On Point: Q&A With Richard Forno
On Point: Q&A With Richard Forno
https://www.afcea.org/signal-media/test-signal-landing-page-format/point-qa-richard-forno
Publish Date: 2026-01-01 07:00:00
Source Domain: www.afcea.org
Using an unordered list, summarize the following article with between 4 and 8 key points. What are your thoughts on the government’s more offensive stance in cyber space?This likely is a dangerous game. The country should use all the tools of national power to further national security and intelligence goals, but that only works—and the optics only matter—if you can resist similar techniques against us. Otherwise, you’re just poking the bear—rarely a good idea.
What’s your advice?Don’t. Or rather, be thoughtful about the Pandora’s box you may open.
The country should understand that increasing the resources and attention of offensive cyber while eliminating defensive capabilities is a recipe for disaster. The United States is perhaps the most technologically advanced and networked nation, but we’re also the most vulnerable and targeted, as incidents like Salt Typhoon demonstrate.
Strategically, expanding offensive capabilities while eviscerating cybersecurity agencies like CISA [Cybersecurity and Infrastructure Security Agency] and pushing responsibility for cyber incidents to the states is like invading Russia in winter without planning for snow and potentially overextended supply lines.
Is defense still the best offense? Absolutely, unequivocally, yes, especially since the private sector operates most of the information infrastructure underpinning modern society. We’re plagued by data breaches, ransomware and other incidents. But while large companies often invest in cyber defense and response (but are not perfect!), the same can’t be said for state and local governments, the soft underbelly of America’s cyberspace.
Hospitals, public schools, tax offices and other local government capabilities touch American lives in a personal, intimate way. But research for our 2022 book on local cybersecurity showed nearly one-third of local governments couldn’t tell if they were under attack! Reasons ranged from lack of staff and funding to politics and bureaucracy. Cities, hospitals and schools should not be crippled by cyber attacks, but many CISA activities that provided trusted guidance, information sharing and proactive assistance have recently been eliminated.
National cyber defense is often boring, costly and doesn’t produce immediate, made-for-television results and talking points. Consequently, political leaders gravitate towards alluring, power-projecting, sensational offense. It’s like how buying new planes and ships is more popular with lawmakers than improving military housing, maintenance or base infrastructure.
This mindset exists at state and local levels, too.
