Listen to the article
The White House’s new national cybersecurity strategy calls for responding more directly to threats and securing critical U.S. technologies.
As described in a seven-page document released on Friday afternoon, the strategy has six pillars: shape adversary behavior; promote common-sense regulation; modernize and secure federal government networks; secure critical infrastructure; sustain superiority in critical and emerging technologies; and build cyber talent and capacity.
In a signed introduction to the document, President Donald Trump wrote that his strategy “calls for unprecedented coordination across government and the private sector to invest in the best technologies and continue world-class innovation, and to make the most of America’s cyber capabilities for both offensive and defensive missions.”
This includes a more gloves-off approach to cyber threats, aligning the White House’s stated goal of more forcefully responding to organizations who target U.S. networks.
“Unlike other Administrations, the Trump Administration will not tinker at the edges and apply partial measures and ambiguous strategies that neglect the growing number and severity of cyber threats,” the strategy said. “President Trump will continue to address threats in cyberspace directly.”
The strategy mentioned cyber forces’ contributions to the administration’s efforts “to obliterate Iran’s nuclear infrastructure” and its January operation that captured Venezuelan leader Nicolás Maduro.
The document said the White House would pursue its more offensive-focused cyber strategy by, in part, moving to “unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” It also detailed plans for a more global response to threats.
“Defending cyberspace and safeguarding freedom is a collective effort — the distribution of cost and responsibility must be fair across the U.S. and allies who share our democratic values,” the document said. “We will work together to create real risk for adversaries who seek to harm us, and impose consequences on those who do act against us.”
The strategy also called for efforts to maintain U.S. leadership in the development of artificial intelligence tools, to promote quantum computing and post-quantum cryptography, and to support “the security of cryptocurrencies and blockchain technologies.”
It said the administration “will work to adopt AI-powered cybersecurity solutions to defend federal networks and deter intrusions at scale,” as well as “remove barriers to entry so that the government can buy and use the best technology.”
The new strategy is noticeably shorter than previous versions of such documents. The one issued in 2018 during Trump’s first term was 40 pages, while the document issued by then-President Joe Biden in 2023 was 39 pages. Both outlined several objectives under each pillar.
Along with the new strategy, the White House issued an executive order meant to fight “cybercrime, fraud, and predatory schemes.” That order, in part, directs the attorney general to provide recommendations for the creation of a “Victims Restoration Program” to compensate fraud victims with money seized from or forfeited by fraudsters.
Several U.S. companies voiced support for the administration’s stated goal of working more closely with industry and its promotion of domestic AI development.
“President Trump’s cybersecurity strategy is a significant shift — one that empowers the private sector to partner with the administration to defend American systems and deliver a robust, collective response to nation-state hackers,” Trellix Chief Public Policy Officer Tom Gann said in a statement. “From shaping adversary behavior to modernizing federal cybersecurity and driving innovation, this is a holistic approach to a growing threat, and the private sector is ready to be a meaningful partner in that effort.”
Bill Wright, the global head of government affairs at Elastic, said that “redirecting resources from paperwork to AI-powered security capabilities is the only way to keep pace with modern threats and adversaries who operate at great speed,” and added that “this strategy appears to recognize that fundamental truth.”
Not all of the early feedback, however, was positive.
Rep. Bennie Thompson, D-Miss., the ranking member of the Homeland Security Committee, called the strategy “impressively underachieving, even by the abysmal standards this Administration has set for itself.”
“Completely lacking is even the most basic blueprint for how the Administration will go about achieving any of its cybersecurity goals — an objective possibly hamstrung by the hemorrhage in cyber talent across all Federal agencies since Trump took office,” Thompson said.
Nextgov/FCW Cybersecurity Reporter David DiMolfetta contributed to this report.
Read the full article here

25 Comments
I’m skeptical about the feasibility of ‘unleashing the private sector’ to identify and disrupt adversary networks, given the complexity and scale of the threat landscape.
The new national cybersecurity strategy’s focus on shaping adversary behavior through more direct responses to threats is a significant shift, and I’m curious to see how this will play out in practice.
It’s about time the US took a more proactive stance on cyber threats, considering the growing number and severity of attacks.
The strategy’s emphasis on international cooperation and collective defense is crucial, given the global nature of cyber threats and the need for a unified response.
The strategy’s call for a more global response to threats is timely, given the increasing interconnectedness of the world and the need for a coordinated response to cyber threats.
The emphasis on sustaining superiority in critical and emerging technologies is essential for maintaining US leadership in the cyber domain and ensuring the country’s long-term security and competitiveness.
I’m concerned that the strategy’s focus on offense might lead to a lack of emphasis on defense and the protection of critical infrastructure, which is essential for national security and economic well-being.
I’m concerned that the ‘more gloves-off approach’ to cyber threats might lead to unintended consequences, such as escalating tensions with other nations or compromising civilian infrastructure.
The strategy’s emphasis on modernizing and securing federal government networks is crucial, given the numerous breaches in recent years, and I hope this will include implementing more robust encryption and access controls.
I’m curious to see how the administration plans to balance the need for cooperation with the need to protect US interests and maintain its competitive edge in the cyber domain.
The strategy’s reference to the security of cryptocurrencies and blockchain technologies is noteworthy, as this is an area where the US can take a lead in setting standards and best practices.
The mention of ‘imposing consequences’ on adversaries who act against the US raises questions about the nature of these consequences and how they will be enforced.
This could involve a range of measures, from diplomatic sanctions to more overt forms of retaliation, and it will be important to consider the potential risks and unintended consequences.
The emphasis on promoting quantum computing and post-quantum cryptography is forward-thinking, as it acknowledges the need to stay ahead of the curve in terms of cryptographic techniques and technologies.
The fact that the strategy mentions the January operation that captured Venezuelan leader Nicolás Maduro suggests a more proactive approach to using cyber capabilities in support of military operations.
This raises questions about the role of cyber warfare in modern conflict and the potential for unintended consequences or escalation.
The strategy’s call for maintaining US leadership in the development of artificial intelligence tools is timely, considering the rapid advancements in AI-powered cyber attacks and defenses.
The fact that this strategy is noticeably shorter than previous versions, at only 7 pages, suggests a more streamlined approach, but I worry that this might also mean a lack of depth and detail in the planning.
Perhaps the brevity is a deliberate choice to make the strategy more adaptable and responsive to emerging threats.
The mention of cyber forces’ contributions to the administration’s efforts to ‘obliterate Iran’s nuclear infrastructure’ raises questions about the boundaries between cyber warfare and traditional military operations.
This is a slippery slope, and we need to consider the potential long-term repercussions of using cyber attacks as a tool of foreign policy.
I’m interested in seeing how the administration plans to ‘remove barriers to entry’ for the government to buy and use the best technology, given the often Byzantine procurement processes in place.
I’m supportive of the strategy’s focus on building cyber talent and capacity, as this is essential for developing a robust and sustainable cybersecurity workforce.
The goal of adopting AI-powered cybersecurity solutions to defend federal networks and deter intrusions at scale is ambitious, and I hope this will be accompanied by significant investments in AI research and development.
This will likely require a substantial increase in funding for AI-related initiatives, as well as a concerted effort to attract and retain top AI talent.