Silverado Policy Accelerator’s Dmitri Alperovitch on Hunting Intruders After They're Already In

In this episode of The Future of Threat Intelligence, Dmitri Alperovitch, Co-founder & Executive Chairman at Silverado Policy Accelerator and Author of World on the Brink: How America Can Beat China in the Race for the 21st Century, delivers a stark warning about the second Cold War with China that's unfolding, from military and nuclear arms races to space competition and technological rivalry. 

Dmitri also shares how the Volt Typhoon intrusions represent deliberate "preparation of the battlefield" for potential conflict. He explains why Salt Typhoon could represent one of America's greatest counterintelligence failures.

Topics discussed:

• The evolution of Chinese cyber operations from noisy, sloppy techniques in 2010 to today's sophisticated threats that represent unprecedented counterintelligence failures.
• How the Volt Typhoon intrusions into critical infrastructure serve as "preparation of the battlefield" designed to impede America's ability to defend Taiwan during potential conflict.
• The concrete evidence of China's Taiwan invasion preparations, including specialized bridge barges designed to land armored forces directly onto Taiwan's highways.
• Why Taiwan's 40% share of global semiconductor manufacturing creates catastrophic economic risk that could trigger a 5% compression in global GDP if disrupted.
• The fundamental flaw in prevention-focused security models and why CrowdStrike's hunt-focused approach better addresses persistent nation-state threats.
• Why the concept of "deterrence by denial" fails in cyberspace, unlike in physical warfare where anti-ship capabilities and other tactics can effectively deter invasion.
• The organizational dysfunction in US government cybersecurity, where even CISA lacks operational control over civilian networks and agencies operate in silos.

Key Takeaways: 

• Implement a hunt-focused security strategy that assumes adversaries will penetrate initial defenses, allocating resources to rapidly detect and eject intruders during their post-exploitation activities before they can accomplish objectives.
• Evaluate your organization's target value to nation state actors rather than simply comparing your defenses to industry peers, recognizing that highly valuable targets will face persistent campaigns lasting years, regardless of defensive measures.
• Acknowledge the inherent tension between security and availability requirements in your industry, developing tailored frameworks that balance operational resilience against the risk of catastrophic compromise.
• Diversify semiconductor supply chains in your technology procurement strategy to reduce dependency on Taiwan-manufactured chips, preparing contingency plans for severe disruptions in global chip availability.
• Incorporate geopolitical risk analysis into your security planning, particularly regarding China-Taiwan tensions and the projected window of heightened vulnerability identified by intelligence experts.
• Revise incident response playbooks to address sophisticated nation-state intrusions like Volt Typhoon that target critical infrastructure as "preparation of the battlefield" rather than immediate data theft.
• Establish clear security governance across organizational silos, addressing the dysfunction that plagues even government agencies where CISA lacks operational control over civilian networks.
• Shift security metrics from prevention-focused measurements to detection speed, dwell time reduction, and ability to prevent objective completion even after initial compromise.
• Challenge assumptions about deterrence by denial in your security architecture, recognizing that unlike physical defenses, cyber adversaries have virtually unlimited attack vectors requiring fundamentally different defensive approaches.
• Prioritize protection of your most valuable digital assets based on adversary objectives rather than spreading resources evenly, recognizing that nation-state actors will specifically target strategic information regardless of general security posture.

“You can have anti-ship capabilities, landmines, other artillery systems, etc. that can sink the invasion fleet and put it at the bottom of the Taiwan Strait, preventing China from attempting to do this. That is deterrence by denial. But you can't do that in cyber because just because they tried one way in, they tried a piece of malware, they tried an exploit or spear phish and it didn't work. They have practically an unlimited supply of them in their back pocket to keep trying if they're a well-resourced adversary. So you're not denying them anything, you're just delaying the inevitable when that happens, so you cannot deter an adversary by denial in cyberspace, I believe.” 24:22-25:05