Trump admin begins developing new cybersecurity strategy
Sean Cairncross, the national cyber director, said he’s looking to improve U.S. cyber strategy efforts by working with the private sector.
Justin Doubleday
October 31, 2025 5:27 pm
3 min read
The Office of the National Cyber Director is looking to engage industry as it starts to develop a new national cybersecurity strategy.
National Cyber Director Sean Cairncross, speaking at a conferenced hosted by Palo Alto Networks in Tyson’s Corner, Va., Thursday, said U.S. cyber efforts of the past have failed to “send a message” to China and other cyber adversaries.
“A failure to send a message creates an opening for a miscalculation, that opens the door for a larger problem,” Cairncross said. “And so what we are looking to do is to change that posture, so that that message is clear.”
The average cost of a data breach in the United States reached $10 million in 2025, double the global average, according to IBM.
]]>
And policymakers aren’t just concerned about the costs of data breaches and cyber espionage. U.S. officials have warned that nation-state hackers, including China, have hacked into American power, water and other critical infrastructure systems. They say they lie in wait to potentially disrupt those systems.
The Office of the National Cyber Director was created in 2021 to lead U.S. cyber policy efforts. The Government Accountability Office, in a September letter to Cairncross, encouraged him to improve U.S. cyber strategy efforts, including by laying out specific goals and implementation measures.
“Across the interagency, I think in the private sector and critical infrastructure sectors, there’s a real hunger to do this, to make sure that this happens,” Cairncross said. “It’s just that there has been no single coordinating authority, and cyber has not been raised to a strategic decision-making level in the past, and that’s something that we are looking to do, and hope to have an impact in this, in this domain that is lasting.”
One major challenge is that the most critical infrastructure in the United States is owned by the private sector. The Biden administration’s 2023 cyber strategy had emphasized baseline cybersecurity regulations for critical infrastructure and holding the tech industry to a higher standard when it comes to security.
But Cairncross took a different tone toward the private sector.
“I’m not trying to bring CEOs in and beat them over the head and say, do this, or we’ll regulate, or this is a mandate coming down from on high,” he said. “What I’m looking to do is to say where, where are the regulatory friction points in this domain that you deal with, what’s redundant, what’s become too much of a compliance checklist.”
Cairncross said the private sector should have to meet minimum standards for cybersecurity. But he says the White House wants to work with businesses to understand how cybersecurity could be better prioritized against existing regulations.
]]>
“Working to harmonize that regulatory structure, it’s incumbent on us to do that and work with you all to do that, hopefully as rapidly as we can,” he said. “But I see this as a true partnership between government and industry, and I think if we can get that in a place where everyone is sort of speaking the same language, it will be incredibly useful for hardening our resiliency.”
The Trump administration’s cyber strategy will also likely feature a focus on normalizing offensive cyber operations.
“We will be socializing things moving forward, and look forward to working with some of you here as we go through a strategy and an action plan and everything that follows on from that,” Cairncross said. “We’re looking for partnership from the private sector in every way we can, and in part that is feedback from you all.”
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
