Closing the implementation gap in America's cyber strategy

For too long, nation-state hackers have operated with impunity, breaching critical infrastructure, stealing intellectual property, and crippling businesses with ransomware attacks.

The asymmetry has been stark: adversaries backed by foreign governments face minimal consequences, while American companies fight these battles largely on their own.

The Trump administration's national cyber strategy represents a fundamental reset. The strategy will enlist private companies in more aggressive efforts to counter criminal and state-sponsored hackers.

The Trump cybersecurity strategy seeks to empower the private sector to partner with the administration to defend American IT and OT environments, while enabling a robust, collective response to deter nation-state hackers.

From Soft Power to Hard Power

The strategy clearly ties cybersecurity to our larger national security strategy, and we should applaud this integration.

Going from a more cautious to a more aggressive stance, from doing more across the board with regulations to doing less and using more hard power, coupled with diplomacy.

While soft power tactics have a role to play, they must be backed by hard power, which is clearly articulated in this strategy.

Bad actors can expect greater government and private sector collaboration, greater focus on cybercrime, and more investigations and convictions from the Department of Justice.

This forward-leaning posture can change adversary calculations.

Empowering the Private Sector

This administration is focused on streamlining existing regulations and ensuring that any new regulations will improve our nation’s level of security, while bringing the private sector in more collaboratively.

The private sector has the tools, the people, and the skill sets to make a real difference. However, a meaningful partnership requires addressing real-world constraints while ensuring Americans are appropriately protected.

Corporate general counsels will require clear liability protections and other assurances before companies can fully participate in a more aggressive partnership with the government. Broad-based liability protections will need Congressional action—which likely means navigating trial lawyers and securing 60 votes in the Senate.

At a minimum, the Administration can provide guidance to the private sector, leveraging existing authorities, to build more confidence for the private sector to act in a collaborative manner with the government.

Intelligence Sharing: The Foundation of Partnership

Administrations have talked about getting the intelligence community to do a much better job of rapidly and efficiently sharing threat data with the private sector.

The more contextual, situational information we can get from the government and the intelligence community to mix and match with our data, the better off we are able to help defend our nation.

Reauthorizing CISA 2015—the information-sharing law that underpins cyber threat intelligence exchange—and adding additional protections to enhance partnership and deter nation-state hackers will support the success of the Administration's strategy.

Timely collaboration with the private sector when things are happening, so actions can be taken, can fundamentally change the speed and effectiveness of our response to nation-state attacks.

Building for the Long Term

The strategy recognizes that improving the entire IT security ecosystem requires sustained focus. Several long-term initiatives deserve attention:

- addressing the cyber talent gap through expanded training programs;

- harmonizing cybersecurity requirements across sectors;

- more focus on interoperability of cybersecurity solutions being mandated;

- promoting fair and open competition for cybersecurity contracts;

- funding DHS cybersecurity grants for state and local jurisdictions;

- and energizing public-private partnerships such as JCDC, NSTAC, and sector-specific coordinating councils.

The strategy's emphasis on artificial intelligence aligns with technological reality. Using agentic AI to enhance the defensive capabilities of our agencies and the private sector allows us to go toe-to-toe with threat actors. Tomorrow's cyber conflicts will be fought at machine speed.

The direction is right. The next three years will determine whether this strategy's ambitious vision translates into the hard power capabilities needed to deter our most capable adversaries. The framework is sound. Now comes the difficult work of implementation.

We've featured the best firewalls for small businesses.