National Security Council cyber lead wants to ‘normalize’ offensive operations
SAN FRANCISCO — The senior director for cyber at the White House’s National Security Council told an audience Thursday that he wants to “destigmatize” offensive cyber operations, seeing them as a vital tool in the government’s playbook in its battle with foreign adversaries.
Alexei Bulazel told an audience at the RSAC 2025 conference that he views offensive cyber as “one arrow in the quiver” when weighing response options to an adversary’s actions against the country in the digital realm.
“This isn’t offense for offense’s sake, but being able to respond in kind if we’re the victim of foreign aggression,” he said.
His comments highlight a shifting perspective in the top levels of the Trump administration when compared to past administrations. What was once viewed as a controversial or escalatory tactic now appears poised to become a normalized aspect of the United States’ national security toolkit.
While Bulazel noted that “it’s fun to talk about offensive cyber because it gets people’s attention,” he and his team at the National Security Council are looking at offensive cyber as an evolution to previous policies that have focused on deterrence.
“I think deterrence in cybersecurity is actually very hard,” he said. “I think there’s a lot we could do to increase costs on these actors,” adding that a response should show adversaries that “if you come do this to us, we’ll strike back and we’ll punch back, and administrations before us have been hesitant to do that. ”
He noted there are different ways in which the U.S. could respond in an offensive manner, including degrading the tools, tactics or procedures our adversaries use to conduct attacks.
“If we understand that an adversary has an intent or has a given tool that they’re going to use, and we know they’re going to exploit a given vulnerability, we can work with the private sector or through agencies like DHS’s CISA, proactively patch those vulnerabilities, and get ahead of the adversary, and maybe conduct an operation against the adversary,” he said.
Bulazel also acknowledged the ongoing debates about the legal and normative boundaries of offensive cyber, particularly the persistent concern of whether U.S. actions should mirror those of the attackers or rely on proportional, non-cyber responses such as sanctions or indictments. But he also argued that continually absorbing hostile cyber operations risks setting damaging precedents and normalizing adversarial behaviors.
“Not responding is escalatory in its own right,” he said. “There is a concern that offensive cyber could be escalatory, but if you continually let the adversary hack you and hack you, that in itself, that’s a norm. We need to find some way to communicate that this is not acceptable.”
