Trump releases US National Cyber Strategy

“This strategy builds on President Trump’s actions to date, and requires a level of coordination, commitment, and political will never before marshalled against cyber threats. President Trump’s leadership has created a new era in cyber space.”

The six pillars – shape adversary behaviour; promote common sense regulation; modernise and secure federal government networks; secure critical infrastructure; sustain critical and emerging technologies; and build talent and capacity – aim to bolster the US’ cyber capabilities across all areas.

For example, the first pillar targets cyber criminal and state-sponsored actors, explaining that the private sector will be incentivised to “identify and disrupt adversaries before they breach our networks and systems”.

Similarly, the fourth pillar aims to bolster the security of critical infrastructure, such as “the energy grid, financial and telecommunication systems, data centres, water utilities, and hospitals”, to deny criminals and adversaries initial access and promote rapid recovery.

The fifth pillar outlines continued investment in technology, something the US is already pushing to prioritise with AI.

“Securing American innovation and protecting our national intellectual advantage will be paramount. We will build secure technologies and supply chains that protect user privacy from design to deployment, including supporting the security of cryptocurrencies and blockchain technologies. We will promote the adoption of post-quantum cryptography and secure quantum computing. And we will secure the AI technology stack – including our data centres – and promote innovation in AI security,” the release said.

VIEW ALL

“We will swiftly implement AI-enabled cyber tools to detect, divert, and deceive threat actors. We will rapidly adopt and promote agentic AI in ways that securely scale network defence and disruption. Through cyber diplomacy, we will ensure that AI – particularly generative AI and agentic AI – advances innovation and global stability. We will secure the data, infrastructure, and models that underpin US leadership in AI, and we will call out and frustrate the spread of foreign AI platforms that censor, surveil, and mislead their users.”

President Trump celebrated the strategy, calling it a move to partner the US’ military strength with equivalent power in the digital space.

“Our cyber tools and operators are the best in the world – and we are empowering them to defend America by disrupting and disorienting our adversaries, and denying them a safe haven,” he said.

“The United States has capabilities that the rest of the world can only begin to imagine. Our warriors in cyber space are working everyday to ensure that anyone who would seek to harm America will pay the steepest and most terrible price.”

Aviatrix CEO Doug Merritt said that while the plan sounds good, it has fundamental flaws.

“The administration’s cyber strategy is an important step in recognising that cyber security is now inseparable from national security and economic resilience. But the plan overlooks some of the most pressing cyber security gaps today. The reality is the very nature of cyber risk has fundamentally changed. Today’s most damaging attacks rarely begin at the perimeter. They move laterally through the digital fabric connecting workloads, applications and services across cloud and hybrid environments,” he said.

“That complexity and nuance are often underappreciated outside the security community. As geopolitical tensions rise and cyber operations increasingly accompany kinetic conflict, securing the infrastructure that connects modern systems will require new approaches that embed protection directly into the architecture itself.

“This is where the concept of a cloud native security fabric becomes important. Security can no longer sit at the perimeter or exist as a patchwork of disconnected tools. It has to be embedded into the infrastructure itself so that policy enforcement, inspection, and segmentation follow workloads wherever they run.

“These gaps are also why industry leaders are increasingly engaging with policymakers. That’s why I’m actively working with lawmakers in Washington to advance national security legislation aimed at addressing these structural weaknesses in cloud and hybrid infrastructure security.”

Trump’s words come after news that the US Cybersecurity and Infrastructure Agency (CISA) is suffering from low staff and morale.

According to sources speaking with Cyberscoop’s Tim Starks, CISA has suffered greatly following layoffs and cuts resulting from the Trump administration’s first year in power, with roughly a third of staff being axed, while hundreds of other staff were reassigned to assist with other Department of Homeland Security agencies.

The agency is reportedly operating at around 38 per cent of its staff levels since the government shutdown that began on 14 February last year and has been without a permanent director since Trump took office.

Realistically, CISA has had a unique target on its back since 2020, after Trump blamed the agency for his loss in the 2020 election, citing claims of electoral fraud. For Project 2025, Trump recommended that CISA be dismantled, which, combined with a distaste for the agency among Republicans who backed Trump’s election claims, meant that the agency is in dire straits.

“Year one was a tough year for the agency,” said House Homeland Security Committee chairman Andrew Garbarino, R-NY, who added that a “lot of the best and brightest have left the agency”.

“The amount of cyber attacks that our nation is seeing every day, both on the private side and on the federal government side – you want your best people there fighting against it, and if they’re somewhere else, it definitely leaves us all vulnerable.”