Policy Deep Dive: Cyber Operations

Policy Deep Dive: Cyber Operations.

In this special policy series, the Caveat team is taking a deep dive into key topic areas that are likely to generate notable conversations and political actions throughout the next administration. This limited monthly series focuses on different policy topic areas to provide you with our analysis of how this issue is currently being addressed, how existing policies may change, and to provide thought-provoking insights. 

For this month's conversation, we’re focusing on Cyber Operations. Though cyber operations have always been prioritized, a new international trend has been forming, which places greater emphasis on offensive operations.

To listen to the full conversation, head over to the Caveat Podcast for additional compelling insights. 

Key insights.

1. A balance in operations. Traditionally, the US and its allies have focused on striking a balance between offensive and defensive operations.
2. Shifting priorities. Over the past several months, there has been a steady global shift towards focusing on offensive cyber operations.
3. Trump’s shift. Alongside traditional US allies, the Trump administration is making a notable shift to increase the US’s offensive cyber capabilities.

Handling cyberspace.

For decades, nations have sought to strike a balance between offensive and defensive cyber operations.

As cyberspace has continued to evolve and expand, cyber operations have become a foundational aspect of national security, one that has always leaned towards defensive efforts. However, that posture is shifting. Nations are pivoting their cyber capabilities to increasingly deploy more offensive measures aimed at targeting adversaries, disrupting hostile networks, and preempting attacks.

This marks a strategic turn where governments are no longer content using highly focused offensive efforts; now they are moving to actively mitigate threats as they emerge.

Thinking Ahead: 

How can this strategic change impact cyberspace over the coming years?

Defense first.

Previously, nations have always balanced their cyber operations, but consistently placed greater emphasis on defense.

For nearly two decades, nations have maintained a mix of both offensive and defensive cyber capabilities; however, this balance has consistently leaned towards favoring defensive efforts. This defensive emphasis focused on defending critical infrastructure, improving recovery efforts, and mitigating damages from attacks.

These efforts truly began in 2003 when the United States (US) announced its National Strategy to Secure Cyberspace. The strategy was instrumental in defining cyberspace as a national security domain. Alongside outlining cyberspace as a national security priority, the strategy emphasized the importance of critical infrastructure, network protection, and the value of public-private partnerships.

Echoing this and expanding upon this strategy, many nations continued to double down on expanding defensive efforts and began prioritizing international cooperation. Some of these key efforts include:

• US’s International Strategy for Cyberspace (2011): A strategy that emphasized internet freedom, defense, and diplomacy.
• European Union (EU) Cybersecurity Strategy (2013): Europe’s strategy, which focused on resilience, incident response, and coordination through five strategic priorities.
• US-China Cyber Agreement (2015): An international agreement that aimed to limit hostile intellectual property theft and minimize retaliation efforts.
• United Kingdom’s (UK) National Cyber Security Centre (NCSC) (2016): The creation of the UK’s central technical authority for cybersecurity efforts.
• US’s Cybersecurity & Infrastructure Security Agency (CISA) (2018): The US’s central authority for identifying and managing cyber risks and supporting a more secure and resilient infrastructure.

In parallel, nations also worked to establish shared security norms. These efforts include:

• The creation of risk management frameworks, such as the NICE Framework.
• Establishing public-private partnerships, as seen with CISA’s Joint Cyber Defense Collaborative.
• Improving information sharing efforts through programs like Information Sharing and Analysis Centers and the EU’s Cyber Crisis Liaison Organization Network.

Together, these actions have been critical for fostering a strong defensive-oriented security culture. Offensive measures were not absent during this period, but those efforts tended to be narrowly focused, targeting specific threats rather than employing broad offensive cyber campaigns. This previous restraint stands in stark contrast to the language and programs emerging in recent years.

Thinking Ahead: 

How would a shift towards greater offensive efforts impact security postures?

Pivoting to offense.

Over recent years, governments have shifted their focus to more offensive operations.

While offensive cyber operations have always been a tool for nations, they have traditionally been deployed sparingly. Additionally, when major cyber attacks happened, countries often responded by looking to shore up defensive efforts to prevent similar instances from occurring again, rather than looking to retaliate. That mindset is changing. In recent years, governments have increasingly prioritized offensive capabilities as a central pillar of national cybersecurity.

The UK has been among the most active in this shift. In 2020, the UK launched its National Cyber Force (NCF).  This force was designed to build on the UK’s National Offensive Cyber Programme by providing support to armed forces and actively disrupting threats. One year later, the UK further built on these efforts through its integrated review. This review explicitly acknowledges the UK’s intent to utilize greater offensive cyber capabilities. These offensive efforts were aimed at disrupting, degrading, and deterring adversaries for both peacetime and crisis operations.

In May 2025, the UK announced its largest investment yet: a one billion pound founding package to establish the Cyber and Electromagnetic Command. Alongside this funding, the UK also seeks to develop a “Digital Targeting Web,” which will be an AI-enabled system that can identify and neutralize threats in real time, better connect weapon systems, and enable faster battlefield decisions.

The EU is following suit. In the EU’s European Defense Readiness 2030 White Paper, the regional bloc calls for the need to boost both Europe’s defensive and offensive capabilities. Alongside calls to support this effort, the paper also emphasized the need for EU member states to work together to develop a voluntary support scheme to support these offensive capabilities. Notably, the paper called for this voluntary support to act as a “credible deterrence.” More specifically, the paper called for the EU to design electronic systems that can:

1. Protect and ensure the unhindered use of the electromagnetic spectrum for land, air, space, and naval operations.
2. Suppress, disrupt, and deny the use of the spectrum by an opponent.
3. Protect the freedom to operate in cyberspace and ensure unhindered access to cyber capabilities.

Each of these instances marks a clear break from the defensive-first approach that defined previous years. This shift has also been seen within the United States (US), where the Trump administration is taking a more offensive cyber operations stance.

Thinking Ahead: 

How could greater offensive efforts change cyberspace?

The US’s efforts.

Since taking office, the Trump administration has signaled a notable effort to expand offensive efforts at the expense of defense.

Since returning to office, the Trump administration has made it clear that it intends to expand the US’s offensive cyber capabilities. Like many allied nations, the US has taken a notable shift regarding its cyberspace priorities, which have included shifting funding and operational goals.

The first indications of this shift came in January from Mike Waltz, President Trump’s National Security Advisor. Waltz spoke on how the US needed to “start going on offense and start imposing…higher costs and consequences” in response to the growing volume of attacks related to data theft, espionage, and hacking. 

Congress soon responded to these changing priorities. In HR1, more commonly known as the Big Beautiful Bill, Congress appropriated $1 billion in funding for “offensive cyber operations.” Alongside this funding, the bill also provided an additional $250 million “for the expansion of Cyber Command artificial intelligence lines of effort.” This funding is designated to be spent over the next four years and will be focused on “enhancing and improving” the US Indo-Pacific Command.

However, this pivot does not stop at adding support for offensive efforts. The administration also proposed slashing hundreds of millions from CISA. These cuts included:

• $216 million from the Cybersecurity Division.
• $46.2 million from the Integrated Operations Division.
• $62.2 million from the Stakeholder Engagement Division.
• $97.4 million from the National Risk Management Center.
• $36 million from regional teams.
• $68.9 million from procurement.

Alongside the funding cuts, the administration also aimed to eliminate just over 1,000 positions, reducing the agencies' staffing to approximately 2,500 roles. This role reduction includes:

• 218 roles from Mission Support.
• 204 roles in the Cybersecurity Division.
• 327 roles in the Integrated Operations Division.
• 127 roles in the Stakeholder Engagement Division.

These reductions mark one of the largest recalibrations in the US’s defensive cyber capacity since CISA’s creation in 2018. Critics have warned that while offensive operations can deter adversaries, these cuts could create significant vulnerabilities. Senator Ron Wyden commented on this issue, noting that “vastly expanding US government hacking is going to invite retaliation - not just against federal agencies, but also rural hospitals, local governments, and private companies who don’t stand a chance against nation-state hacking.”

Thinking Ahead: 

How will this new approach impact the US’s overall cyber posture?

The future of cyber operations.

With a new trend emerging in cyber operations, governments are entering uncharted territory.

As more nations embrace this offensive cyber mindset, a major question has still been unresolved. Will this shift create stability through deterrence, or will it fuel a more insecure world? Proponents argue that disrupting threats before they can materialize would impose costs and discourage future attacks. However, it is unclear if this belief will play out as intended.

What is clear is that the digital world is changing rapidly. The traditional defense-first mindset is changing to a more aggressive one that could increase tensions and expose people to greater dangers. 

For governments, businesses, and individuals alike, this change means that preparing for a more volatile and unpredictable cyberspace is critical to better manage risks and recover from unforeseen events.

Thinking Ahead: 

What will be some of the greatest risks associated with this new cyber operation agenda?