The Trump administration published its "Cyber Strategy for America" on March 6, 2026. The seven-page document, paired with a new executive order targeting transnational cybercrime, commits the U.S. government to deploying "the full suite of defensive and offensive cyber operations" and warns that responses to cyberattacks will not be confined to cyberspace.
Five pages of the document contain actual policy text. For comparison, the Biden administration's 2023 National Cybersecurity Strategy ran 39 pages, and Trump's first-term strategy in 2018 covered 40. Administration officials told reporters the brevity was deliberate, with detailed implementation guidance to follow.
Six pillars structure the strategy. The first calls for shaping adversary behavior through offensive and defensive cyber operations, including private-sector incentives to "identify and disrupt adversary networks." The second promises "common sense regulation," with the document explicitly stating that cybersecurity "should not be reduced to a costly checklist."
This unified strategy determining a direction on offensive and defensive cyber operations and collaboration couldn't be more timely.
— Frank Cilluffo, director of the McCrary
Sean Cairncross signaled a review of SEC disclosure rules on March 9. The National Cyber Director said the administration would examine CISA's pending CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) reporting requirements as well. Both could be scaled back if deemed "overly burdensome."
Four more pillars round out the strategy. They cover federal network modernization with AI-powered intrusion detection, critical infrastructure defense, emerging technology security (including post-quantum cryptography and the full AI stack), and workforce development.
Redirecting resources from paperwork to AI-powered security capabilities is the only way to keep pace with modern threats and adversaries who operate at great speed.
— Bill Ruhl, VP of global government affairs at Palo Alto Networks
The accompanying executive order creates an operational cell within the National Coordination Center focused on transnational cybercrime. Federal agencies have 60 days to conduct an interagency review of existing frameworks and 120 days to deliver an action plan identifying responsible criminal networks. The Attorney General has 90 days to propose a Victim Restoration Program that would direct seized and forfeited funds to cybercrime victims. The Federal Trade Commission reported that Americans lost $12.5 billion to online fraud in 2024.
Diplomatic teeth back the strategy. According to Axios, the document directs the State Department to impose sanctions, visa restrictions, trade penalties, and expulsion of officials against nations that harbor cybercriminals. The One Big Beautiful Bill Act includes a $1 billion appropriation for offensive cyber operations, according to the law firm Covington and Burling's analysis.
The strategy departs sharply from the Biden-era approach. The 2023 strategy pushed mandatory compliance requirements for critical infrastructure and sought to shift liability to software developers for insecure products. The new document frames the private sector as a partner rather than a regulatory target. CISA, the agency responsible for executing much of any national cyber strategy, has lost roughly a third of its workforce under the current administration and currently has no Senate-confirmed director.
Have a story? Become a contributor.
We work with independent researchers and cybersecurity professionals. Send us a tip or submit your article for editorial review.