November 25, 2025
Subscribe and listen to the Fed Gov Today Podcast anytime on Apple Podcasts, Spotify, or at FedGovToday.com
Former Pentagon Chief Information Security Officer and current SixGen CEO Jack Wilmer offers a clear-eyed look at the United States’ evolving cyber strategy—and what it will take to deter increasingly aggressive nation-state actors. Speaking with host Francis Rose, Wilmer breaks down the motivations behind adversaries’ cyber campaigns, the limits of traditional deterrence, and the growing need for a coordinated U.S. response that involves both government and the private sector.
Wilmer begins by emphasizing the importance of understanding what drives foreign cyber actors. He notes that adversaries like China and North Korea operate with different goals, ranging from intellectual property theft to pre-positioning inside U.S. critical infrastructure. He points to recent activity linked to China’s Volt Typhoon group, which has quietly embedded itself in water, energy, and other essential networks—not for immediate disruption, but to gain the ability to deny the United States access at a time of the adversary’s choosing. North Korea, meanwhile, targets cryptocurrency to generate revenue. Understanding these motivations, Wilmer says, is essential to designing consequences strong enough to change adversary behavior.
One of the core challenges, he explains, is the imbalance between attackers and defenders. It is always more expensive to defend a network than to attack it. That reality shapes the need for the U.S. to increase the cost of malicious activity. Wilmer suggests that 
offensive cyber actions—such as disrupting an adversary’s infrastructure before it can be used in an attack—may be effective ways to raise those costs. He stresses that such responses don’t mean mirroring the exact behaviors of adversaries, but rather denying them access to the systems they rely on for operations.
Wilmer highlights U.S. Cyber Command as a logical lead for any offensive or consequence-driven cyber actions, especially when the United States wants those actions to be visible enough to send a strong deterrence message. He also points out that the FBI currently plays an outsized role in cyber investigations and indictments. Still, he reiterates that no single agency can succeed alone: any meaningful cyber strategy must be a whole-of-government effort that includes federal law enforcement, the military, the intelligence community, and even the State Department.
Throughout the conversation, Wilmer also underscores the limits of reciprocity in cyberspace. What an adversary does to the United States does not automatically translate into an effective U.S. response. For example, an attack on America’s water supply would likely be considered an act of war—something adversaries avoid because they know the U.S. response would be severe. But similar attacks, if carried out against some foreign governments, may not prompt the same level of concern or action. That asymmetry shapes how the U.S. must think about deterrence and response options.
Finally, Wilmer stresses the crucial role of the private sector. Many nation-state attacks target privately owned infrastructure or companies linked to federal missions, making strong industry partnerships essential. He notes that comments surrounding the forthcoming strategy suggest the U.S. will increasingly rely on private-sector capabilities, though the full contours of that relationship are still taking shape.
In an era of persistent digital threats, Wilmer’s insights offer a grounded, practical understanding of what effective cyber deterrence requires—and why the next national cyber strategy may be the most consequential one yet.
Please fill out the requested information below