Pentagon’s New Cyber Force Fights China

China-linked hackers are quietly burrowing into America’s power and telecom networks by disguising malicious activity as normal system behavior—and the Pentagon says a new “Cybercom 2.0” model is built to stop it.

Story Snapshot

Pentagon leaders outlined “Cybercom 2.0,” a new cyber force-generation model aimed at countering China-linked intrusions targeting U.S. critical infrastructure.
Officials described “living off the land” tactics, where adversaries use built-in network tools to blend in and evade detection.
Cybercom 2.0 shifts away from rotating generalists toward specialized teams focused on specific target environments like industrial control systems and satellites.
Leaders emphasized integrating AI to speed analysis while keeping humans in decision roles.

Why “Living Off the Land” Hits Home for Everyday Americans

Defense leaders warned senators that China-linked operators have been probing and maintaining access in U.S. networks using “living off the land” methods—abusing legitimate tools already present on systems so malicious traffic looks normal. That matters because it pushes the fight beyond government computers into the infrastructure families rely on: telecommunications, energy, and other essential services. When attackers hide in plain sight, detection gets slower and cleanup gets harder.

Lt. Gen. William Hartman, serving as acting commander of U.S. Cyber Command and director of the NSA, described the challenge as a race to build expertise fast enough to identify and remove intruders who mimic routine network behavior. The public takeaway is straightforward: this isn’t just about “spying.” Pre-positioned access inside critical systems can create leverage in a crisis, when disruption would hit households and local communities first.

Cybercom 2.0: Specialization Replaces the Old Rotation Model

Pentagon witnesses said Cybercom 2.0 is designed to modernize how the cyber force is generated and deployed, addressing shortcomings in earlier models that relied heavily on rotating personnel through broad roles. The new approach emphasizes specialized teams built around mission sets and target environments—such as satellites, GPS, and industrial control systems—rather than expecting a one-size-fits-all cyber operator to cover everything. Officials argued specialization helps teams recognize subtle indicators faster.

Pentagon leaders expect Cybercom 2.0 to help thwart Chinese actors ‘living off the land.’
Read more about what DOD officials told lawmakers at a hearing Wednesday:https://t.co/MWlhjMf02J

— DefenseScoop – @defensescoop.bsky.social (@DefenseScoop) January 28, 2026

Katie Sutton, the assistant secretary of defense for cyber policy, tied the specialization push to the reality that adversaries can automate pieces of cyber operations, especially against complex systems like industrial controls. Pentagon leadership also highlighted a tighter loop between defensive lessons and operational planning, aiming to convert real-world intrusion patterns into faster training and tooling updates. In plain terms, the goal is to reduce the time between “we saw a new trick” and “we can stop it.”

AI as a Tool—Not a Replacement—for Human Judgment

Officials emphasized that Cybercom 2.0 expects greater use of AI to help analysts sift large volumes of data and surface the most relevant signals, while keeping people responsible for decisions. Hartman’s framing suggested AI is intended to speed triage and pattern recognition, not to automate consequential actions without oversight.

DoD leaders also highlighted organizational efforts meant to connect operators with innovation pipelines, including the Cyber Innovation Warfare Center, which Sutton described as a way to link DoD cyber missions with industry capabilities. The practical test will be whether this structure produces deployable improvements on realistic timelines, rather than getting stuck in bureaucracy.

What Congress Heard—and What Still Isn’t Public

The plan’s public debut aligned with a Senate Armed Services subcommittee hearing focused on cybersecurity, followed by DoD posting an implementation plan online. The hearing record and subsequent reporting provide a clear direction of travel: specialization, AI-enabled analysis, and faster adaptation to stealthy techniques associated with groups like Volt Typhoon and Salt Typhoon.

From a constitutional and limited-government perspective, the core issue is accountability: cyber defense for critical infrastructure requires speed and competence without drifting into open-ended authorities, mission creep, or opaque public-private arrangements that bypass oversight.