-500x198.png){kind=logo}
Cyber resilience is the new deterrence: Why Congress must act before the next escalation
- Cory Simpson
- 17 hours ago
- 4 min read
(Adobe Stock Photo Image)
This OpEd was originally published in S.C. Media:
June 3, 2025
Author: Cory Simpson, CEO, ICIT
The United States is under relentless cyber assault.
This is not a distant or hypothetical threat—it’s a silent, ongoing campaign targeting our economy and critical infrastructure. Our adversaries, once content with stealing secrets, are now embedding persistent access, establishing beachheads inside the very systems that keep our country running. And they are waiting for the moment when disruption slows our military response, fractures critical supply chains, or breaks our political will to fight.
Washington has long acknowledged the growing cyber threat posed by China. In national security circles, the refrain is clear—“China, China, China”—and for good reason. But recognition is no longer enough. The time for action is now.
We’ve seen this playbook before—and we’re watching it unfold again.
In 2015, President Obama and President Xi reached an agreement to halt the commercialization of stolen intellectual property. For a time, China mostly complied. However, in 2017, after the Trump administration imposed sweeping tariffs, Beijing resumed its cyber-enabled economic espionage campaign—this time with renewed intensity.
By 2021, I warned that China had moved beyond IP theft, amassing vast troves of sensitive data on Americans, businesses, and infrastructure. I co-authored a policy paper urging Congress to treat data security as a national security imperative and to enact comprehensive legislation to protect privacy and reduce exposure. We cautioned that this access could be weaponized for economic coercion and strategic disruption.
Congress didn’t act, and the risks have only grown.
That warning is even more urgent today. Under Trump’s second term, tariffs have returned on a massive scale—escalating economic tensions to new heights. If history is any guide, China’s response won’t be symmetrical. It will come through cyberspace. And this time, the Chinese Communist Party isn’t just equipped with stolen trade secrets—it has persistent access to the critical infrastructure that powers American life.
Campaigns like Volt Typhoon and Salt Typhoon aren’t theoretical. They’re operational. They’ve targeted ports, energy grids, pipelines, communication systems, and healthcare facilities. They’re designed not to cause chaos today, but to be activated at a moment of strategic choosing. What China couldn’t win through fair trade, it is preparing to take through cyber disruption. And Congress—despite years of warnings—is still behind the curve.
The only meaningful deterrent now is resilience: the ability to restore function quickly after disruption, deny our adversaries strategic leverage, and project continuity of power even when attacked.
Our infrastructure is primarily owned and operated by the private sector. The risk is national, but the systems are decentralized, and the response has been fragmented. This gap between risk ownership and response capability is precisely what China is counting on.
We must close it. Fast.
The Strengthening Cyber Resilience Against State-Sponsored Threats Act, introduced by Representatives Ogles, Green, and Garbarino, is a necessary first step. It proposes an interagency task force led by CISA and the FBI to coordinate responses, tailor sector-specific guidance, and synchronize public-private planning.
It reflects the correct strategic shift: cybersecurity should not be seen as a siloed IT issue but as a shared mission space that touches national defense, economic stability, public health, and trust in government. It builds on the SHIELD Against the CCP Act and offers a framework to operationalize resilience across the most at-risk sectors.
The bill must go beyond being introduced. It must be passed and implemented as soon as possible.
We cannot afford to treat this as another paper threat. China’s cyber strategy is not abstract. It is operationalized, resourced, and aligned with its broader national objectives. The CCP sees cyber access as a tool of economic power; they intend to use it if forced into a corner.
And the pressure is mounting.
Our adversaries are not speculating. They are rehearsing. Every smart device, every operational system brought online, creates a new angle of attack. If we don't build the capacity to recover rapidly, we hand them a playbook for economic warfare—one that bypasses military confrontation and strikes directly at our domestic foundation.
The answer is not isolation. We cannot disconnect from the world. But we can and must ensure that our systems are not easily disrupted. Recovery must be built into our design. Resilience must be the standard in federal agencies and across the digital ecosystem.
We’ve raised this alarm before. This time, we cannot let it fade.
If Congress fails again to act, the next time may not come with warnings—it may come with lights out, logistics frozen, hospitals offline, and markets in freefall. Not because we didn’t know better, but because we didn’t move fast enough.
Resilience is now our last, best deterrent. Let’s act like it—before the next escalation comes, not after.
Cory Simpson is the CEO of Gray Space Strategies, a Washington, D.C.-based consulting and advisory firm, and the Institute for Critical Infrastructure (ICIT), a non-profit organization dedicated to the security and resilience of critical infrastructure that provides for people’s foundational needs. He also serves as a Senior Advisor to the Cyberspace Solarium Commission 2.0. The opinions expressed in this article are his own and do not reflect the views of any employer or affiliated organization.
Learn more at www.icitech.org/.
ICIT CONTACTS:
Parham Eftekhari
Founder and Chairman
Cory Simpson
Chief Executive Officer