Risky Bulletin: Between Two Nerds – "Lost in Transmission"

Date: November 3, 2025
Host: Tommy Wren
Guest: "The Grok" (Scott)

Episode Overview

In this episode of the Risky Bulletin’s “Between Two Nerds” segment, host Tommy Wren and guest "The Grok" dive deep into America’s cyber strategy toward China, prompted by a recent speech from Sean Cairncross, the US National Cyber Director. They analyze whether the US has been effective in sending deterrence messages to China, the shifting balance of cyber offense and defense, and the practical limits of "sending messages" through cyber means. The conversation spotlights challenges in attribution, communication, and policy during an era of reduced funding and diplomatic capacity.

Key Discussion Points & Insights

1. US Cyber Policy and China: The "Message Problem"

• Cairncross’ Speech: The US has failed to effectively communicate to China that much of its cyber behavior—especially attacks on critical infrastructure—is unacceptable.
  • [00:20] "He said that the US had not been very effective in sending a message to China that much of its cyber activity was unacceptable." – Tommy Wren
• Systemic Weakening: The Cyber Solarium Commission noted US cyber funding and personnel have been slashed, reducing effectiveness.
• Top Recommendation: Empower the Office of National Cyber Director to serve as a central body for cyber strategy.

2. Economic Leverage & the Ineffectiveness of Tariffs

• Past Tariffs: Early Trump tariffs intended to punish IP theft and cyber espionage had limited, marginal effect before becoming "background noise."
  • [02:07] "It seems like that had around the margins a little bit of an effect on certain practices, but then those tariffs just became background noise and they stayed forever." – Tommy Wren
• Today’s Constraints: Tariffs are no longer viable as a cyber-exclusive lever; economic measures now have limited specific impact on cyber behavior.

3. Target Prioritization: Telcos vs. Critical Infrastructure

• Reciprocal Espionage: The US and China are both believed to be deeply embedded in each other's telecom networks.
  • [03:47] "I can't imagine that the US isn't completely up in China's telcos as well." – The Grok
• Critical Infrastructure vs. Telcos: There’s consensus that hacking telcos is an accepted norm among states in peacetime; critical infrastructure hacking is a more serious norm violation.
  • [05:08] "If you want to say that this sort of hacking is unacceptable...I think hacking telcos is acceptable." – The Grok

4. Messaging Dilemmas – What’s Been Achieved and How to Communicate

• Conflicting Reports: The NSA claimed to have rebuffed Vault Typhoon’s attempts to persist in US critical infrastructure, yet official rhetoric remains alarmist.
  • [07:00] "They wanted to persist on domestic networks...they were not successful in that campaign." – Tommy Wren quoting NSA
  • [08:13] "So this is from July, and yet last week or this week, we've got Cancerous saying it's a problem that they're in critical infrastructure...These two things are not consistent." – Tommy Wren
• Detection vs. Defense: Is absence of evidence a sign of success or a loss of situational awareness due to gutted agencies (like CISA)?

5. The Problem with "Sending Messages" Through Cyber

• Signaling in Cyberspace: Academics write much about signaling, but practical effects are dubious.
  • [11:04] "I don't think it's very good at how people will receive messages from cyber, which is, I think, the big problem." – The Grok
  • [12:22] "If GCHQ hacks you, they're not going to just hit, you know, backspace. Like, they're going to...put up a thing that says...'get out. Stop what you're doing.'" – The Grok
• Semiotics & Miscommunication: Relying on subtle, technical signs is easily ignored or misattributed. Analogies are drawn to misunderstood symbolic messages like Genghis Khan’s legendary gifts, which only make sense with overwhelming context (e.g., an army at the border).

6. The Limitations of Cyber Reciprocity

• Retaliation Logic: Hacking Chinese telcos "overtly" in retaliation tends not to deter because both sides expect it and alternative adversaries (like North Korea) lack symmetrical targets.
  • [16:43] "You'd have to do both and just hope that...they don't detect and evict the other." – The Grok
• Principal-Agent Problem: Friction imposed on lower-level operators (agents) rarely compels change in strategic decision-makers (principals).

7. Aggression and the Defensive/Offensive Balance

• US Posture Shift: The Trump administration slashed defense and diplomacy, leaning into offensive cyber capabilities.
  • [10:14] "It's going to be like one of those crabs with that really huge...pincer on one side and...tiny one on the other. It's basically switched from being a lefty to a righty." – The Grok
• Is Aggression Enough? Even more offensive operations don’t always "send a message" or achieve intended policy ends.

8. Sabotage, Friction, and the Limits of Purely Cyber Operations

• Sabotage as Strategy: Introduction of Joshua Rovner’s theory – sabotage adds “friction” to adversary operations; can support broader strategies but is limited as a standalone tool.
  • [25:18] "Sabotage is the weaponization of friction to degrade the performance of a target systems from within." – The Grok referencing Rovner
  • [26:33] "Sabotage is limited as a standalone tool, but rather works to enhance and enable other policy instruments."
• All That's Left is Annoyance: In the absence of diplomatic or economic tools, cyber friction alone is mostly annoying—rarely truly deterring.

9. The Bleak Road Ahead

• No Easy Path: If the US only has offense and "friction" left, there's little hope of achieving strategic goals through cyber alone.
  • [28:10] "You can make it very annoying. You can raise the rates that the contractors charge...but...you're making life difficult for the agent and hoping that the principal will change their behavior...I don't think it works that way." – The Grok

Notable Quotes & Memorable Moments

• On the Messaging Challenge:
  [11:04] “The academic literature is full of discussions about using cyber to send messages. I don't think it's very good at how people will receive messages from cyber, which is, I think, the big problem.” – The Grok

• On Mutual Hacking:
  [03:47] “I can't imagine that the US isn't completely up in China's telcos.” – The Grok

• On Retaliatory Hacking:
  [15:55] “So a while back, Mark Warner...suggested that the US respond in kind to Salt Typhoon...hack Chinese telcos in an overt and in your face get caught doing it.” – Tommy Wren

• On Cyber's Limits:
  [26:38] "All you've got is friction, which...it's better than nothing, but it's also not sending a message. It's just being a pain." – Tommy Wren

• Episode Sums Up:
  [28:19] “You can't get there from here.” – The Grok

Important Segments & Timestamps

• [00:20] – The US message problem with China, National Cyber Director, and Solarium Commission recommendations.
• [02:07] – The impact and history of tariffs as a (failed) cyber leverage mechanism.
• [03:47] – Reciprocity, the norms of hacking telcos, and the real out-of-bounds sector.
• [07:00] – NSA statement on Vault Typhoon’s failure to persist; parsing bureaucratic claims.
• [11:04] – The communication breakdown: why cyber "messaging" rarely works.
• [14:17] – The Genghis Khan analogy for symbolic messaging.
• [25:18] – Sabotage as adding friction; the Rovner “sand in the gears” theory.
• [28:19] – "You can't get there from here" – Summing up the episode’s skepticism.

Conclusion

Tommy Wren and The Grok lament the shrinking US cyber defense and diplomatic toolkit, focusing on the futility of trying to "send messages" to adversaries strictly through cyber means. They argue that real deterrence or behavioral change requires more than just hacking back or imposing friction. Ultimately, without the integration of restored diplomatic, defensive, and economic tools, offensive cyber operations alone are unlikely to materially influence adversaries’ actions—leaving US strategy "lost in transmission."