Administration Releases Cyber Strategy, Executive Order on Cybercrime and Fraud | #cybercrime | #infosec

Action: The Administration has released its National Cyber Strategy citing the need to ensure “that America remains unrivaled in cyberspace.”¹ The strategy calls for coordination across government and the private sector, centering on six policy pillars – shaping adversary behavior, promoting common sense regulation, modernizing and securing federal government networks, securing critical infrastructure, sustaining superiority in critical and emerging technologies, and building talent and capacity. The strategy does not, however, describe any specific policy actions that the Administration plans to take.

Trusted Insights for What’s Ahead^®

• The Administration’s vision shares some commonalities with the one outlined by the previous administration’s strategy, including an emphasis on disrupting threats, defending critical infrastructure, providing support for the private sector, and investing in the cyber workforce.² However, this Administration’s approach places greater emphasis on reducing regulation and deploying AI solutions.
• Because the document provides limited operational detail, the most important signals will come next through agency guidance, budget decisions, procurement rules, and possible executive or legislative actions.
• The strategy’s emphasis on shaping adversary behavior suggests the Administration may favor a more assertive posture toward foreign cyber actors and criminal networks, potentially including stronger deterrence measures, more coordinated disruption efforts, and closer alignment of cyber policy with broader national security tools.
• Notably, the Administration released an Executive Order on cybercrime and fraud on the same day as its cyber strategy. The Order directs agencies to review “operational, technical, diplomatic, and regulatory frameworks” and develop an action plan for dismantling Transnational Criminal Organizations. It also directs consideration of a Victim Restoration Program for those impacted by cyber fraud schemes.³
• What this means for business: Cybersecurity is a core concern for businesses of all sizes, and cyber attacks on US businesses and infrastructure have led to significant disruptions to business operations as well as leaks of private data. The Administration’s strategy promotes coordination and collaboration between the private sector and government to promote security and highlights the importance of investments in academic, vocational, and technical education to prepare the US cyber workforce. Businesses should watch for how the Administration translates its “common sense regulation” language into actual policy, especially in sectors that operate critical infrastructure or handle large volumes of sensitive data.