The Trump administration on Friday released a cybersecurity strategy that commits the U.S. to disrupting malicious cyber threat actors, protecting critical infrastructure, harnessing the power of AI and reducing regulations on businesses.
The seven-page Cyber Strategy for America offers no details about how the government will implement the six pillars of President Donald Trump’s ambitious cybersecurity agenda. But it is suffused with rhetoric that echoes Trump’s “America First” messaging, boasting about U.S. military operations against Iran and Venezuela and threatening to wreak havoc on nations that attack the U.S. in cyberspace.
“Unlike other Administrations,” the document says, “the Trump Administration will not tinker at the edges and apply partial measures and ambiguous strategies that neglect the growing number and severity of cyber threats.”
Instead, according to the strategy, the U.S. will embrace “unprecedented coordination across government and the private sector to invest in the best technologies and continue world-class innovation, and to make the most of America’s cyber capabilities for both offensive and defensive missions.”
Deterring foreign hackers
With nation-state actors and cybercriminals increasingly disrupting U.S. companies’ operations and threatening vital infrastructure, the strategy says the U.S. must find a way to impose costs on adversaries that discourage them from targeting American networks.
The Trump administration plans to “unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities,” according to the strategy. The document calls for new efforts to stop intrusions before they compromise important systems and “erode [attackers’] capacity and capabilities.”
The document could presage an increased role for U.S. Cyber Command, the military unit that protects Defense Department networks and penetrates foreign infrastructure for espionage and disruption missions. “Our warriors in cyberspace are working everyday to ensure that anyone who would seek to harm America will pay the steepest and most terrible price,” the strategy says.
The section on countering adversaries addresses both government-backed operatives and criminal groups. “Cybercrime and intellectual property theft are some of the greatest threats to global economies,” the document says. “We will uproot criminal infrastructure and deny financial exit and safe haven.”
As part of that effort, Trump on Friday signed an executive order focused on crippling transnational criminal organizations engaged in cybercrime.
“We will work together to create real risk for adversaries who seek to harm us,” the new strategy says, “and impose consequences on those who do act against us.”
Securing critical infrastructure
The strategy touches briefly on the importance of hardening the defenses protecting power grids, hospitals, water systems and other critical infrastructure. The Trump administration is promising to “identify, prioritize, and harden” this infrastructure, an initiative that could resemble the Cybersecurity and Infrastructure Security Agency’s “National Critical Functions” initiative during the Biden administration.
The Trump administration has dramatically downsized CISA and left its remaining workforce demoralized and rudderless, raising questions about how effectively the agency can spearhead the new strategy’s infrastructure protection pillar.
Trump has also called on states to assume more of the burden for defending the infrastructure on their soil, much to the frustration of local leaders who say they can’t afford to do that work. The new strategy appears to take a conciliatory approach to the burden-sharing issue, declaring that the federal government “will galvanize the role of state, local, Tribal, and territorial authorities as a complement to—not a substitute for—our national cybersecurity efforts.”
Easing regulations on businesses
The business community’s biggest cybersecurity-related request of the Trump administration has been to reduce regulations, and the strategy promises that the government will do just that.
“Cyber defense should not be reduced to a costly checklist that delays preparedness, action, and response,” the document says. “We will streamline cyber regulations to reduce compliance burdens, address liability, and better align regulators and industry globally.”
The Biden administration implemented new cybersecurity regulations for several critical infrastructure sectors and began enacting a congressionally required incident-reporting rule covering all sectors. But the Trump administration has delayed that rule to seek more industry feedback, and federal leaders now say they want to avoid overly burdening security professionals in the middle of incident response.
“We will remove burdensome, ineffective regulations so that our industry partners innovate quickly in emerging technologies,” the new strategy says. “Partners in the private sector must be able to respond and recover quickly to ensure continuity of the American economy.”
Leading on AI, other critical technologies
The Trump administration has described AI as one of the most important technological developments in modern history and stressed the importance of the U.S. dominating the AI market, especially amid competition with China. The strategy discusses AI’s economic and national security benefits and says the government will work with the private sector and foreign partners to nurture the success of U.S. vendors.
The government also plans to increase its use of AI for network defense, according to the document. “We will swiftly implement AI-enabled cyber tools to detect, divert, and deceive threat actors,” the strategy says, vowing to “rapidly adopt and promote agentic AI” as well.
Other new technologies receive brief mentions in the strategy, including post-quantum encryption algorithms, which the government is encouraging businesses to prepare to adopt.
“We will build secure technologies and supply chains that protect user privacy from design to deployment, including supporting the security of cryptocurrencies and blockchain technologies,” the strategy promises. “We will promote the adoption of post-quantum cryptography and secure quantum computing.”
The document also hints at the Trump administration’s intention to fight against international standards for AI that seek to limit harms such as bias and disinformation. “We will engage internationally through diplomacy, commerce, and operations to ensure norms and standards reflect our values,” the strategy says.
Promises on workforce, federal networks
The strategy also addresses two other cybersecurity issues that often receive less attention: expanding the pool of American workers qualified for cybersecurity jobs and improving the federal government’s ability to keep hackers out of its own networks.
“We need a pipeline that develops and shares talent,” the strategy says in a brief section on workforce development. “We will eliminate roadblocks that prevent industry, academia, government, and the military from aligning incentives and building a highly skilled cyber workforce.”
On the topic of securing government networks, the Trump administration vowed to “accelerate the modernization, defensibility, and resilience of federal information systems,” including by adopting post-quantum cryptography, implementing zero-trust architecture and moving more information systems to cloud platforms. In addition, the document says, “AI-powered cybersecurity solutions” will help the government “defend federal networks and deter intrusions at scale.”
