The White House unveiled its National Cyber Strategy on Friday, outlining the Trump administration’s cybersecurity goals for the rest of his term. 

The four-page document calls for more offensive cyber actions to be taken against criminal networks and adversarial governments. It also pledges to cut down on regulations around cybersecurity, to better protect federal networks and critical infrastructure, make security a focus of AI innovation and to create pilot programs to build out the cyber workforce.  

“We will dismantle networks, pursue hackers and spies, and sanction lawless foreign hacking companies,” the strategy said, while promising to “unveil and embarrass online espionage, destructive propaganda and influence operations, and cultural subversion.”

During the USTelecom Cybersecurity Innovation Forum on Monday, National Cyber Director Sean Cairncross reiterated a pledge outlined in the document to “impose costs” on nation-state actors as well as cybercriminals. He warned that the U.S.’ cyber adversaries “have and will increasingly feel the consequences of their actions.”

The plan faced backlash from members of Congress who questioned why it was so short and light on details. The Biden administration’s cyber strategy released in 2023 was 35 pages long and included corresponding implementation documents.

Rep. Bennie Thompson (D-MS), ranking member of the Committee on Homeland Security, slammed the strategy, calling it “impressively underachieving, even by the abysmal standards this Administration has set for itself.”

“What little ‘substance’ does exist in this pamphlet is a mishmash of vague platitudes, a long catalogue of ‘we will’ statements that may or may not match the Administration's current behavior, and, mercifully, an apparent extension of some Biden-era policies,” Thompson said. 

“Completely lacking is even the most basic blueprint for how the Administration will go about achieving any of its cybersecurity goals – an objective possibly hamstrung by the hemorrhage in cyber talent across all federal agencies since Trump took office.”

A spokesperson for Thompson said it is unclear if the White House plans to release a longer document with more details.

The document also lauded recent offensive cyber successes of the Trump administration — including the seizure of $15 billion worth of bitcoin from Cambodian scam company Prince Group and purported offensive cyber actions taken during the military operation to detain former Venezuelan president Nicolas Maduro. 

Pilot programs and regulatory harmony

At the forum on Monday, Cairncross said several pilot programs will be launched in an effort to enact the initiatives outlined in the strategy. 

Sections of the document focus on hardening the defenses of the federal government, and Cairncross explained that they plan to roll out a cross-agency program that will deploy new cybersecurity technology more quickly. 

The private sector will also be given “incentives” to identify and disrupt adversary networks alongside U.S. government defensive and offensive cyber operations.

“Defending cyberspace and safeguarding freedom is a collective effort — the distribution of cost and responsibility must be fair across the U.S. and allies who share our democratic values,” the strategy explained. “We will work together to create real risk for adversaries who seek to harm us, and impose consequences on those who do act against us.”

The plan would “remove burdensome, ineffective regulations” and “modernize our information systems so that old infrastructure does not choke innovation.”

Cyber defense “should not be reduced to a costly checklist that delays preparedness, action, and response,” the strategy said.

On Monday, Cairncross spotlighted the SEC disclosure rule, which requires public companies to disclose cyber incidents within four business days of their discovery, and the upcoming Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) as regulations that needed to be addressed. 

“We're trying on CIRCIA to make sure that that meets congressional intent. We're working to make sure that the SEC disclosure rule makes sense for industry and is practical,” he said.

“We're not looking to push a compliance checklist onto industry so that the government can essentially blame shift and say, ‘Well, you didn't do enough,’” he added. “We're looking to work together to say, ‘What do we need to do to better protect industry from foreign adversaries and criminals, and how can we create the space for industry to react?’”

Cairncross noted that while they plan to reduce the regulatory burden, they expect the private sector to elevate cybersecurity to the CEO and boardroom level. The federal government will also do its part to “elevate the importance of cyber in government leadership” while deploying post-quantum cryptography and AI-powered cybersecurity solutions to defend federal systems. 

That defense extends to the country’s critical infrastructure, much of which is privately owned. The strategy calls for a “move away from adversary vendors and products, promoting and employing U.S. technologies.” 

Cairncross also said the U.S. government plans to launch state-specific pilot programs for critical infrastructure sectors like water, agriculture, rural hospitals and more. 

Another focus of the strategy is securing the artificial intelligence technology stack, including AI models and data centers, although the plan did not provide any specifics on what measures would be taken to do so. 

Cairncross hinted at a Biden-era style “secure-by-design” effort that would push artificial intelligence companies to operate with a baseline of cybersecurity standards as they build out models and AI systems. He did not say what standards would serve as the baseline or go in depth on what that would look like. 

The plan also calls for a cybersecurity workforce pipeline that better develops talent. Cairncross said they are putting together an interagency program that would create a cyber academy accelerator. 

“This academy will knit together, under one unified strategy, all the existing cyber programs within government right now to harness and scale it with private capital,” he said. 

In November, Cairncross said the National Cyber Strategy would be paired with a document outlining action items and deliverables but it is unclear when that will be released. 

The Biden administration’s national cyber strategy in 2023 came with an action plan as well as a budget document that explained how initiatives would be funded across the U.S. government.