Our nation has entered a new fraud arms race fueled by AI.

With billions of dollars in fraud losses mounting in both the private and public sectors, it’s clear the old ways of deterring fraud aren’t working. That’s why we need a new playbook that starts with understanding how fraudsters operate, evolving our defenses, and shifting to a proactive posture that doesn’t just fight fraud but actively hunts it down. 

In the AI era, treating fraud as just a front-door problem won’t work. This moment requires industry, government, and consumers to work together, reduce silos, and share real-time intelligence. The goal is to move beyond reactive detection by understanding the lifecycle of a threat—from its formation to its spread—so we can intervene before it establishes a foothold.

For decades, fraud has been treated like a series of isolated incidents. This false assumption has underpinned nearly every past effort to crack down on it. Those efforts, while well-intentioned, have missed the mark. 

Now, in light of the Trump Administration’s Cyber Strategy for America and accompanying executive order, it’s critical to understand the modern fraud landscape and the central role that digital identity exploitation plays within it.

New research from Socure reveals just how dramatically the landscape is evolving. 

Fraud has become industrialized, with organized crime syndicates running operations that are global, systemic, automated, and powered by AI. No organization, service, or program is safe. Fraudsters target government programs, banks, fintech platforms, telecom companies, and more, blurring the lines between public sector fraud, financial crime, and cybercrime.

It used to be that fraud could be detected through the reuse of identity elements across multiple applications: the same email, device, phone number, or IP address used over and over. 

But the data is clear: these links are declining fast. Today’s sophisticated fraudsters are now engineering their attacks to avoid traditional fraud detection patterns. Our research demonstrates that emails will be completely unique within fraud populations as soon as 2027, so we won’t be able to rely on email to identify patterns.

Speed is another defining feature of modern identity fraud. Fraudsters use AI to create clean, durable, synthetic and stolen identities at scale. In one observed campaign, 24,148 synthetic identities were built and launched in under a month, with many attacks occurring within 48 hours. What once took weeks or even months can now be completed in days. 

The rapid rise of identity farms is another indicator of the industrialization of fraud. Identity farms are operated by crime rings to systematically create synthetic or stolen identities over time in order to closely resemble legitimate identities. Matured identities are used to open bank, credit, and money-movement accounts, siphon government benefits, launder funds, and more. These identity farms focus on durable identities that can bypass traditional verification controls.

So what should we do? Simply put, we must go on offense. 

This means treating identity as critical infrastructure and implementing strategies that track how identities were created before the moment of application; expanding signals monitoring to include elements like residential proxies, ISP behavior, and domain registration activity; evaluating velocity and orchestration in real-time; and treating continuous measurement, rapid model iteration, and cross-industry intelligence as core capabilities.

Additionally, given the rapid scaling of fraud, we need more analysis of the complete ecosystem, including dynamic factors like device information, digital footprints, and behavioral biometrics so organizations can effectively distinguish genuine humans from machines. Ultimately, this layered and interconnected approach makes it significantly harder for malicious actors to recreate or steal identities at scale.

Fraud is no longer a series of isolated acts. It is a coordinated, global enterprise built on the exploitation of identity. Until our efforts reflect this new reality, we will continue to fight an imminent and ongoing threat with outdated tools and fall further behind. 

Now is the time to make this strategic shift and finally put fraudsters on their heels. 

Mike Cook serves as head of fraud insights at Socure, the identity and risk platform for the AI age.

The post Don’t just fight fraud, hunt it appeared first on CyberScoop.

SAN FRANCISCO — The Trump administration’s two-week old cyber strategy that aims to promote more proactive, offensive actions while bolstering federal networks and critical infrastructure, is a significant shift that’s already materializing in meaningful ways, a group of experts said Monday at the RSAC 2026 Conference. 

Despite the federal government’s absence from the industry’s largest annual gathering, and the long-anticipated document’s brevity, representatives from a major cybersecurity vendor, consulting, venture capital and law firm were quick to defend and evangelize the administration’s strategic actions in cyberspace. 

The freshly-released strategy puts the federal government on firm footing to move beyond deterrence and into action, said David Lashway, partner and global leader of cybersecurity and national security at Sidley Austin. 

“We are going to take offensive and defensive action with the most powerful cyber capability that the world’s ever seen, and hopefully will ever know,” he said. 

This doesn’t mean, as some industry observers have suggested, that the Trump administration is pushing private companies to hack back. 

The scale and whole of government response is the key difference between the latest federal cyber strategy and what administrations have called for over the past decade, Lashway said. 

Instead of relying on private lawyers to get a nationwide injunction and collaborate with dozens of governments for massive takedowns, or government agencies collaborating with private security companies on a limited basis, the strategy aims to mobilize “the massive infrastructure and capability of the United States in a more coordinated way,” he added. 

This strategic pivot won’t achieve all of its objectives immediately, but it’s already showing signs of impact, according to Lashway. “It’s been different since they issued the strategy,” he said. “We’ve already noticed a difference.”

Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, said she’s also seen more collaboration in the private sector.

“While there’s no doubt challenges related to current staffing and the dynamic environment going on with the government, I have never before seen as much action and cooperation as we are seeing today, and that’s from every government agency that we’re working with,” Whitmore said. 

“There is certainly a tremendous shift in the level of discussion that we get from the government today,” she added. “It’s a very proactive, kind of muscular dialogue that’s different from what I’ve previously seen.”

Experts said that earlier concerns about triggering backlash and worsening already fragile systems had kept the federal government from taking certain actions, but that caution is now being reconsidered.

“The government’s going to start punching people in the face,” said Jamil Jaffer, venture partner and strategic advisor at Paladin Capital Group. 

Trump administration officials have told the private sector it wants their help and they need to be well defended, he added. “If we do live in glass houses, well, everyone’s going to need to start putting more glass up.”

Jaffer expects the Trump administration to prevent and respond to intrusions aggressively and publicly. “Half the problem with deterrence today is we don’t actually practice real deterrence when it comes to the cyber domain. We don’t punch people back,” he said. 

The dynamic and proper response, to him, is akin to a child responding to a bully at school. 

“If you get hit in the face, punch them back in the face,” Jaffer said. “Do it publicly. Everyone sees it. Less people come after you.”

The post Experts insist Trump administration’s cyber strategy is already paying off appeared first on CyberScoop.

The recently released executive order targeting cybercrime, fraud, and predatory schemes uses language the federal government has often avoided. Now, for the first time, the Trump administration is echoing what the cybersecurity industry has been shouting for years: cyber-enabled fraud is a product of transnational organized crime.

That distinction matters because organized crime requires an organized response.

Cybercrime is now the world’s fastest-growing criminal economy, built on stealing from everyday people. It is no longer a loose collection of hoodie-wearing hackers in basements or misfits trading malware in online forums. It is a mature global industry operating at scale. In the entirety of human history, there has not been a transfer of wealth of this magnitude since the era of pillaging empires. We have just gotten so used to it that it feels like background noise.

Modern cybercrime groups look less like street gangs and more like corporations. They run structured operations, complete with HR departments, training pipelines, performance metrics, and technology stacks that rival most enterprise companies. Their attackers don’t rely on sophisticated exploits — they think like expert investigators, systematically probing for weaknesses, exploiting psychological pressure, manipulating insiders, and using deception to move through gaps that defenders left open. They operate around the clock, in every time zone, and increasingly use AI to automate attacks at a scale that once required highly skilled operators.

Worse yet is that many of these operations rely on forced labor. Scam compounds in Southeast Asia run like factory floors, with rows of trafficked workers carrying out romance scams, cryptocurrency fraud, and impersonation schemes under threat of violence.

Their goal is to make fraud faster and more profitable. The result is a global criminal ecosystem that extends far beyond online scams. It fuels human trafficking, weapons smuggling, political corruption, compromised organ systems, and even nuclear programs.

If the federal government is ready to recognize what the industry has known — that cybercrime truly operates like an organized global industry — then responding to it solely through traditional law enforcement is not enough. The question goes beyond how governments apply sanctions, coordinate investigations, or pressure jurisdictions that harbor these operations. The greater question is whether the private sector is willing to help dismantle the infrastructure that allows this industry to thrive.

One word changes everything

I want to be specific about why this executive order is different, because the language is not accidental.

The order doesn’t just call these groups “hackers” or “organized crime.” It calls them transnational criminal organizations (TCOs). That word carries legal and operational weight that most coverage has glossed over. Transnational is the jurisdictional framing that authorizes an entirely different class of response. It is the same threshold that moves a case from local law enforcement to federal jurisdiction and beyond.

Pair that with what follows – “law enforcement, diplomacy, and potential offensive actions” – and you are reading something that goes well beyond a policy memo. Notice the sequence: diplomacy before offensive action is proportionality doctrine. But the administration did not rule out offensive action. The document also calls for deploying the “full suite of U.S. government defensive and offensive cyber operations” and uses the word “shape” as its first pillar of action. In military doctrine, shaping an adversary’s behavior does not mean gentle persuasion. It means force is part of the calculus.

This is not the language of a consumer protection policy. Whoever wrote this has studied the opposition.

An organized threat demands an organized response

The executive order draws a line in the sand: cybercrime has outgrown its origins as a consumer protection issue. It’s now a fundamental threat to economic stability and national security. But tackling an industry operating at this scale requires more than government action alone. The order’s answer is to mobilize the private sector – giving companies the green light to identify and disrupt adversary networks.

That framing matters.

The private sector sees the machinery of cybercrime every day. Security vendors, major platforms, and infrastructure providers spot the command-and-control servers, malicious domains, and payment pipelines that keep these operations moving. Too often, that intelligence is used only to defend commercial interests, when in reality, it should also be used to disrupt the networks behind the attacks. When criminal groups lose core infrastructure, they have to rebuild. That costs time. That costs money. That creates pressure.

At the same time, the order puts a question squarely before the private sector: How far is it willing to go, and under what terms? I spent my career believing “minimal force” matters. Precise, proportionate action prevents escalation and avoids creating cascading problems. As we move beyond a defense-only approach, those principles matter more than ever.

There is another question that sits underneath all of this: How far does “potential offensive actions” actually go? Does it stop at cyberspace? Financial sanctions? Asked bluntly, “Will leaders and shareholders know whether providing threat intelligence ends with a measured network take-down or an all-out drone strike on the fraudulent call center?”

Organizations need to fix the security weaknesses criminals are exploiting for profit. Most attacks in 2026 do not succeed because criminals are brilliant. They succeed because the basics are missing. No multifactor authentication. Weak Identity controls. Unpatched vulnerabilities sit open for months. Criminals don’t care about your industry or company size. They go where it’s easiest.

When organizations ignore basic security controls, they are doing more than accepting risk. They’re subsidizing the criminal infrastructure that exploits those gaps.

Governments must keep pressure on nations that harbor these operations. Large-scale cybercrime thrives where enforcement is weak or non-existent. The order specifically calls out “nations that tolerate predatory activity”—a signal that safe havens won’t be ignored. Stronger coordination across governments, law enforcement, and private industry can make it much harder for criminals to operate at scale.

The order also targets “foreign TCOs and associated networks,” with “associated networks” being a deliberately broad phrase. Defining who qualifies will be critical. Draw the lines too narrowly and the policy won’t work. Too broadly and you risk dangerous escalation.

Simply put, cybercriminal groups are disciplined because discipline pays. Disrupting them will require the same. It will demand pressure on countries that act as safe havens. It will take dismantling the infrastructure behind these schemes. It will require better basic security across every organization that criminals target.

The executive order is right – Cybercrime is organized. It is industrial. It is ruthless. For the first time in a long time, the response looks like it might be, too. Whether the government, private sector, and public can align around what this actually demands, and what it risks, are still unanswered questions.

After years of watching policy documents gather dust while victim numbers grow, I will take action over perfection every time.

Kyle Hanslovan is a former NSA cyberwarfare operator and CEO of Huntress Labs.

The post Washington is right: Cybercrime is organized crime. Now we need to shut down the business model appeared first on CyberScoop.

Flights canceled. Emergency rooms shut down. Centuries-old companies shuttered.

Ransomware and other similar cyberattacks have become so routine that even those serious human and economic consequences are often overlooked or easily forgotten.

This lack of focus is dangerous.

As former leaders of FBI and CISA cyber units, we’ve seen cybercrime ripple through communities – disrupting critical services, destroying jobs, and sometimes costing lives. Today’s ransomware numbers tell a stark story. The Department of Homeland Security reported more than 5,600 publicly-disclosed ransomware attacks worldwide in 2024, nearly half of them in the United States. The FBI found that ransomware incidents increased nearly nine percent year over year, with almost half targeting critical infrastructure. Attacks on these organizations pose the greatest threat to national security and public safety.

Despite this trend, we’re cautiously optimistic about the administration’s new National Cyber Strategy. It focuses on protecting critical infrastructure and stopping ransomware and cybercrime—threats it correctly elevates to top-tier national security threats.

But success requires sustained action across government and industry. Adversaries are evolving faster than defenses: ransomware attacks now average $2.73 million per incident, driving annual losses into the billions. Attackers have compressed their operations from weeks to hours, disabling Endpoint Detection and Response (EDR) tools and leaving defenders almost no time to stop an attack.

Basic cyber hygiene still matters. But it’s no longer sufficient. Attackers steal valid credentials, exploit known vulnerabilities, disable tools, and move laterally at machine speed, now accelerated by AI. They need a stunningly low level of technical expertise to do so, and AI tools are increasing the speed and scale of their actions.

Our defenses must keep pace with evolving threats. Protecting national security requires immediate action. Automating cyber threat information sharing offers clear benefits, but government agencies need significant structural and technological upgrades before they can effectively share data. This requires sustained investment and oversight.

The government does not have to do this alone. Industry and academia possess tools that could mean the difference between progress and revisiting this same conversation four, eight, or twelve years from now. Forums like CISA’s Joint Cyber Defense Collaborative (JCDC), the National Cyber Investigative Joint Task Force (NCIJTF), and NSA’s Cyber Collaboration Center (CCC) have demonstrated that information fusion and joint operational planning can work. But overlapping missions and unclear playbooks leave companies guessing what to share, when to share it, and with whom. These forums and underlying collaboration mechanisms must be resourced, deconflicted, and made predictable.

Despite the noble efforts of government agencies to share behind-the-scenes and interact with industry with one voice, the current structure remains fragile and dependent on personal relationships. We simply cannot afford this fragility or inefficiency, particularly in an era of constrained government cyber resources and escalating threats.

Effective protection of critical infrastructure requires focused collaboration. The administration’s strategy rightly emphasizes this, but narrowing this focus will not be easy. For years, the government has tried to cover sixteen sectors and hundreds of thousands of entities equally—an impossible task. Equal attention for all is unrealistic. Looking back, we wish we had prioritized more strategically during our time in government.

Prioritization is politically difficult, but operationally necessary. When everything is critical, nothing truly is. For the most important critical infrastructure, we must focus on resilience—ensuring systems can withstand attacks and recover quickly—rather than assuming we can prevent every breach.

The government can take concrete steps now to disrupt the ransomware ecosystem. Ransomware has cost American lives; designating certain ransomware actors and their enablers as Foreign Terrorist Organizations could unlock more powerful sanctions, diplomatic action, and intelligence operations. Sensible regulation holding cryptocurrency exchanges accountable for knowingly laundering ransomware proceeds could weaken criminal business models while strengthening legitimate digital asset markets in the U.S. and allied nations.

The technology and cybersecurity industry has responsibilities, as well. Industry must share actionable intelligence where legally permitted, pressure-test government programs with candid feedback, and support reauthorization of the Cybersecurity Information Sharing Act of 2015.

We all must do our part. Every day that passes without us confronting these critical questions is a gift to our adversaries. This will only be exacerbated by advancements in AI. We are hopeful that the release of this administration’s National Cyber Strategy will spark much-needed debate and decisions about the role of the government and industry in advancing our nation’s cybersecurity and resilience.

Cynthia Kaiser is senior vice president of Halcyon’s Ransomware Research Center. She was formerly Deputy Director of the FBI’s cyber division.

Matt Hartman serves as chief strategy officer at Merlin Group, where he is focused on identifying, accelerating, and scaling the delivery of transformative cyber technologies to the public sector and critical industries. Prior to this role, Matt spent the last five years serving as the senior career cybersecurity official at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security.

The post We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it. appeared first on CyberScoop.

The Trump administration wants to boost the use of artificial intelligence for security in a way that doesn’t increase the number of targets for adversaries to attack, a top official with the Office of the National Cyber Director said Thursday.

The administration will “promote the rapid implementation of AI enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors,” Alexandra Seymour, principal deputy assistant cyber director for policy, said at CyberTalks, presented by CyberScoop. “We want to ensure that as Americans, companies and agencies deploy AI to defend themselves, they are not inadvertently making themselves more vulnerable by widening the attack surface.”

Overall, “We’re working with our interagency and White House colleagues to promote AI-driven success while addressing concerns about AI security and countering AI abuse by adversaries,” she said.

The focus on AI is expected to get further attention from a forthcoming national cyber strategy and the implementation of that strategy due to follow.

“We are prioritizing rapid but secure AI development and diffusion,” Seymour said. “From the start, we will support a full range of counter-AI efforts, assuring our frontier models and countering adversary AI that controls or threatens citizens.”

Seymour reiterated how that means promoting U.S. AI cybersecurity standards and norms, but also  “establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools.”

One of the six pillars of that forthcoming strategy is focused on strengthening the cybersecurity workforce. The administration wants to consolidate existing efforts, drawing on the work of companies, government, academia, vocational schools and venture capital, Seymour said.

The administration wants to align “curriculum, workforce standards, cyber literacy, awards and job placement,” she said.

Seymour said one thing the administration hopes to emulate is Israel’s Unit 8200, an intelligence arm of the Israeli government that counts cyberwarfare among its missions. Its practices for training young talent includes boot camp-like classes and exercises.

“The White House does not want to reinvent the wheel, because we recognize the magnitude of great work in the space across the public and private sectors to train and upskill the cyber workforce,” Seymour said. “Rather, we hope to bring these existing resources all together to build a workforce pipeline that is clear, accessible and responsive to cyber skill gaps, including those related to emerging technologies such as AI and quantum.”

The Trump administration has shed personnel at major cyber agencies across the government.

The post ONCD official says Trump administration aims to bolster AI use for defense without increasing risk appeared first on CyberScoop.

The U.S. government wants the rest of the world to adopt its artificial intelligence cybersecurity standards, a top official with the Office of the National Cyber Director said Thursday.

As part of an effort to advance American AI, the administration will be “undertaking diplomacy efforts to promote American AI cybersecurity standards and norms, establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools,” said Alexandra Seymour, principal deputy assistant national cyber director for policy.

Seymour’s comments at the 2026 Identity, Authentication, and the Road Ahead Policy Forum in Washington, D.C. partially reflect the  Trump administration’s AI Action Plan released last summer, which said the departments of Commerce and State would “vigorously advocate for international AI governance approaches that promote innovation, reflect American values, and counter authoritarian influence,” but doesn’t explicitly mention international promotion of cybersecurity standards.

Some of that effort has already materialized, with internationally oriented guides released in both May and December. The United States also isn’t the only one looking to influence international standards for AI security.

AI also figures into the yet-to-be-released national cybersecurity strategy that Seymour’s office has been developing. And it dovetails with a pillar of the strategy focused on defending federal networks.

“While AI is already helping industries enhance security and address the challenge of escalating cyberattacks, this administration will promote the rapid implementation of AI-enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors on our federal systems,” Seymour said. “We must get our house in order. They need rapid modernization, and we’re working on policies to harden our networks, update our technologies and ensure we’re prepared for a post-quantum future.”

The post US wants to push its view of AI cybersecurity standards to the rest of the world appeared first on CyberScoop.

For decades, the United States government and private sector have worked tirelessly to secure cyberspace, yet our nation remains frighteningly vulnerable to a litany of cyberthreats posed by cybercriminals and foreign adversaries alike. Daily news reports of cyber intrusions ranging from criminal ransomware attacks to foreign state-sponsored intrusions into power, water, and other critical infrastructure systems are a constant reminder that “by almost every measure, the cybersecurity threat landscape is actually worse.” We can, and must, do better. To develop an effective national cybersecurity strategy, policymakers should consider the following ten points.  

Prioritize “Key Systems”

Policymakers should prioritize securing critical infrastructure whose cybersecurity failures could have catastrophic impacts on national security, economic security, public health or safety. Such systems include the electrical grid, water systems, ports, rail and air transportation as well as national, state, and local governments. 

Use Memory Safe languages for key systems

A fundamental cybersecurity problem stems from the widespread use of  software written in unsafe programming languages. These languages, developed in the early days of computing—before cybersecurity was even a consideration—were designed for efficiency, but are vulnerable to a class of programming bugs known as “memory safety errors.” 

Memory safety errors have been described as “today’s biggest attack surface for hackers” and are estimated to be responsible for nearly 70% of software vulnerabilities. Fortunately, today’s memory safe programming languages (e.g., Rust) are specifically designed to eliminate memory safety errors.

The federal government has developed a roadmap to help companies transition to memory safe code, and many companies have begun the journey. Accelerating this transition will significantly strengthen the nation’s cybersecurity.  

Apply formal methods for key systems

Memory-safe languages eliminate many software vulnerabilities but are not a cure-all.  Using “formal methods” offers even greater security. Formal methods rely on mathematical proof “to create ultra-secure, ultra-reliable software.” In fact, when the Defense Advanced Research Projects Agency (DARPA) used formal methods to program a military helicopter’s flight control computer, all subsequent hacking attempts failed.

Formal methods are currently in use by numerous leading technology companies, such as Amazon Web Services and Microsoft, and in high-assurance contexts, such as development of flight-control software. Implementation of formal methods requires some work, but the necessary tools are publicly available, the benefits are significant, and future advancements in automation will likely make implementation even easier. 

Establish resilient architectures

Migrating to resilient architectures based on “zero trust” principles will further strengthen the cybersecurity of key systems. Traditional security models automatically trust users within an organization’s perimeter.  In contrast, zero trust models trust no one by default. Taking a “never trust, always verify” approach, these models reduce the chance of breach by verifying every access request, regardless of where it originates.

Policymakers should ensure that zero trust architectures are established for key critical infrastructure through Congressional action and/or federal regulations akin to those already established for interstate electric transmission, railroads, and pipelines.

Build data resilience

Data resilience is the ability to keep data accessible and uncorrupted, even during a cyberattack. One effective way to improve data resilience is to back up key systems in the cloud—an approach Ukraine famously used just before Russia’s invasion. By migrating thousands of terabytes of critical government data to the cloud, Ukraine was able to maintain government operations despite intense kinetic operations and cyberattacks.

Defend proactively through threat hunting 

Policymakers should ensure that defensive cyber “threat hunting”—proactively searching networks for undetected cyberthreats—is conducted regularly undertaken on key networks.  Many key systems already receive threat hunting services through contracts with private firms, but policymakers should make sure that every key system is covered, potentially by establishing necessary baseline requirements. While private companies can provide much of this support, government agencies— such as the Coast Guard under its “Captain of the Port” authorities to protect critical port infrastructure—can also play a role. Finally, because defensive threat hunting on key networks serves the public interest, Congress should consider providing financial support, such as tax credits or dedicated budget allocations.

Coordinate government and private sector cybersecurity actions

Effective cybersecurity requires close collaboration between the government and the private sector. To ensure this coordination, a central body overseen by the National Cyber Director should be established. The NCD would act as a “head coach,” guiding efforts across both sectors, while leaving day-to-day operations to the organizations best equipped to handle them.

Establish “Regional Resilience Districts” 

Policymakers should support regional approaches to cybersecurity, which help manage risks across sectors in critical areas. Piloting regional resilience districts in places with major military installations, such as Charleston, South Carolina or the Houston ship channel, would strengthen cross-sector protection, limit cascading effects from cybersecurity failures, and improve recovery from major attacks.

Incorporate adversary disruption into cyber campaigns 

Policymakers should collaborate with key private sector firms to assess their ability to disrupt adversarial cyber attacks—for example, by banning entities that violate terms of service from their networks. They should then determine when and how private sector and government actions, whether individually or together, can most effectively contribute to disrupting adversaries.

Governments have previously worked with the private sector to take down criminal cyber organizations, sometimes using the Fourth Amendment’s asset seizure authority. Given the rise in cyber intrusions by both criminals (e.g., ransomware operators) and nation-state adversaries (e.g., China’s Typhoons), policymakers should consider expanding these efforts beyond asset seizure to include active disruption.

Capitalize on emerging technology 

Finally, policymakers should leverage the innovation pipeline—including expertise from industry, government, federal R&D centers, national laboratories, and academia—to effectively apply emerging technologies like artificial intelligence in support of both offensive and defensive cybersecurity missions. 

Cybersecurity policymakers have a unique opportunity to dramatically strengthen our digital defenses by following the ten steps outlined above. Implementing these measures will help safeguard national security, critical infrastructure, and the public good in an increasingly complex threat environment. The time for decisive action is now.

This op-ed is derived from the forthcoming Atlantic Council report by the authors on “Cybersecurity Strategy for the United States.”

Franklin D. Kramer is a distinguished fellow at and serves on the board of the Atlantic Council. He is a former assistant secretary of defense for international security affairs.

Robert J. Butler is the co-founder and managing director of Cyber Strategies LLC, served as the first deputy assistant secretary of defense for space and cyber policy, and served as the Chief Security Officer for IO Data Centers, a global data center enterprise, among other cybersecurity-related roles in both corporate and government organizations.

Melanie J. Teplinsky is an adjunct professor and senior fellow in the Technology, Law and Security Program at American University (AU), Washington College of Law.  She previously practiced technology law at Steptoe & Jonson LLP and served on the pre-IPO advisory board for CrowdStrike.

The post The 10 key reforms that can close America’s cybersecurity gaps appeared first on CyberScoop.

Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency looks to be over following his exclusion from a Senate vote Thursday to move forward on a panel of Trump administration picks.

Multiple senators placed holds or threatened holds on his nomination, some related to cybersecurity. But the hold from Sen. Rick Scott, R-Fla., appeared to be the biggest hurdle. With Plankey’s exclusion from the resolution to advance a bevy of nominees that got a key vote Thursday, procedural issues make it unlikely that he will be the nominee going forward, sources told CyberScoop. The administration would have to re-submit his name for nomination next year.

Scott’s hold was related to Department of Homeland Security Secretary Kristi Noem partially terminating a Coast Guard cutter program contract with Florida-based Eastern Shipbuilding Group, multiple sources told CyberScoop. The Government Accountability Office issued a critical report on the program.

While awaiting confirmation, Plankey, a 13-year Coast Guard officer, has been serving as senior adviser to the secretary for the Coast Guard. 

A spokesperson for Scott did not respond to a request for comment Thursday, and did not confirm information about his hold when asked for comment in recent weeks.

Sen. Ron Wyden, D-Ore., also had said he would place a hold on Plankey’s nomination until CISA released an unclassified report on telecommunications network security. CISA said in July it would release the report, but as of Thursday, the agency had not publicly done so.

North Carolina’s GOP senators, Ted Budd and Thom Tillis, also had placed a hold on DHS nominees over disaster relief funding for the state.

A single senator’s ability to hold up the nomination process made Plankey’s inclusion in a broader package  his best chance for advancing.

Plankey’s nomination had broad backing within the cybersecurity community. Backers have frequently called on the Senate to confirm him for CISA director.

Some Democratic senators voted against his nomination after a Senate Homeland Security and Governmental Affairs Committee hearing in July, however, where he faced tough questions from them about election security and the slashed workforce at the agency.

Bridget Bean, since departed from CISA, and Deputy Director Madhu Gottumukkala have served as acting director of the agency since the departure of Jen Easterly in January as the Biden administration ended. The agency is poised to go without a Senate-confirmed leader heading into a year where the Trump administration plans to kick off implementation of a national cybersecurity strategy.

The Trump administration has pulled back a historic number of nominees so far this year. But the Senate in September also confirmed 48 nominees all at once following a rules change intended to overcome Democratic objections to his picks.

The post Sean Plankey nomination to lead CISA appears to be over after Thursday vote appeared first on CyberScoop.

The Trump administration is aiming to release its six-part national cybersecurity strategy in January, according to multiple sources familiar with the document. The document, which is a mere five pages long, will possibly be followed by an executive order to implement the new strategy.

The administration has been soliciting feedback in recent days, which one source considered more of a “messaging” document than anything, with more important work to follow.

According to sources familiar with the strategy, the six “pillars” focus on cyber offense and deterrence; aligning regulations to make them more uniform; bolstering the cyber workforce; federal procurement; critical infrastructure protection; and emerging technologies.

An opening section of the draft offers a Trumpian call for a more muscular approach to cyberspace. Despite its short length — the Biden administration’s cybersecurity strategy was 35 pages long — it touches on a significant number of topics.

Those subjects include cybercrime, China, artificial intelligence, post-quantum cryptography and more.

National Cyber Director Sean Cairncross recently offered a preview of some of those themes and plans.

“As a top line matter, it’s going to be focused on shaping adversary behavior, introducing costs and consequences into this mix,” Cairncross said last month at the 2025 Aspen Cyber Summit. “It is becoming more aggressive every passing day, and as new technology is developed … and AI is folded into this next, it will become more aggressive.”

A source told CyberScoop the administration appeared genuinely interested in soliciting feedback on the strategy to incorporate or change.

The release date of the strategy is fluid. While the administration is targeting January, its publication might follow the broader national security strategy. Politico recently reported that the national security strategy had been delayed, but was still likely to be released this month.
Cairncross also recently talked about the broader approach of the strategy and what comes next.

“It will be setting the posture of the United States in this domain and things that we are driving toward, and we will have follow-on action items that will be in support of that strategy,” he said at the 2025 Meridian Summit.

The post Five-page draft Trump administration cyber strategy targeted for January release appeared first on CyberScoop.