The Trump 2.0 cyber strategy is in development, National Cyber Director Sean Cairncross said, though he did not elaborate on when it would be released. President Donald Trump’s national cybersecurity strategy is expected to draw in more partnerships with the private sector while setting principles that seek to avoid an overly-prescriptive or regulation-heavy approach to cyber directives, the White House’s national cyber director said Thursday at the Palo Alto Networks public sector summit in Virginia.
The sweeping strategy document is currently being crafted and its authors have sought input from groups across the government, said Sean Cairncross, who was confirmed to his post leading federal cyber strategy over the summer.
“Everyone is looking to speed resiliency … looking to modernize, and we are all moving in the same direction,” he said, noting that he would “look forward” to working with the cybersecurity community. “The second thing I would say, in terms of the private sector, is we will be socializing things moving forward.”
Though Cairncross’s sentiment is fairly common for the development of sweeping cyber policy, his remarks help illustrate moves the second Trump administration is taking to seek more buy-in from cybersecurity companies that provide hefty contracting support to many U.S. government agencies, including offices in the Defense Department and intelligence community.
“Clearly, you can’t just leave the door unlocked, but I want to make sure that we’re working with industry sectors to figure out how to free up resources” for various businesses, he said.
The Office of the National Cyber Director was created in the Biden administration, and its flagship national cyber strategy was unveiled in March 2023. The Biden-era version of the document showed a greater desire to regulate key areas of the government to make the U.S. more secure from hackers.
Many components of that initial strategy, as expected, have not been completed. Early on, cybersecurity experts contended that implementing the strategy would be a major challenge.
Academics and officials have argued that strong U.S. cybersecurity regulations can, in essence, stick more requirements onto private firms to make them more transparent and responsive when tackling neverending hacks. But past industry comments made clear that requirements like notification deadlines, frameworks and other procedures are creating various burdens, a Biden-era assessment document concluded.
“Industry will adjust to anything, any regulation that comes out. That’s how things function. But that’s not an answer to: ‘What are we trying to accomplish? What are we trying to get done?’” Cairncross said.
“And if what we’re trying to do is to make things resilient, to make them defensible, to make information sharing efficient, to allow assets to be prioritized and the right resources on the private sector to be dedicated toward doing that, then I think the knee-jerk response of what we can regulate … is not the right one,” he added.
Cairncross didn’t provide any indication of when the final Trump strategy document would be released.
But he did note that he wants more convenings between the private sector and government. It’s possible that he would build on previous efforts to bolster the office’s convening authorities first proposed in the prior administration.
The cyber office is currently limited in its ability to sway independent regulatory commissions to the discussion table and would need congressional help to direct entities like the Consumer Product Safety Commission or National Labor Relations Board to discuss streamlining cyber laws.
“Without a collaboration between the private sector and public sector, this operation will fail,” he said.
]]>
