WASHINGTON — The Trump administration’s top cybersecurity official on Tuesday previewed the contours of the administration’s cyber strategy, saying it would focus heavily on countering foreign adversaries and reducing regulatory burdens on industry.
“We are striving as an administration to make sure that there is a single coordinated strategy in this domain in a way that hasn't happened before,” National Cyber Director Sean Cairncross said at the Aspen Cyber Summit. “We are working in very close partnership with our interagency colleagues to develop this strategy and get it out the door.”
Like its Biden administration predecessor, the new cyber strategy will be accompanied by an action plan that lists lines of effort under six pillars of activity. “It's going to be a short statement of intent and policy,” Cairncross said.
One of the pillars will focus on shaping the behavior of Russia, China, ransomware gangs and other adversaries by imposing costs when they attack the U.S. In emphasizing the need for consequences, Cairncross repeated a frequent criticism of the government’s approach to cyber defense, saying policymakers have failed to deter adversaries’ malicious cyber activity.
“We need to do that,” he said, “because it is scaling, and it is becoming more aggressive every passing day.”
The government is getting better at defending against individual cyberattacks, Cairncross argued, but it has never taken “a long-term approach” to addressing the root causes of adversary behavior. In the case of ransomware, he said, “We’re very good at identifying, responding, remediating. What we haven't been good at is saying, ‘What could we do over the course of 12 months to really put a dent in the incentive to engage in this sort of behavior?’”
Partnering with the private sector will form another key pillar of the administration’s cyber agenda. Cairncross said the government wants industry’s help identifying unnecessary or overly burdensome cybersecurity regulations that could be eliminated or modified. The administration will also ensure that critical infrastructure industries understand the government’s security priorities — what Cairncross described as “the things that we would like to see protected.” Simplifying regulations, he said, would help companies “free up those resources to protect those assets.”
The Trump administration is also focused on growing the U.S. cyber workforce to fill hundreds of thousands of vacant jobs. A new workforce initiative will unite businesses, venture capitalists, universities and vocational schools. As part of that project, Cairncross said, the government will create a cybersecurity education “academy” that links existing training programs and helps “teach people how that [cybersecurity] culture works.”
All three of the strategic pillars that Cairncross addressed at the Aspen event were also important parts of the Biden administration’s cyber agenda. It remains unclear how the action items set to appear in the Trump administration’s plan will differ from the ones that the Biden administration pursued.
