Separately, Congress and the federal government can improve the defense of electric, water and other utilities by helping states and local authorities to buy and deploy the best cyberdefenses, which many currently can’t afford to purchase and maintain on their own. There are other opportunities for innovations, some technical, others organizational; Washington and the states will need help from universities and industry to layer our defenses and identify and close vulnerabilities before adversaries can exploit them, especially when doing so requires using fast-advancing A.I. tools.
Defense isn’t everything. Washington must clearly and publicly articulate to China and other nations that attacks on America’s economy and critical infrastructure are unacceptable and will carry consequences. Until now, that message has been muted. It needs to be stated plainly and enforced consistently.
Here, too, the United States has advantages. It is uniquely positioned to identify Chinese operations with precision, expose their intent and identify the specific individuals within Beijing’s leadership who authorize them. Changing behavior in an autocracy means changing the cost-benefit calculations of those who hold power. Publicly naming responsible officials — with evidence — is one of the most effective tools available. It has been used sparingly. It should be used more.
Beyond naming the leaders responsible, the intelligence community, law enforcement and relevant departments and agencies must use their unique authorities to more actively target and disrupt China’s cybercampaigns — independently and in concert with allies. When they identify authorities behind malign cyberattacks, the U.S. government should use sanctions, indictments, disruptions and regulatory changes more frequently against bad actors. This wouldn’t be new; the government has led these activities episodically.
Finally, to defend the country against cyberattacks, U.S. Cyber Command needs to keep pace with China’s accelerating investment. Recent congressional increases to funding are welcome, but represent around 1 percent of the overall defense budget — inadequate for what is, in practice, one of the most consequential strategic competitions of this era.
The claim that America is outmatched in cyberspace — technically, organizationally or intellectually — is wrong. The capability to defend the nation’s economy and critical infrastructure is distributed across American industry, government and academia right now. American companies have visibility into adversary operations that no other nation’s government or private sector can match. American government agencies possess authorities and intelligence that no industry partner has. The combination, properly aligned and legally enabled, is formidable — and increasingly needed.
Gen. Timothy D. Haugh is a distinguished senior fellow at Yale University’s Jackson School of Global Affairs and a distinguished fellow at Georgetown University’s School of Foreign Service. He is a former commander of U.S. Cyber Command and a former director of the National Security Agency. He retired from the U.S. Air Force in 2025 as a four-star general.
The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com.
Follow the New York Times Opinion section on Facebook, Instagram, TikTok, Bluesky, WhatsApp and Threads.
