Trump “Cyber Strategy for America” Promises Enhanced Aggression Against Broad Range of Internet-Based Threat Actors

Rather than pushing technology developers and platforms to boost their defenses, the new Trump “Cyber Strategy for America” vision lays out a sort of “Donroe Doctrine” for the internet. The paper is short and not heavy on specific details, but the tone makes clear the focus is on increasing federal aggression against bad actors in cyberspace and supporting AI developers working on both offensive and defensive capabilities.

Long-awaited Trump cyber strategy short on details, but heavy on tone

The new cyber strategy document is directed primarily at federal agencies, critical infrastructure firms and AI developers, and it provides more general shaping of apparent future policy rather than specific directives. But it does clearly indicate that the administration plans to treat cyberspace much as it has the world of kinetic conflict in recent months, with heightened aggression and promises of real consequences to bad actors that target the US.

One big hanging question is exactly how far this aggression will go; specifically, could a bad enough cyber attack against critical infrastructure prompt a physical military response under this administration. The cyber strategy does direct the Secretary of State to be more forceful with countries that are home to cyber crime rings and have an apparent refusal to rein them in, and also directs the attorney general’s office to be more aggressive in pursuing scam and fraud cases that originate from other countries.

This invective is directed to general international threat actors, however, rather than any specific nations. The fact that China has been running rampant with serious breaches of government and infrastructure companies is not directly addressed, for example. A hint is possibly provided in a reference to prior administrations employing “partial measures and ambiguous strategies,” however, perhaps a reference to aggressive espionage being broadly tolerated so long as it does not cross over into real-world damage and destruction.

Cyber strategy also promises boost to AI

Somewhat reflecting the cyber strategy introduced by Trump in 2018 during his first term, the new paper crafts six policy pillars that will serve as a base for coming development of more specific policy and measures. It also mirrors the “defend forward” position of that 2018  paper, which encouraged greater offensive action against advanced persistent threat (APT) groups, though this version seems to take things even farther in that direction.

The principles of the pillars include shaping adversary behavior via offensive campaigns by the government against threat actors, with possible programs to incentivize private industry partners to participate in at least the intelligence and defense ends. This section also notes that intellectual property theft and more run-of-the-mill scams may be considered more serious threats to the nation going forward.

The cyber security pillars also call for common sense regulation, modernization of outdated and legacy federal networks, and improving critical infrastructure security via adoption of AI solutions. One other interesting note in the critical infrastructure area is a call to move away from vendors and services located in rival or antagonistic nations. The remaining pillars call for an improved pipeline to identify and promote cyber talent from within the US, and improvements to specific technological elements such as blockchain technology and post-quantum cryptography.

As with anything involving the Trump administration, the announcement has prompted a politically divided response. Opponents point to Trump’s gutting of the CISA budget and other federal elements as a lack of serious intent, while supporters applaud the seeming expansion of federal scope in protecting US assets and delivering real consequences to deter all types of threat actors. Minds are unlikely to change until more concrete measures begin to unfold over the coming months.