National Cyber Director Sean Cairncross expects more executive orders coming from the White House as part of implementing the national cybersecurity strategy, he said Wednesday.

Staffers on Capitol Hill and others in the cyber world have been awaiting the implementation guidance the Trump administration had proclaimed would come to accompany the strategy  published last month.

Asked at a Semafor event about whether that would include executive orders, Cairncross answered, “I think that that’s the case.”

The administration released an executive order on fraud the same day it released its cyber strategy on March 6. Some of that order touched on cybercrime.

“This is rolling forward actively, and you should expect that there will be more execution and action in line with our strategic goals,” he said.

Cairncross cited another administration activity that fit into the strategy, such as the first conviction last week under the Take It Down Act, a law First Lady Melania Trump advocated for that seeks to combat non-consensual AI-generated sexually explicit images, violent threats and cyberstalking.

He declined to preview any future implementation plans, and said he expected they would be coming “relatively soon.”

A centerpiece of the administration strategy is confronting adversaries to make sure they suffer consequences for their hacking of United States targets.

Cairncross wouldn’t say explicitly if Trump, in his visit to Beijing next month, would address Chinese hacking.

“When we start to see things like prepositioning on critical infrastructure, that is something that needs to be addressed,” he said. Pressed on whether that meant cyber would be on the agenda during the visit, Caincross said, “I would expect that the safety and security of the American people will be first and foremost, as it always is for the president.”

Cairncross touted American ingenuity for producing an artificial intelligence model like Anthropic’s Claude Mythos, rather than it developing under U.S. cyber rivals like China or Russia. He acknowledged reports about the administration holding meetings about the cyber risks and benefits of something like Mythos — “the model right now that everyone’s talking about” — adding that the administration is looking to balance the dangers and positive capabilities of AI in cyberspace.

“I would say from the White House perspective, we are working very closely with industry,” Cairncross said. “We’ve been in close collaboration with the model companies across the interagency to make sure that we are evaluating and doing this.”

The post Executive orders likely ahead in next steps for national cyber strategy appeared first on CyberScoop.

National Cyber Director Sean Cairncross said Tuesday that the Trump administration isn’t aspiring to enlist the private sector to conduct offensive cyber operations, but instead to help the government by keeping them abreast of the threats they’re facing.

The recently-released national cyber strategy talks about incentivizing companies to disrupt the networks of adversaries.

“I’m not talking about the private sector, industry or companies engaging in a cyber offensive campaign,” Cairncross said at an event hosted by Auburn University’s McCrary Institute. “What I’m talking about are the technical capabilities, the ability of our private sector to illuminate the battlefield from what they’re seeing, to inform and share information so that the USG [U.S. government] can respond to get ahead of things.”

The idea of enabling U.S. companies to undertake disruptive or offensive campaigns against malicious hackers, or to at least aid in U.S. government offensive operations, has regained currency in some GOP circles in recent years. Some companies have shown an interest in doing so, especially if laws are changed to make it more viable.

That trend coincides with growing calls from Trump administration officials — and now the release of the cybersecurity strategy — to go on the offense against hackers, although Cairncross emphasized again that the strategy pillar to “shape adversary behavior” isn’t just about conducting cyber offensive campaigns, but to use other government mechanisms to put pressure on hackers, be they legal or diplomatic.

The government can go about shaping the “risk calculus” “in a more agile fashion” with private sector help, he said.

There’s an enormous amount of capability on the private sector side, and now we have a spear from the United States government… we are looking for real partnership,” Cairncross said.

One way the U.S. government has sought to bring the fight to cyber adversaries is the FBI’s “joint sequenced operations,” used to degrade their capabilities. Speaking at the same event, the head of the bureau’s cyber division said the private sector was key to those operations as well.

“Every one of the joint sequenced operations that the FBI conducts to remove that capacity and capability that I talked about — from the Russians, from the Chinese, from the Iranians and others — happens because a victim came forward and engaged the FBI,” said Brett Leatherman.

“One takeaway for everybody here is ‘What is your game plan in the event of a breach to engage your local FBI field office?’” he asked. “I would proffer there’s very little liability in doing so, and we’re happy to have conversations with your outside or inside counsel, but there’s a tremendous amount to be gained by doing that.”

The post Trump administration isn’t pushing companies to conduct cyber offense, national cyber director says appeared first on CyberScoop.

The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.

The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.

“Sure, that’s part of it, but that’s not all of it,” he said at an event hosted by USTelecom. It will include diplomatic efforts, arrests and more, he said. “As President Trump has made clear, he expects results, and he’s empowered the team under him to go get them.”

A series of pilot programs will be catered to specific critical infrastructure industries in specific states, such as water in Texas and beef in South Dakota, Cairncross said. Different sectors operate at more or less mature levels, he said.

“One of the things that we are working to do is to align those sectors and prioritize those sectors in a way that makes sense,” he said.

Cairncross said the administration wants to share information with industry better, and will be looking as well at revising regulations in some instances. One of those instances is the Securities and Exchange Commission’s 2023 incident disclosure rule, which drew some of the most vehement industry opposition under the Biden administration’s’ pursuit of cyber regulations. The idea is to make sure they “make sense for industry,” Cairncross said.

But the administration also will have things it seeks from the private sector. That will include bringing together CEOs and sending the message to them that “you need to dedicate some real resources,” he said.

Cairncross has spoken before about wanting to establish an academy to address education and training in a nation with persistent cybersecurity job openings, but there’s more attached to it, he said.

The effort, which Cairncross said the administration would release details on soon, will also include a foundry (which “will be able to scale with private capital new innovation, and deploy it more quickly”) and an accelerator (“so when there’s preceded financing on on projects to really ramp that up and be able to scale as well and overcome some of the procurement hurdles that are often based in in this space”).

Cairncross said at a second event Monday that another forthcoming step was a law enforcement pilot program to better share information with state and local governments.

“We’re looking for ways to streamline information sharing from the USG side,” Cairncross said at a Billington Cybersecurity event, using the acronym for “U.S. government.” “Often, ‘how’ we know things is extremely sensitive, ‘what’ we know is less so,” he said. The goal is “to figure out how to communicate that in a helpful, actionable way.”

Updated, 3/9/26: to include comments about law enforcement pilot program.

The post Sean Cairncross lays out what’s coming next for Trump’s cyber strategy appeared first on CyberScoop.

Flights canceled. Emergency rooms shut down. Centuries-old companies shuttered.

Ransomware and other similar cyberattacks have become so routine that even those serious human and economic consequences are often overlooked or easily forgotten.

This lack of focus is dangerous.

As former leaders of FBI and CISA cyber units, we’ve seen cybercrime ripple through communities – disrupting critical services, destroying jobs, and sometimes costing lives. Today’s ransomware numbers tell a stark story. The Department of Homeland Security reported more than 5,600 publicly-disclosed ransomware attacks worldwide in 2024, nearly half of them in the United States. The FBI found that ransomware incidents increased nearly nine percent year over year, with almost half targeting critical infrastructure. Attacks on these organizations pose the greatest threat to national security and public safety.

Despite this trend, we’re cautiously optimistic about the administration’s new National Cyber Strategy. It focuses on protecting critical infrastructure and stopping ransomware and cybercrime—threats it correctly elevates to top-tier national security threats.

But success requires sustained action across government and industry. Adversaries are evolving faster than defenses: ransomware attacks now average $2.73 million per incident, driving annual losses into the billions. Attackers have compressed their operations from weeks to hours, disabling Endpoint Detection and Response (EDR) tools and leaving defenders almost no time to stop an attack.

Basic cyber hygiene still matters. But it’s no longer sufficient. Attackers steal valid credentials, exploit known vulnerabilities, disable tools, and move laterally at machine speed, now accelerated by AI. They need a stunningly low level of technical expertise to do so, and AI tools are increasing the speed and scale of their actions.

Our defenses must keep pace with evolving threats. Protecting national security requires immediate action. Automating cyber threat information sharing offers clear benefits, but government agencies need significant structural and technological upgrades before they can effectively share data. This requires sustained investment and oversight.

The government does not have to do this alone. Industry and academia possess tools that could mean the difference between progress and revisiting this same conversation four, eight, or twelve years from now. Forums like CISA’s Joint Cyber Defense Collaborative (JCDC), the National Cyber Investigative Joint Task Force (NCIJTF), and NSA’s Cyber Collaboration Center (CCC) have demonstrated that information fusion and joint operational planning can work. But overlapping missions and unclear playbooks leave companies guessing what to share, when to share it, and with whom. These forums and underlying collaboration mechanisms must be resourced, deconflicted, and made predictable.

Despite the noble efforts of government agencies to share behind-the-scenes and interact with industry with one voice, the current structure remains fragile and dependent on personal relationships. We simply cannot afford this fragility or inefficiency, particularly in an era of constrained government cyber resources and escalating threats.

Effective protection of critical infrastructure requires focused collaboration. The administration’s strategy rightly emphasizes this, but narrowing this focus will not be easy. For years, the government has tried to cover sixteen sectors and hundreds of thousands of entities equally—an impossible task. Equal attention for all is unrealistic. Looking back, we wish we had prioritized more strategically during our time in government.

Prioritization is politically difficult, but operationally necessary. When everything is critical, nothing truly is. For the most important critical infrastructure, we must focus on resilience—ensuring systems can withstand attacks and recover quickly—rather than assuming we can prevent every breach.

The government can take concrete steps now to disrupt the ransomware ecosystem. Ransomware has cost American lives; designating certain ransomware actors and their enablers as Foreign Terrorist Organizations could unlock more powerful sanctions, diplomatic action, and intelligence operations. Sensible regulation holding cryptocurrency exchanges accountable for knowingly laundering ransomware proceeds could weaken criminal business models while strengthening legitimate digital asset markets in the U.S. and allied nations.

The technology and cybersecurity industry has responsibilities, as well. Industry must share actionable intelligence where legally permitted, pressure-test government programs with candid feedback, and support reauthorization of the Cybersecurity Information Sharing Act of 2015.

We all must do our part. Every day that passes without us confronting these critical questions is a gift to our adversaries. This will only be exacerbated by advancements in AI. We are hopeful that the release of this administration’s National Cyber Strategy will spark much-needed debate and decisions about the role of the government and industry in advancing our nation’s cybersecurity and resilience.

Cynthia Kaiser is senior vice president of Halcyon’s Ransomware Research Center. She was formerly Deputy Director of the FBI’s cyber division.

Matt Hartman serves as chief strategy officer at Merlin Group, where he is focused on identifying, accelerating, and scaling the delivery of transformative cyber technologies to the public sector and critical industries. Prior to this role, Matt spent the last five years serving as the senior career cybersecurity official at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security.

The post We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it. appeared first on CyberScoop.

The Trump administration wants to boost the use of artificial intelligence for security in a way that doesn’t increase the number of targets for adversaries to attack, a top official with the Office of the National Cyber Director said Thursday.

The administration will “promote the rapid implementation of AI enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors,” Alexandra Seymour, principal deputy assistant cyber director for policy, said at CyberTalks, presented by CyberScoop. “We want to ensure that as Americans, companies and agencies deploy AI to defend themselves, they are not inadvertently making themselves more vulnerable by widening the attack surface.”

Overall, “We’re working with our interagency and White House colleagues to promote AI-driven success while addressing concerns about AI security and countering AI abuse by adversaries,” she said.

The focus on AI is expected to get further attention from a forthcoming national cyber strategy and the implementation of that strategy due to follow.

“We are prioritizing rapid but secure AI development and diffusion,” Seymour said. “From the start, we will support a full range of counter-AI efforts, assuring our frontier models and countering adversary AI that controls or threatens citizens.”

Seymour reiterated how that means promoting U.S. AI cybersecurity standards and norms, but also  “establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools.”

One of the six pillars of that forthcoming strategy is focused on strengthening the cybersecurity workforce. The administration wants to consolidate existing efforts, drawing on the work of companies, government, academia, vocational schools and venture capital, Seymour said.

The administration wants to align “curriculum, workforce standards, cyber literacy, awards and job placement,” she said.

Seymour said one thing the administration hopes to emulate is Israel’s Unit 8200, an intelligence arm of the Israeli government that counts cyberwarfare among its missions. Its practices for training young talent includes boot camp-like classes and exercises.

“The White House does not want to reinvent the wheel, because we recognize the magnitude of great work in the space across the public and private sectors to train and upskill the cyber workforce,” Seymour said. “Rather, we hope to bring these existing resources all together to build a workforce pipeline that is clear, accessible and responsive to cyber skill gaps, including those related to emerging technologies such as AI and quantum.”

The Trump administration has shed personnel at major cyber agencies across the government.

The post ONCD official says Trump administration aims to bolster AI use for defense without increasing risk appeared first on CyberScoop.

The Trump administration needs help from industry to reduce the cybersecurity regulatory burden and to back important cyber legislation on Capitol Hill, among other areas, National Cyber Director Sean Cairncross said Tuesday.

“You know your regulatory scheme better than I do: Where there’s friction, where there’s frustration with information sharing, what sort of information is shared, the process through which it’s shared,” he said. “It is helpful for us to hear that and have that feedback so that we can address it, engage it and try to make it better.”

The Trump administration is interested in being a partner with industry rather than a “scold,” Cairncross said at an Information Technology Industry Council event. The Biden administration sought to impose more cybersecurity rules on the private sector than prior administrations.

Cairncross also called on industry to help pass the Cybersecurity Information Sharing Act of 2015, which has expired and dealt with short-term extensions in recent months as Congress stalls on what to do with a law that provides legal protections to companies that share cyber threat data with the government and each other.

The Trump administration would like to see the law extended as-is for 10 years.

“What we need from industry is an echo chamber up on the Hill to help make that happen,” he said. “I can go tell people how important this is, or the White House can weigh in, and we have done that. But when the people who are actually affected by this start to weigh in with members, that has an even greater impact.”

Overall, Cairncross wants industry to “show up and engage,” he said, as the administration has done with its forthcoming cybersecurity strategy, something he said would be rolled out “sooner rather than later.”

“Reach out to us,” he urged. “We will certainly be reaching out how we have gone about this strategic piece of this. Just from the outset, we have had a heavy industry engagement side of this and looked for feedback and thoughts. It’s been extremely helpful, and hopefully it has been successful in sending the message that we want to, which is, we are here to do everything we can to partner with industry.”

The post Sean Cairncross’ cybersecurity agenda: less regulation, more cooperation appeared first on CyberScoop.

The U.S. government wants the rest of the world to adopt its artificial intelligence cybersecurity standards, a top official with the Office of the National Cyber Director said Thursday.

As part of an effort to advance American AI, the administration will be “undertaking diplomacy efforts to promote American AI cybersecurity standards and norms, establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools,” said Alexandra Seymour, principal deputy assistant national cyber director for policy.

Seymour’s comments at the 2026 Identity, Authentication, and the Road Ahead Policy Forum in Washington, D.C. partially reflect the  Trump administration’s AI Action Plan released last summer, which said the departments of Commerce and State would “vigorously advocate for international AI governance approaches that promote innovation, reflect American values, and counter authoritarian influence,” but doesn’t explicitly mention international promotion of cybersecurity standards.

Some of that effort has already materialized, with internationally oriented guides released in both May and December. The United States also isn’t the only one looking to influence international standards for AI security.

AI also figures into the yet-to-be-released national cybersecurity strategy that Seymour’s office has been developing. And it dovetails with a pillar of the strategy focused on defending federal networks.

“While AI is already helping industries enhance security and address the challenge of escalating cyberattacks, this administration will promote the rapid implementation of AI-enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors on our federal systems,” Seymour said. “We must get our house in order. They need rapid modernization, and we’re working on policies to harden our networks, update our technologies and ensure we’re prepared for a post-quantum future.”

The post US wants to push its view of AI cybersecurity standards to the rest of the world appeared first on CyberScoop.

The Trump administration is rescinding a Biden-era memo that was intended to help agencies buy secure software, with the current Office of Management and Budget saying it relied on “unproven and burdensome” processes.

A former Biden administration official said the move is “the first major policy step back that I have seen in the administration on a cybersecurity front.”

At issue is the 2022 OMB memo titled “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,” M-22-18. The administration rescinded the memo Friday.

That memo led to the creation of a common “Secure Software Development Attestation Form” for government agencies that contractors had to use to vouch that their software adheres to a set of security practices. Agencies couldn’t buy from software vendors that couldn’t attest to the security of their products.

“Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency’s network,” OMB Director Russell Vought wrote in a brief memo Friday to agency heads. “There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment.”

Nick Leiserson, who served as assistant national cyber director for cyber policy and programs under Biden’s Office of the National Cyber Director, told CyberScoop that rescinding the 2022 memo was a step backward because the memo was meant to use government purchasing power to influence the market, and its repeal “is not good for the security of government systems and for the software that’s used throughout the whole U.S. economy.”

The memo stemmed from the first Biden administration executive order, a response to the major SolarWinds breach that led to agencies being penetrated by alleged Russian hackers, among other notable cyber incidents.

Rescinding it leaves nothing in its place, said Leiserson, now senior vice president for policy at the Institute for Security and Technology, at a time of rising exploitation of software vulnerabilities.

Friday’s decision doesn’t ban everything from the 2022 memo. Vought said agencies could use the common attestation form if they choose; agencies must “maintain a complete inventory of software and hardware and develop software and hardware assurance policies and processes that match their risk determinations and mission needs”; and that agencies could adopt contract terms that require software makers to provide a list of software ingredients, known as a software bill of materials, upon request.

Lieserson disputed the idea that the 2022 memo was burdensome, based on government estimates that the common form would consume three hours and 20 minutes of paperwork. And Leiserson said rescinding it goes against the Trump administration’s goal of deconflicting a tangle of cybersecurity rules: In the place of one common form for all contractors, agency-by-agency forms will increase the regulatory burden.

The Trump administration had previously signaled a desire to roll back other cybersecurity directions for agencies from President Joe Biden.

The post OMB rescinds ‘burdensome’ Biden-era secure software memo appeared first on CyberScoop.

Senate Intelligence Committee Chairman Tom Cotton is raising the spectre of foreign adversaries playing too heavy a role in open-source software, and asking the national cyber director to counter the risks.

The Arkansas Republican wrote to National Cyber Director Sean Cairncross Thursday, saying he was concerned about reports that “state-sponsored software developers and cyber espionage groups have started to exploit this communal environment, which assumes that contributors are benevolent, to insert malicious code into widely used open source codebases.”

Cotton cited last year’s alarms about a shadowy suspected nation-state hacker, Jia Tan, inserting a backdoor into a beta version of the compression utility XZ Utils. He also noted a Russia-based developer being the sole maintainer of a piece of open-source software (OSS) that’s in Defense Department software packages, and citations about Chinese tech companies Alibaba and Huawei being top OSS contributors.

“As the Office of the National Cyber Director holds responsibility for coordinating implementation of national cyber policy and government-wide cybersecurity, you are well-positioned to lead the U.S. government in addressing this cross-cutting vulnerability,” Cotton wrote. “I respectfully request that you take steps to build up the federal government’s capability to maintain awareness of provenance and foreign influence on OSS and track contributions from developers in adversary nations.”

Cotton’s letter adds to warnings from the Hill this year about the risks that Chinese involvement in open-source tech poses, following a letter from the House select committee on China on the subject to Biden-era Commerce Secretary Gina Raimondo. Legislation designed to improve open-source cybersecurity didn’t advance in the Senate after leading lawmakers introduced it in 2023.

The senator noted that open-source software is part of critical government and defense systems. Defense Secretary Pete Hegseth in July ordered the Pentagon’s chief information officer to take steps to guard against foreign influence in department technology.

“The DoD will not procure any hardware or software susceptible to adversarial foreign influence that presents risk to mission accomplishment and must prevent such adversaries from introducing malicious capabilities into the products and services that are utilized by the Department,” he wrote.

At the same time, a Trump administration executive order this year puzzled experts by deleting language from a previous Biden administration executive order emphasizing the importance of open-source software.

The post Senate Intel chair urges national cyber director to safeguard against open-source software threats appeared first on CyberScoop.

For decades, the United States government and private sector have worked tirelessly to secure cyberspace, yet our nation remains frighteningly vulnerable to a litany of cyberthreats posed by cybercriminals and foreign adversaries alike. Daily news reports of cyber intrusions ranging from criminal ransomware attacks to foreign state-sponsored intrusions into power, water, and other critical infrastructure systems are a constant reminder that “by almost every measure, the cybersecurity threat landscape is actually worse.” We can, and must, do better. To develop an effective national cybersecurity strategy, policymakers should consider the following ten points.  

Prioritize “Key Systems”

Policymakers should prioritize securing critical infrastructure whose cybersecurity failures could have catastrophic impacts on national security, economic security, public health or safety. Such systems include the electrical grid, water systems, ports, rail and air transportation as well as national, state, and local governments. 

Use Memory Safe languages for key systems

A fundamental cybersecurity problem stems from the widespread use of  software written in unsafe programming languages. These languages, developed in the early days of computing—before cybersecurity was even a consideration—were designed for efficiency, but are vulnerable to a class of programming bugs known as “memory safety errors.” 

Memory safety errors have been described as “today’s biggest attack surface for hackers” and are estimated to be responsible for nearly 70% of software vulnerabilities. Fortunately, today’s memory safe programming languages (e.g., Rust) are specifically designed to eliminate memory safety errors.

The federal government has developed a roadmap to help companies transition to memory safe code, and many companies have begun the journey. Accelerating this transition will significantly strengthen the nation’s cybersecurity.  

Apply formal methods for key systems

Memory-safe languages eliminate many software vulnerabilities but are not a cure-all.  Using “formal methods” offers even greater security. Formal methods rely on mathematical proof “to create ultra-secure, ultra-reliable software.” In fact, when the Defense Advanced Research Projects Agency (DARPA) used formal methods to program a military helicopter’s flight control computer, all subsequent hacking attempts failed.

Formal methods are currently in use by numerous leading technology companies, such as Amazon Web Services and Microsoft, and in high-assurance contexts, such as development of flight-control software. Implementation of formal methods requires some work, but the necessary tools are publicly available, the benefits are significant, and future advancements in automation will likely make implementation even easier. 

Establish resilient architectures

Migrating to resilient architectures based on “zero trust” principles will further strengthen the cybersecurity of key systems. Traditional security models automatically trust users within an organization’s perimeter.  In contrast, zero trust models trust no one by default. Taking a “never trust, always verify” approach, these models reduce the chance of breach by verifying every access request, regardless of where it originates.

Policymakers should ensure that zero trust architectures are established for key critical infrastructure through Congressional action and/or federal regulations akin to those already established for interstate electric transmission, railroads, and pipelines.

Build data resilience

Data resilience is the ability to keep data accessible and uncorrupted, even during a cyberattack. One effective way to improve data resilience is to back up key systems in the cloud—an approach Ukraine famously used just before Russia’s invasion. By migrating thousands of terabytes of critical government data to the cloud, Ukraine was able to maintain government operations despite intense kinetic operations and cyberattacks.

Defend proactively through threat hunting 

Policymakers should ensure that defensive cyber “threat hunting”—proactively searching networks for undetected cyberthreats—is conducted regularly undertaken on key networks.  Many key systems already receive threat hunting services through contracts with private firms, but policymakers should make sure that every key system is covered, potentially by establishing necessary baseline requirements. While private companies can provide much of this support, government agencies— such as the Coast Guard under its “Captain of the Port” authorities to protect critical port infrastructure—can also play a role. Finally, because defensive threat hunting on key networks serves the public interest, Congress should consider providing financial support, such as tax credits or dedicated budget allocations.

Coordinate government and private sector cybersecurity actions

Effective cybersecurity requires close collaboration between the government and the private sector. To ensure this coordination, a central body overseen by the National Cyber Director should be established. The NCD would act as a “head coach,” guiding efforts across both sectors, while leaving day-to-day operations to the organizations best equipped to handle them.

Establish “Regional Resilience Districts” 

Policymakers should support regional approaches to cybersecurity, which help manage risks across sectors in critical areas. Piloting regional resilience districts in places with major military installations, such as Charleston, South Carolina or the Houston ship channel, would strengthen cross-sector protection, limit cascading effects from cybersecurity failures, and improve recovery from major attacks.

Incorporate adversary disruption into cyber campaigns 

Policymakers should collaborate with key private sector firms to assess their ability to disrupt adversarial cyber attacks—for example, by banning entities that violate terms of service from their networks. They should then determine when and how private sector and government actions, whether individually or together, can most effectively contribute to disrupting adversaries.

Governments have previously worked with the private sector to take down criminal cyber organizations, sometimes using the Fourth Amendment’s asset seizure authority. Given the rise in cyber intrusions by both criminals (e.g., ransomware operators) and nation-state adversaries (e.g., China’s Typhoons), policymakers should consider expanding these efforts beyond asset seizure to include active disruption.

Capitalize on emerging technology 

Finally, policymakers should leverage the innovation pipeline—including expertise from industry, government, federal R&D centers, national laboratories, and academia—to effectively apply emerging technologies like artificial intelligence in support of both offensive and defensive cybersecurity missions. 

Cybersecurity policymakers have a unique opportunity to dramatically strengthen our digital defenses by following the ten steps outlined above. Implementing these measures will help safeguard national security, critical infrastructure, and the public good in an increasingly complex threat environment. The time for decisive action is now.

This op-ed is derived from the forthcoming Atlantic Council report by the authors on “Cybersecurity Strategy for the United States.”

Franklin D. Kramer is a distinguished fellow at and serves on the board of the Atlantic Council. He is a former assistant secretary of defense for international security affairs.

Robert J. Butler is the co-founder and managing director of Cyber Strategies LLC, served as the first deputy assistant secretary of defense for space and cyber policy, and served as the Chief Security Officer for IO Data Centers, a global data center enterprise, among other cybersecurity-related roles in both corporate and government organizations.

Melanie J. Teplinsky is an adjunct professor and senior fellow in the Technology, Law and Security Program at American University (AU), Washington College of Law.  She previously practiced technology law at Steptoe & Jonson LLP and served on the pre-IPO advisory board for CrowdStrike.

The post The 10 key reforms that can close America’s cybersecurity gaps appeared first on CyberScoop.

The Trump administration is aiming to release its six-part national cybersecurity strategy in January, according to multiple sources familiar with the document. The document, which is a mere five pages long, will possibly be followed by an executive order to implement the new strategy.

The administration has been soliciting feedback in recent days, which one source considered more of a “messaging” document than anything, with more important work to follow.

According to sources familiar with the strategy, the six “pillars” focus on cyber offense and deterrence; aligning regulations to make them more uniform; bolstering the cyber workforce; federal procurement; critical infrastructure protection; and emerging technologies.

An opening section of the draft offers a Trumpian call for a more muscular approach to cyberspace. Despite its short length — the Biden administration’s cybersecurity strategy was 35 pages long — it touches on a significant number of topics.

Those subjects include cybercrime, China, artificial intelligence, post-quantum cryptography and more.

National Cyber Director Sean Cairncross recently offered a preview of some of those themes and plans.

“As a top line matter, it’s going to be focused on shaping adversary behavior, introducing costs and consequences into this mix,” Cairncross said last month at the 2025 Aspen Cyber Summit. “It is becoming more aggressive every passing day, and as new technology is developed … and AI is folded into this next, it will become more aggressive.”

A source told CyberScoop the administration appeared genuinely interested in soliciting feedback on the strategy to incorporate or change.

The release date of the strategy is fluid. While the administration is targeting January, its publication might follow the broader national security strategy. Politico recently reported that the national security strategy had been delayed, but was still likely to be released this month.
Cairncross also recently talked about the broader approach of the strategy and what comes next.

“It will be setting the posture of the United States in this domain and things that we are driving toward, and we will have follow-on action items that will be in support of that strategy,” he said at the 2025 Meridian Summit.

The post Five-page draft Trump administration cyber strategy targeted for January release appeared first on CyberScoop.

A House Republican introduced legislation Tuesday aimed at deterring cyberattacks against the United States at a time when the Trump administration is prioritizing the punishment of malicious hackers.

Rep. August Pfluger, R-Texas, revived legislation he first sponsored in 2022, the Cyber Deterrence and Response Act. The legislation would direct the executive branch to formally designate foreign parties behind major cyberattacks against the United States as a “critical cyber threat actor” who would be subject to sanctions.  It also would establish a framework for attributing who’s behind cyber attacks, including contributions from cyber agencies and threat intelligence companies.

“As cyberattacks in the United States grow more sophisticated and widespread, we must ensure the Trump administration and all future administrations have a strong framework to hold bad actors accountable and safeguard our national security,” Pfluger said in a news release. “Protecting America’s critical infrastructure from malicious cyberattacks is essential, and this bill does exactly that.”

The legislation is the latest reflection of congressional dismay that began growing last year in response to the Salt Typhoon cyberespionage campaign that infiltrated telecommunications networks, and the sense that the United States wasn’t doing enough to make hackers pay for their behavior.

At a hearing Tuesday, Senate Commerce Chairman Ted Cruz, R-Tex., said the United States needs to do a better job of working “together to detect and deter attacks in real time.”

The Trump administration has said deterrence is one of the first pillars of its forthcoming cyber strategy.

The definition of “critical cyber threat actor” under Pfluger’s bill applies to hackers who disrupt the availability of computer networks, compromise computers that provide services in critical infrastructure, steal significant personal data or trade secrets, destabilize the financial or energy sectors or undermine the election process.

The president could waive sanctions against those designees if it explains its reasoning to Congress in writing, a common clause of sanctions legislation.

Pfluger’s measure is updated in some ways from its 2022 incarnation, such as by giving the Office of the National Cyber Director the leading role in designating critical cyber actors.

The legislation draws on bills that former Rep. Ted Yoho, R-Fla, introduced in past years. That legislation won House approval in 2018, but never advanced further.

The post Legislation would designate ‘critical cyber threat actors,’ direct sanctions against them appeared first on CyberScoop.

A forthcoming Trump administration cyber strategy will have six pillars, two of which will be deterring malicious hackers and partnering with industry, executive branch officials said Tuesday.

Top figures in the administration have been slowly unveiling details of the strategy, with a draft being currently reviewed by agencies. It reportedly is taking shape earlier in the second Trump administration than it did in the preceding Biden administration, which published its strategy in 2023.

National Cyber Director Sean Cairncross said the six-pillar strategy “is going to be a short statement of intent and policy, and then it will be paired very quickly with action items and deliverables.” The administration is striving “to make sure that there is a single, coordinated strategy in this domain, in a way that hasn’t happened before,” he said at the 2025 Aspen Cyber Summit.

One of those pillars is deterring U.S. adversaries in cyberspace and other kinds of attackers, like ransomware gangs.

“As a top line matter, it’s going to be focused on shaping adversary behavior, introducing costs and consequences into this mix,” Cairncross said.  “It is becoming more aggressive every passing day, and as new technology is developed … and AI is folded into this next, it will become more aggressive.”

There has been good work done toward responding to and mitigating ransomware attacks, he said, but that’s not enough.

“What we haven’t been good at is saying, ‘What can we do over the course of 12 months to really put a dent in the incentive to engage in this,’”Cairncross said. “Is it solvable? I mean, ‘No, is the answer. It’s a very high mark. But is it possible to raise costs in a way that people maybe want to find something more productive to do with their day?”

The FBI has taken a look at the entire strategy as the administration circulates it among federal agencies for consultation, said Brett Leatherman, assistant director of the bureau’s cyber division.

“Sean talks about shifting the burden to the adversary. That equals imposing cost on the adversary, and there are few agencies that can do that,” Leatherman said at the same conference, touting the bureau’s joint sequenced operations. “I think having a strategy like that really does rally the interagency around certain lines of effort.”

Another pillar of the strategy will focus on industry partnerships and include the streamlining of cyber regulations, Cairncross said. 

The goal is to make sure industry is “aware of what the USG [U.S. government] priorities are, sector by sector, the things that we would like to see protected, and then working with you to free up those resources to protect those assets,” Cairncross said.

Cairncross said the Israeli model of fostering innovative startups to take on cyber problems is one the United States should emulate.

Kemba Walden, who once served as acting national cyber director, said Cairncross is on the right track with the strategy by making sure it includes action lines and deliverables, but making sure the budget is there across agencies is important, too.

“A lot of government agencies have unfunded mandates,” said Walden, now president of Paladin Global Institute. The Trump administration has slashed federal government budgets and is seeking deeper cuts, including for cyber agencies and efforts.

Cairncross said some of his other priorities include modernizing the federal government and building up the cybersecurity workforce.

A cyber workforce initiative will focus on aligning incentives in industry and academia, including vocational schools. On modernization, the idea involves launching pilot programs for new technologies, speeding up procurement, and testing technologies at the national labs.

But Carincross didn’t give a timeline on the strategy or government modernization effort.

“We are pressing to get things moving as quickly as we can,” he said. “I am not a fan of dropping things out of thin air on people, and that includes everyone that we work with throughout government. So what we’re doing right now is socializing this. We’re getting feedback. We are moving this forward in a way that people are bought in honestly.”

The post Completed draft of cyber strategy emphasizes imposing costs, industry partnership appeared first on CyberScoop.

The Trump administration’s top cyber officials have emphasized the urgent need to take aggressive action to deter increasingly brazen foreign cyberattacks. Trump himself, however, has repeatedly brushed aside the notion that foreign cyber activity is anything even really noteworthy.

When Trump’s team talks about foreign hacking, be it China’s alleged massive cyberespionage campaign against telecommunications companies or its efforts to take root in U.S. critical infrastructure, they insist the actions can’t be tolerated and must be deterred.

“We need to find some way to communicate that this is not acceptable,” Alexei Bulezel, senior director for cybersecurity at the National Security Council, said in May when asked about the groups thought to be behind those campaigns, Salt Typhoon and Volt Typhoon.

More recently, last month, National Cyber Director Sean Cairncross cast a wider net about foreign adversaries who want to “do us harm,” saying, “To date I don’t think the United States has done a tremendous job of sending the signal, in particular to China, that their behavior in this space is unacceptable.”

Trump, by contrast, has framed all that differently, to the point of dismissiveness.

Asked in June about Chinese hacking of U.S. telecoms, theft of intellectual property and more, Trump answered, “You don’t think we do that to them? We do. We do a lot of things. … That’s the way the world works. It’s a nasty world.”

Asked in August about whether he would discuss alleged Russian hacking of U.S. courts with Vladimir Putin, Trump replied, “I guess I could, are you surprised? … They hack in, that’s what they do. They’re good at it, we’re good at it, we’re actually better at it.”

The gulf between what Trump says about cyber compared to what his top deputies say provokes a variety of reactions from cyber experts and former officials. It sends mixed signals to adversaries, some say, while others say it might just reflect facts of life about today’s cyber environment or a president who doesn’t behave or think conventionally.

At the same time, Trump’s casual messaging about cyber may reflect a broader trend of nations increasingly treating cyber operations as a routine instrument of power.

A need for consistency?

A lack of consistency between the president and his personnel muddles a clear message to adversaries, and downplaying cyberattacks is unwise, said Christopher Painter, who served as the top State Department cyber official under President Obama.

“Either cyber and cyberattacks are a priority or they’re not, and it’s [a] problem if you communicate they’re not serious by saying, ‘Oh, we don’t care now,” said Painter, now a nonresident senior adviser at the Center for Strategic and International Studies. Cyberattacks are serious, he said, and “We need to say it, and we need to be consistent about it, and we need to make sure we take it seriously. So I am concerned that it undermines the narrative that I think we need.”

Trump downplayed foreign cyber activity during his first term, too, both publicly and privately, in the latter case shunting away an adviser while the president tried to watch a golf tournament by saying “You and your cyber … are going to get me in a war — with all your cyber s—t.” According to Painter, Trump often links the issue to Russian interference in the 2016 presidential election, a subject he resents because he believes it undermines the legitimacy of his presidency.

But Painter also noted Trump wasn’t the first to downplay any kind of foreign cyber activity, with former Director of National Intelligence James Clapper remarking about the 2015 Office of Personnel Management hack, “You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

Clapper also drew a line between the OPM breach, which he said was “passive intelligence collection activity” and a full-fledged cyberattack. There’s a long-lasting debate over whether cyberespionage constitutes a cyberattack.

Trump officials, too, have emphasized they’re more worried about the activity of Volt Typhoon, with its potential for disruption, than that of Salt Typhoon, which is more espionage-focused.

Some analysts acknowledge that Trump has a point when he dismisses cyberespionage as a fact of modern life rather than something that requires retaliation. “My own experience says that it’s extremely difficult, if not impossible, to deter espionage,” said Michael Daniel, who held the White House’s top cyber position under Obama and is now president of the Cyber Threat Alliance.

Any threat in an attempt to deter cyberespionage has to be credible to be effective, said Erica Lonergan, an assistant professor at Columbia University’s School of International and Public Affairs. And there are a few things working against the United States making credible threats.

“We do it, because we all do it, and everyone knows we do it,” she said. Next, the potential consequence has to be more harmful than the value of cyberespionage, which is extremely useful to have. “We’re not going to go to war over cyberespionage. No matter how many times a member of Congress calls it an act of war or not, we didn’t go to war over the spy balloon.”

Yet other analysts read Trump’s comments on foreign cyber activity differently. He might have an aggressive reaction to a more clearly damaging attack than the incidents he’s downplayed, said James Siebens, a fellow with Stimson Center’s Strategic Foresight Hub.

“If we were talking about a genuinely destructive cyberattack that cost people’s lives, I would imagine that there would be a fairly forceful response,” said Siebens, who recently co-authored a study on cyber deterrence. “My view is that President Trump was doing something that he often does, which is to state plainly things that make people uncomfortable, but are nonetheless observable and rooted in an important truth.”

Richard Harknett, director of the Center for Cyber Strategy and Policy at the University of Cincinnati, took Trump’s recent remarks as a comment more on the potency of U.S. capabilities compared to its adversaries.

“It wasn’t sort of a complacency, it was more confidence,” said Harknett, who served as the first scholar-in-residence at United States Cyber Command and National Security Agency beginning in 2016. Of course, he said, “The president tends to speak in confident terms regardless.”

Daniel said that some  contradictions between Trump and his cyber team are to be expected. Different officials are bound to have differences of opinion, including in the Trump administration, which has hardly been a “paragon of consistency” in its messaging to the world, he said. Daniel added that deterrence is a challenge for every administration; throughout history, the United States has often threatened not to tolerate certain actions, but then failed to respond when those actions occurred. 

Several experts said they were willing to give the administration time to iron out any potential contradictions. Harknett said it’s hard to read too much into public comments alone right now. More important, Harknett and others said, will be what the administration says in a forthcoming cyber strategy.

A global trend?

Trump is not the only world leader in recent months to speak about his nation’s cyber activity in a more casual manner. At the beginning of this month, Chinese President Xi Jinping and South Korean President Lee Jae Myung joked about the security of a cell phone gift that Xi gave his counterpart, which ended in Xi quipping, “You can check if there’s a backdoor.”

It was “weird for Xi, especially because the Chinese are loath to ever admit they do anything,” Painter said, even if he was joking.

The openness about cyber doesn’t end there, extending to a number of cases where nations that historically haven’t pointed the finger at other countries over alleged cyberattacks are more willing to do so by releasing technical analyses.

“We’re starting to see more non-Western countries, and notably China, making attributions back now,” said Allison Pytlak, director of the Cyber Program at the Stimson Center think tank and the co-author of the deterrence report with Siebens. Singapore recently made its first cyber attribution as well.

Trump officials have been touting offensive operations, which used to be a topic of very little public discussion. And other nations have been growing more open about cyber operations, from Japan’s recent active cyber defense legislation to Australia establishing its own Cyber Command last year.

‘There is more openness about cyber in general, the strategic level, in terms of leaders being willing to talk about cyberespionage, cyber offense,” Lonergan said. “No one talked about cyber offense in the U.S. government for years.”

That openness could turn out to be a good thing, Pytlak said. It could “spark debate” in the public about the very nature of cyber, about the differences between the harm espionage causes and the kind of national security threat other kinds of activity poses.

The post While White House demands deterrence, Trump shrugs appeared first on CyberScoop.

At this very moment, nation-state actors and opportunistic criminals are looking for any way to target Americans and undermine our national security. 

Their battlefield of choice is cyberspace.

Cybersecurity is the preeminent challenge of our time, and threats to our networks impact far more than just our data––they impact the resilience of our communities, the continuity of our economy, and the security of our homeland. 

Widespread cyber intrusions by Salt Typhoon and Volt Typhoon continue to demonstrate the Chinese Communist Party’s unrelenting quest to steal intellectual property, surveil government officials, and pre-position themselves in our nation’s critical infrastructure to disrupt our way of life at a time of their choosing. Russia, Iran, and North Korea are also probing for vulnerabilities to exploit in our networks.

Any cyberattack can cascade across the essential services that Americans rely on every day—from our airports and hospitals to water treatment facilities, internet providers, and financial systems. Making America cyber strong is not a challenge for one agency or one sector. It is a whole-of-society mission.

As chairman of the House Committee on Homeland Security, I will work with the Trump administration to ensure our nation’s risk advisor, the Cybersecurity and Infrastructure Security Agency (CISA), succeeds in its core mission of protecting federal civilian networks and the critical infrastructure that supports our daily lives. 

The private sector owns or operates most of this infrastructure, and it is no surprise that cyberattacks against these services rose more than 30 percent from 2023 to 2024. Addressing these heightened threats requires more than reactive measures. It demands a proactive cybersecurity posture built on continuous collaboration between the government and industry. 

The Trump administration and Congress must ensure the private sector has a true seat at the table as we chart a course for long-term cyber resilience. Priorities should include preserving strong information sharing, reducing the duplicative and conflicting government compliance standards on businesses, bolstering the cyber workforce, supporting our state, local, tribal, and territorial government entities, and safely harnessing emerging technologies to enhance the capabilities of our cyber defenders. 

These solutions require urgency, but as Cybersecurity Awareness Month comes to a close, the government shutdown has also allowed for important cybersecurity tools to lapse. This lapse is undermining the important public-private sector relationship that underpins our collective defense. 

For the last decade, the Cybersecurity Information Sharing Act of 2015 provided an essential foundation for this partnership. The law enables industry to have honest and sensitive conversations with the federal government, and each other, about the threats facing our networks. This framework also protects the privacy and civil liberties of American citizens when cyber threat information is shared. There has been a tangible impact from these authorities: without this law, we would not know about threat actors, such as Salt Typhoon, compromising our privately-owned critical infrastructure systems. Senate Democrats must pass the House Republican clean continuing resolution to reopen the government and extend this critical authority. Then we must find a longer-term solution to preserve this cybersecurity tool while ensuring it remains relevant to the threat landscape.  

As America’s cyber professionals face heightened threats, they also face increased federal compliance standards. According to testimony before the House Committee on Homeland Security, which I now chair, “bank Chief Information Security Officers now spend 30-50 percent of their time on compliance and examiner management. The cyber teams they oversee spend as much as 70 percent of their time on those same functions.” 

Our cyber regulatory regime should incentivize meaningful security improvements and facilitate actionable information sharing. It cannot be designed in a way that drains resources or slows the ability of companies to respond to fast-moving threats. This year, the average cost of a data breach in the United States reached $10 million, roughly double that of the global average. The exorbitant cost is, in part, due to U.S. cyber regulatory costs.

Congress, in partnership with CISA and the National Cyber Director, must help harmonize duplicative and vague cybersecurity regulations across the federal government so cyber professionals spend less time on paperwork and more time doing what they do best: defending our networks.

Keeping our cyber defenders focused on our networks is vital, especially considering we already face a gap of 500,000 skilled professionals in our current workforce. Closing this gap and building a pipeline of highly skilled professionals across both public and private sectors is essential to meeting the nation’s security needs.

Where that gap persists, artificial intelligence (AI) can serve as a force multiplier for our cyber defenders. We have already seen how AI can significantly enhance threat hunting, response times, and pattern recognition in our networks. But adversaries, like China, are also investing heavily in AI to enhance their own offensive cyber operations, including attempts to compromise or weaponize AI models. That reality makes it crucial that security and safety considerations are built into every stage of AI’s development, deployment, and use.

At the same time, the federal government must avoid reactive and scattershot regulation as our nation’s AI innovators work to win the global AI race. It is important for Congress, the Department of Homeland Security, interagency partners, and the private sector to work together to ensure that we don’t fall behind our adversaries in AI innovation while safeguarding our national security and civil liberties.

Accomplishing any of these goals will depend on mutual trust and collective effort. With a new administration dedicated to restoring accountability in government, we must seize this opportunity to help rebuild Americans’ confidence in the federal cybersecurity and resilience mission.

Cybersecurity remains vital for the safety, security, and prosperity of the American people. We must decide the future of our national cyber defense before our adversaries decide it for us. 

Rep. Andrew Garbarino has represented New York’s Second Congressional District in Congress since 2021. He serves as chairman of the House Homeland Security Committee, and also serves on the House Ethics and House Financial Services Committees.

The post Government and industry must work together to secure America’s cyber future appeared first on CyberScoop.