Trump’s New Cyber Strategy

The long-awaited Trump Cyber Strategy has six policy pillars and sends a strong message to cyber offenders, but not everyone feels that the plan is enough.

On March 6th, 2026, the White House released the long-awaited national cybersecurity strategy for the new administration: President Trump’s Cyber Strategy for America. The document is far from the first from Trump’s term to change the nation’s cybersecurity posture; in his first week, he repealed previous executive orders on artificial intelligence (AI) and terminated the Cyber Safety Review Board. In March 2025, the White House released a National Resilience Strategy that addressed cyberattacks on critical infrastructure while also limiting any policies that would stop misinformation. Then, in June 2025, Trump signed a new cybersecurity executive order protecting domestic actors from being sanctioned for malicious cyber-enabled activities, which could also include election-related activities. The most recent publication echoes the previous stances of the Trump administration in cyberspace, although in a markedly brief memo.

The Strategy rests on six Policy Pillars:

1. Shape Adversary Behavior: In order to protect cyberspace and safeguard freedom for American citizens, companies, and allies, the administration “will deploy the full suite of U.S. government defensive and offensive cyber operations” to aggressively stop cyber adversaries and criminal infrastructure.
2. Promote Common Sense Regulation: The administration will work to streamline cybersecurity and data regulations such “that the private sector has the agility necessary to keep pace with rapidly evolving threats”, while protecting the American right to privacy.
3. Modernize and Secure Federal Government Networks: The best technologies and cyber practices, along with tools like post-quantum cryptography and zero-trust architecture, will be adopted into federal security and information systems. Any barriers to modernization will be removed.
4. Secure Critical Infrastructure: America’s critical infrastructure will be strengthened by a collaborative approach between federal and state governments to reduce supply chain risks by using U.S. technologies rather than “adversary vendors and products”.
5. Sustain Superiority in Critical and Emerging Technologies: The government will push for the security of cryptocurrency and blockchain technologies and innovation in AI security and AI-enabled tools at several levels.
6. Build Talent and Capacity: The administration plans to build a pipeline to develop cyber talent in the current and next cyber workforce, and “will eliminate roadblocks that prevent industry, academia, government, and the military from aligning incentives and building a highly skilled cyber workforce.” 
   

The strategy concludes by saying, “President Trump will continue showing those who harm our interests and attack our values in cyberspace place themselves at risk”, reflecting his words in the introduction that warns of serious consequences for threat actors: “Our warriors in cyberspace are working everyday to ensure that anyone who would seek to harm America will pay the steepest and most terrible price.” The threatening message was doubled by an executive order on combatting cybercrime released on the same day. This prevailing theme made headlines in the public reaction to the strategy.

Compared with the Biden-Harris 2023 National Cybersecurity Strategy, President Trump’s strategy is not a complete departure from previous approaches to cyber. While the former strategy doesn’t promise “the steepest and most terrible price” for offenders targeting the US, the first two pillars are “Defend Critical Infrastructure” and “Disrupt and Dismantle Threat Actors”, which are themes that also appear in the Trump plan. Trump’s sixth Pillar, “Build Talent and Capacity”, appears to be a continuation of the final strategic objective under the fourth pillar of the 2023 strategy, “Invest in a Resilient Future”. Building up the cyber workforce was a key part of the Biden-Harris Administration’s cyber strategy, with then National Cyber Director Harry Coker Jr. launching “Service for America” to recruit cyber employees from nontraditional (i.e, not computer science) backgrounds.

Curiously enough, President Trump’s Cyber Strategy doesn’t mention any department or agency working to support the strategy, not even the nation’s main cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA). CISA has faced serious changes to its own workforce since Trump started his second term in January 2025, with difficulties operating since losing nearly a third of its staff (about 1,000 people) to budget cuts spearheaded by Elon Musk’s Department of Government Efficiency (DOGE). The agency, which recently changed its last acting director for another interim one, is also still losing experienced leaders in 2026.

The public reaction to the 2026 Cyber Strategy has been mixed, with some praising the timing of the strategy and others criticizing its vagueness. Frank Cilluffo, the director of Auburn University’s McCray Institute for Cyber and Critical Infrastructure Security, said on Friday that “Today, all eyes are focused on Iran and its proxies flexing their cyber muscles. This unified strategy determining a direction on offensive and defensive cyber operations and collaboration couldn’t be more timely.” Bennie Thompson, a ranking member of the House Homeland Security Committee, said: “Completely lacking is even the most basic blueprint for how the Administration will go about achieving any of its cybersecurity goals.”

The Office of the National Cyber Director (ONCD) is expected to guide the implementation of the cyber strategy, following up on their uncredited help in creating the strategy. An implementation strategy from ONCD may provide the details that many people were hoping for in the original strategy. In any case, any updates on the nation’s cybersecurity posture will continue to be highly anticipated since the US and Israel started a partially cyber-enabled war with Iran. Already, Iran-linked hackers are targeting US companies, like Michigan-based medical technology company, Stryker. Hopefully, the release of this new strategy will guide a stronger cyberdefense as the terms to end the war are only just being discussed.