New White House cyber strategy calls for aggressively confronting adversaries, securing critical systems
The White House released Friday the first national cybersecurity strategy of President Donald Trump’s second term with an outline of six priority areas led by an endorsement of offensive cyber operations as a tool to “detect, confront, and defeat cyber adversaries before they breach our networks and systems.”
In four pages of text, “President Trump’s Cyber Strategy for America” lauds “cyber operators and tools” used in operations against Iran and Venezuela as “the best in the world” and emphasizes acting “swiftly, deliberately, and proactively to disable cyber threats to America.”
The strategy is built around six “pillars,” which were previewed by National Cyber Director Sean Cairncross last month and are expected to be further developed by the Office of the National Cyber Director.
The first pillar focuses on aggressively confronting “sophisticated military, intelligence, and criminal adversaries in cyberspace.”
“We will deploy the full suite of U.S. government defensive and offensive cyber operations,” the strategy states. “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.”
Next, the strategy vows to “promote common sense regulation” that doesn’t subject stakeholders to a “costly checklist.”
“We will streamline cyber regulations to reduce compliance burdens, address liability, and better align regulators and industry globally,” says the description for this second pillar. “We will streamline data and cybersecurity regulations to ensure that the private sector has the agility necessary to keep pace with rapidly evolving threats.”
The third pillar is centered on modernizing and security federal networks, including addressing post-quantum cryptography and zero-trust architecture while prioritizing the security and resilience of systems critical to national security. “We will work to adopt AI-powered cybersecurity solutions to defend federal networks and deter intrusions at scale,” the strategy states.
The next pillar focuses on critical infrastructure security, specifically calling out the defense sector, energy grid, financial and telecommunication systems, data centers, water utilities and hospitals as sectors in which government and industry should throw muscle behind “securing information and operational technology supply chains.”
“We must move away from adversary vendors and products, promoting and employing U.S. technologies,” the strategy continues. “We will deny our adversaries initial access, and in the event of an incident, we must be able to recover quickly. We will galvanize the role of state, local, Tribal, and territorial authorities as a complement to — not a substitute for — our national cybersecurity efforts.”
WATCH: McCrary Institute Director Frank Cilluffo gets reaction to the cyber strategy from senior fellows Cynthia Kaiser and Mark Montgomery
As the fifth pillar, the strategy calls sustaining superiority in critical and emerging technologies “paramount.”
“We will build secure technologies and supply chains that protect user privacy from design to deployment, including supporting the security of cryptocurrencies and blockchain technologies,” the document says. “We will promote the adoption of post-quantum cryptography and secure quantum computing.” This includes securing AI infrastructure and ensuring AI “advances innovation and global stability.”
“We will secure the data, infrastructure, and models that underpin U.S. leadership in AI and we will call out and frustrate the spread of foreign AI platforms that censor, surveil, and mislead their users,” the strategy adds.
The final pillar focuses on building the cyber workforce as “an asset worthy of great investment” and emphasizes that a talent pipeline “must be pragmatic and accessible.”
“We will eliminate roadblocks that prevent industry, academia, government, and the military from aligning incentives and building a highly skilled cyber workforce,” the strategy says.
House Homeland Security Committee Chairman Andrew Garbarino (R-N.Y.) didn’t issue an immediate response to the strategy, but said at a December McCrary Institute event that he wanted to see proactive offensive cyber capabilities take a prime role along with components on regulatory harmonization and beefing up the cyber workforce.
Ranking Member Bennie Thompson (D-Miss.) released a statement Friday calling the strategy “impressively underachieving” and lacking implementation details.
“What little ‘substance’ does exist in this pamphlet is a mishmash of vague platitudes, a long catalogue of ‘we will’ statements that may or may not match the Administration’s current behavior, and, mercifully, an apparent extension of some Biden-era policies,” Thompson said.
Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security, the parent organization of Threat Beat, said in a statement that the strategy “provides important policy direction towards a whole-of-government approach that will better protect Americans in the fast-moving digital world.”
“For too long, we haven’t deterred our enemies,” Cilluffo added. “Volt Typhoon crossed a line. The strategy sets us on a path where, in future scenarios, we could more thoughtfully use our offensive tools to protect our nation’s critical infrastructure.”
The White House also released an executive order Friday directing the departments of State, Treasury, Defense, Justice and Homeland Security to work with the ONCD to combat scam centers and cybercrime by going after the transnational criminal organizations behind these operations. This includes directing the Cybersecurity and Infrastructure Security Agency to provide training, technical assistance and resilience building to state, local, tribal and territorial partners.
“The Secretary of State shall take all necessary and appropriate steps to ensure that nations that tolerate such predatory activity shall face consequences consistent with United States law and policy, such as the limitation of foreign assistance, the application of targeted sanctions, visa restrictions, trade penalties, and, where appropriate, the immediate expulsion from the United States of foreign officials and diplomats complicit in these schemes,” the order adds.