Senate committee questions Kathryn Sutton on cyber deterrence, offensive capabilities and workforce shortages

Kathryn Sutton, the nominee to be Assistant Secretary of Defense for Cyber Policy, told the Senate Armed Services Committee on Oct. 12, 2025, she would prioritize speed, talent and technology to preserve U.S. advantages in cyberspace and help build a clearer deterrence posture.

Sutton, introduced by Senator Mike Rounds, described more than two decades of cyber and technical experience — at Sandia National Laboratories, on the House Armed Services Committee staff, and most recently as chief technology adviser to U.S. Cyber Command. She told senators that the United States “maintains the most capable cyber force in the world” but that China’s size and adoption of technologies like artificial intelligence are increasing the threat.

Much of the questioning centered on deterrence and offensive cyber options. Senator Tom Cotton and others pressed Sutton on whether the department has done enough to develop offensive tools that can impose costs on adversaries and dissuade future attacks. “The defender has to be wrong every time. The adversary only has to be right once,” Sutton said, echoing a red-team maxim she used while at Sandia and saying she would work to ensure the president has offensive and defensive options.

Sutton also addressed the Cyber Command personnel and acquisition challenges the committee highlighted. Senators raised recruitment and retention of cyber talent against competitive private-sector pay and the need to move technologies from research to fielding quickly — the so-called “valley of death.” Sutton cited programs at Cyber Command, such as Constellation in partnership with DARPA, and recommended leveraging reservists, National Guard and public-private rotational programs to retain talent.

On intelligence support for cyber operations, Senator Rosen asked about a statutory requirement from the FY2025 NDAA for a cyber intelligence capability. Sutton said she would review pilot results with the Defense Intelligence Agency, understand identified gaps, and pursue organizational options to bring highly technical talent into analytic roles.

Committee members discussed funding as well: Senator Tommy Tuberville referenced a reported $14.5 billion cyber operations topline in the pending budget and asked if that funding is sufficient; Sutton replied that part of the role will be to review and certify the budget and ensure investments in software and AI are rapidly integrated.

Sutton agreed with senators who urged a clearer public articulation of cyber deterrence doctrine. “If it's not stated, a deterrent doesn't work,” said Senator Angus King; Sutton said she supported articulating posture and options so adversaries understand the costs of attacks.

On allied cooperation, Senators Kaine and Kaine’s colleagues discussed AUKUS pillar 2 and the value of sharing R&D and cyber capabilities with close partners. Sutton said she would prioritize cooperative research and burden-sharing with allies, including Hunt Forward and other partnerships that build partner cyber defenses.

The committee did not take a vote on Sutton’s nomination. Senators requested written follow-up and further documentation on cyber intelligence pilot findings, workforce retention plans and budget certifications. No formal committee action was recorded at the hearing.