U.S. Allocates $1B for Offensive Cyber Operations Amid Budget Cuts

Edward Zhou
Edward Zhou

CEO & Founder

 
July 15, 2025 3 min read

U.S. Cyber Operations Budget Allocation

Offensive Cyber Operations Funding

The Trump administration has allocated $1 billion for offensive cyber operations over the next four years. This funding is part of the larger One Big Beautiful Bill aimed at enhancing the capabilities of the U.S. Indo-Pacific Command. Critics, including Sen. Ron Wyden, have raised concerns about this funding, especially given that it coincides with a $1 billion cut to the U.S. cyber defense budget, which has already faced substantial reductions.

money
Image courtesy of TechCrunch

Sen. Wyden stated, “The Trump administration has slashed funding for cybersecurity and government technology and left our country wide open to attack by foreign hackers.” The offensive cyber operations may include a variety of tactics such as zero-day exploits and spyware deployment, aimed at U.S. adversaries like China, which has been implicated in numerous cyberattacks.

Cybersecurity Allocations in the NDAA

The National Defense Authorization Act (NDAA) earmarks approximately $30 billion for military cybersecurity in fiscal 2025. This budget includes provisions to eliminate potentially harmful Chinese technology from U.S. telecom networks and protect military devices from foreign spyware.

data center cybersecurity security military monitor men
Image courtesy of CSO Online

Key provisions of the NDAA include:

  • $3 billion to assist in replacing Chinese telecom gear, including products from Huawei and ZTE.
  • Guidelines for protecting Department of Defense mobile devices from foreign spyware.
  • Establishment of an artificial intelligence security center within the NSA to develop secure AI practices.

Additional proposals focus on creating a robust risk framework for mobile applications used by military personnel and limiting funds for the Joint Cyberwar Warfighting Architecture until further planning is presented.

Biden Administration's Cybersecurity Budget Request

The Biden administration is seeking $13 billion for cybersecurity across various departments, which marks an increase from previous years. This budget includes a specific request for $3 billion for CISA (Cybersecurity and Infrastructure Security Agency) to implement new cyber incident reporting rules and enhance capabilities.

CISA's funding will support several initiatives, including:

  • $1.7 billion for cybersecurity programs, including $394 million for the Joint Collaborative Environment (JCE).
  • $469.8 million for the Continuous Diagnostics and Mitigation (CDM) program.
  • Implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).

Additionally, the Department of Health and Human Services is proposing $800 million to help improve cybersecurity practices among hospitals.

Implications of Cyber Operations Funding

The juxtaposition of increased funding for offensive cyber operations alongside cuts to defensive measures raises concerns about national security. As offensive measures are enhanced, it remains critical to ensure robust defenses to protect critical infrastructure from potential retaliatory cyberattacks.

Understanding the complexities of these funding decisions is vital for stakeholders, especially those in sectors vulnerable to cyber threats. The ongoing evolution of U.S. cybersecurity strategy demands attention to both offensive and defensive capabilities to maintain national security.

For further details on cybersecurity funding and operations, visit the relevant resources linked above.

Edward Zhou
Edward Zhou

CEO & Founder

 

CEO & Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article