Cyberwarfare / Nation-State Attacks,
Events,
Fraud Management & Cybercrime
National Security Council’s Bulazel Advocates for Reset of Cyber Norms
In a decisive address, a senior cybersecurity official from the Trump administration highlighted the necessity for the United States to adopt offensive cyber operations as a strategic measure for national security. Alexei Bulazel, Senior Director for Cyber at the National Security Council, emphasized that normalizing such tactics is crucial for deterrence against foreign aggressors.
Bulazel articulated the argument that the previous administrations’ reluctance to deploy offensive measures gave adversaries the impression of U.S. vulnerability, thereby eroding norms around acceptable cyber behavior. Speaking to attendees at the RSAC 2025 Conference, he stated, “Allowing adversaries to persistently exploit vulnerabilities leads to a normalized expectation that the U.S. will not retaliate.” He insisted that this perception must change to ensure that aggressive actions against the U.S. are met with a robust response.
Returning to the White House after a stint with the National Security Council, Bulazel now holds the responsibility of reshaping national cyber policies, overseeing federal cybersecurity initiatives, and fortifying critical infrastructure against an evolving landscape of cyber threats. In this capacity, he noted the pressing need for a coordinated response to threats that extend beyond the confines of corporate networks.
Encouraging a Private Sector Offensive
Bulazel raised concerns about the limitations faced by private entities in responding to cyberattacks. He advocated for a redefinition of the legal frameworks governing private sector responses. The inaction by the government in shielding businesses from sophisticated threats necessitates a reevaluation of responses to incidents that could be construed as acts of war, he argued.
Using a provocative analogy, he compared advanced cyber threats from foreign entities to visible attacks with explosives, underscoring the inconsistency in how cyber incidents are perceived. Bulazel called for a harmonized regulatory environment to establish a foundational set of cybersecurity principles applicable across multiple sectors, particularly critical infrastructure. This would eliminate overlapping or conflicting regulations while fostering stronger defenses.
Reassessing CISA’s Role
Moreover, Bulazel urged that the Cybersecurity and Infrastructure Security Agency (CISA) focus strictly on its core mandates—cybersecurity and infrastructure protection. He cautioned against distractions from secondary concerns like disinformation, recommending that the agency remain committed to addressing immediate cybersecurity challenges.
While supporting the idea of a Cyber Safety Review Board, Bulazel pointed out the inherent difficulties surrounding conflicts of interest and the model’s appropriateness for the current cyber landscape. He acknowledged ongoing discussions about whether the National Security Agency and U.S. Cyber Command should be managed by a single leadership structure, indicating a willingness to explore structural reforms to better address cyber challenges.
In light of these discussions, Bulazel remains open to innovative strategies that ensure a workforce capable of meeting operational demands, continually aiming to fortify national defenses against adversarial cyber threats that target U.S. interests.
