The Trump administration launched its long-awaited cyber strategy over the weekend, pledging to “maintain an edge” in emerging security areas such as post-quantum cryptography and artificial intelligence.
The White House said securing American innovation and protecting its current intellectual advantage is paramount.
“We will build secure technologies and supply chains that protect user privacy from design to deployment, including support for the security of virtual currencies and blockchain technology. We will accelerate the adoption of post-quantum cryptography and secure quantum computing,” the White House said.
The so-called “Q-day” that the cyber industry fears has yet to materialize, but the age of quantum computing, which promises to defeat many traditional cyber defenses, may be closer than anyone thinks, and efforts to prepare for it are accelerating around the world, led by the UK’s National Cyber Security Center (NCSC).
Regarding AI, President Trump has pledged to secure the entire technology stack supporting AI, including data centers, and foster innovation in this area. In addition to deploying and promoting agent capabilities to expand network defenses, the United States said it will rapidly deploy AI-enabled cyber tools to detect, circumvent, and deceive threat actors. On the world stage, he said he would work with allies to ensure both agent and generative AI are used in ways that address innovation and “global stability,” while ensuring the data and models that support U.S. leadership in this area. “And we condemn and discourage the proliferation of foreign AI platforms that censor, monitor, and mislead users,” the White House said.
More daring action?
The Trump administration accused its predecessors of “tinkering around the corner” and applying only partial measures and vague strategies that ignored the number and severity of the threats facing the United States.
The report reasoned that this would differ, reflecting the current administration’s “America First” rhetoric and acting decisively to protect U.S. interests in the cyber realm, including takedowns against cybercriminals, asset seizures, and cyber operations in support of recent military adventures. The report cited the use of cyber tactics in the January operation against Venezuelan President Nicolas Maduro and in the current war against Iran.
“Our adversaries realize that U.S. cyber operators and tools are the best in the world and can be deployed quickly and effectively to protect U.S. interests,” the White House said.
core policy
The overall strategy is shaped by six policy pillars:
- Shaping adversary behavior: Partnering with private sector security firms to deploy a complete suite of government defensive and offensive cyber operations.
- To promote common-sense regulation: Streamline cyber regulation, reduce compliance burdens, address liability, and engage with regulators and industry around the world, while emphasizing strong privacy controls for U.S. citizens’ data.
- Modernize and secure the federal network by implementing existing cyber best practices and emphasizing post-quantum readiness, zero trust, and cloud security.
- To protect critical infrastructure, prioritize hardening and defending networks for data centers, energy and utility operators, financial services organizations, hospitals, and telecommunications companies.
- To maintain an edge in critical and emerging technologies: Addressing post-quantum and AI as detailed above.
- And to build talent and capacity, we will develop a pipeline of cyber skills and address the barriers that currently prevent industry, academia, government, and the military from achieving this goal.
“This strategy defines the path that President Trump has pursued in cyberspace and the direction that the U.S. government will pursue with increasing influence. President Trump has acted to ensure that Americans, especially future generations, have a strong nation that is safe and protected and a future defined by individual freedom, economic prosperity, and opportunity,” the White House said.
“President Trump will continue to demonstrate that those who harm our interests and attack our values in cyberspace are putting themselves at risk.”
Michael Bell, founder and CEO of AI security platform Suzu Labs, said the White House’s six pillars are the right priorities.
“Post-quantum cryptography, private sector offensive operations, regulatory streamlining, AI security. All are right,” he said. “This strategy appears to be created by people who understand the threat landscape.
“But a strategy without a budget is just a press release. An implementation plan requires acquisition reform, real funding for the post-quantum transition, and a measurable timeline. That’s what differentiates policy from paper.”
Are gaps being overlooked?
Bell noted that the thousands of cyber professionals who have left U.S. government service of their own volition over the past decade, many of them with high-level security clearances, are retiring, and said the administration must first develop the ability to bring these people back into the organization.
“The strategy says, ‘Unleash the private sector,’ and that’s the right direction, but the contracting vehicles for rapid classified attack operations don’t yet exist. If we build them, we have real capabilities. Without that, the slogan doesn’t exist,” he said.
“The strategy is [also] Calling cyber human resources a strategic asset [but] The administration cut about 1,000 CISA employees who were responsible for disclosing vulnerabilities, explaining threats, and coordinating incidents. While the strategy promises public-private partnerships, the liability protections to make threat intelligence sharing work between government and industry have expired and not been replaced.
“At some point the budget has to match the strategy, otherwise the strategy means nothing,” he warned.
Doug Merritt, CEO of Aviatrix, which specializes in cloud workload protection, said that while the strategy document demonstrates the U.S. government’s recognition that cyber and national security have become inseparable, the plan also overlooks some pressing cyber gaps.
“The reality is that the very nature of cyber risk is fundamentally changing. Today’s most harmful attacks rarely begin at the perimeter; they move laterally across the digital fabric that connects workloads, applications, and services across cloud and hybrid environments,” Merritt said. “Their complexity and nuances are often underestimated outside of the security community.
“As geopolitical tensions increase and cyber operations increasingly involve dynamic conflict, securing the infrastructure that connects modern systems will require new approaches that build protection directly into the architecture itself.
“If you want a strategy like this to translate into real security outcomes, the next step is to close operational blind spots in the cloud,” Merritt said.
