offense, no defense.
Obviously there are much higher stakes when it comes to cyber operations than there are in any football game. But that's exactly why this is cause for concern. It can be entertaining to watch the Bengals lose despite Joe Burrow, Ja’Marr Chase, and Tee Higgins being incredible offensive players. It's not entertaining at all to further endanger critical infrastructure, innocent people, and American businesses over a personal feud.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
English (US) ·