U.S. cybersecurity policy under Trump
The Trump administration’s 2025 cybersecurity reset reduces federal oversight while sharpening its focus on foreign threats and critical technologies.
In a nutshell
- Regulatory ambitions from the Biden era are being scaled back
- States, municipalities and private firms will take on greater responsibility
- AI, post-quantum cryptography and strategic supply chains are emphasized
In June, the Trump administration issued an executive order on strengthening national cybersecurity, fulfilling a key campaign promise. The order keeps the existing federal framework intact but redirects it toward priorities such as artificial intelligence, post-quantum cryptography, third-party and software supply chain security and countering foreign actors. In the short term, it offers clearer guidance for federal technology efforts and creates incentives to build AI and post-quantum resilience.
At the same time, the administration has proposed major funding cuts, including a 17 percent reduction for the Cybersecurity and Infrastructure Security Agency (CISA), whose budget authorization has been temporarily extended to January 30. The draft 2026 budget would eliminate more than 1,000 CISA positions and nearly $495 million in funding. The Office of the Director of National Intelligence faces even deeper reductions – close to 50 percent of the workforce.
These cuts could weaken state and local capacity, strain relations with industry and allies, and leave gaps in protection against lower-profile but frequent cyberattacks from ransomware groups and state-linked actors. The dissolution of Russian intelligence desks within United States agencies further limits Washington’s ability to track and counter foreign espionage and disinformation campaigns.
The “Signalgate” episode has also exposed the human vulnerabilities of cybersecurity. Defense Secretary Pete Hegseth reportedly used an unclassified Signal group chat to share sensitive information, including details of U.S. airstrikes in Yemen, with aides, journalists and family members. Such use of personal devices heightens the risk of surveillance and exploitation, especially when officials travel abroad and connect to foreign networks that can intercept data or bypass two-factor authentication.
The rapidly changing international cyber threat landscape
The growing use of AI in cyber operations is intensifying the scale and sophistication of attacks while lowering their cost. AI enables faster, more adaptive and less traceable intrusions, transforming both defensive and offensive strategies as well as hybrid warfare. Yet private operators of critical infrastructure remain reluctant to adopt offensive capabilities due to legal risks, attribution issues and potential collateral damage. As a result, offensive cyber operations remain concentrated within the U.S. government, intelligence agencies and the Pentagon.
These trends have renewed debate over creating a dedicated military cyber force as a new branch of the armed forces. Supporters argue that persistent attacks from China, Russia, Iran and North Korea – especially against U.S. critical infrastructure – demand a specialized military structure. Since invading Ukraine in 2022, Russia has sharply expanded cyber operations aimed at espionage, disruption and sabotage across Europe and the U.S.
The Trump administration has encouraged broader use of offensive cyber measures to deter and punish attacks on hospitals, pipelines, power plants and other vital systems. Advocates say credible deterrence requires maintaining strong offensive capabilities alongside defensive efforts.
Internationally, Washington has relied on sanctions and diplomatic pressure to counter state-sponsored cyber activity and challenge foreign digital regulations, including those of key allies. This approach blends hard-power tools with efforts to coordinate technology governance. However, adversaries, particularly China, continue to expand their cyber arsenals, increasingly shifting from espionage to acts of sabotage.
Facts & figures
New technologies are creating new threats
The financial impact of cyberattacks has become substantial. For U.S. state and local governments, the average cost now ranges from $2.8 million to $9.5 million per incident, with some estimates far higher.
Ransomware attacks have multiplied fivefold over the past five years, becoming the fastest-growing form of cybercrime and a major threat to U.S. and NATO security. Direct financial losses have averaged nearly $1 billion annually, excluding broader economic and societal damage. The rise of “Ransomware-as-a-Service” markets on the dark web allows even unskilled actors to launch complex attacks. The healthcare sector has been hit hardest, accounting for about one-fifth of cases in the U.S. between 2014 and 2024, with rural hospitals especially vulnerable due to limited cybersecurity budgets.
The rise of Chinese cyber capacity
China has emerged as the leading state-sponsored cyber adversary. Chinese hackers increasingly exploit AI tools, including ChatGPT, for fraud, covert influence operations and other malicious purposes. In 2024, the “Salt Typhoon” group, linked to Chinese intelligence, breached nine U.S. telecommunications firms, gaining geolocation access to millions of users, among them government officials, tech executives and journalists. The group also infiltrated National Guard networks and other critical systems. Active since 2019 but only exposed in 2024, it intercepted communications and developed tools to track U.S. intelligence and law enforcement personnel.
The campaign’s reach was vast, targeting more than 80 countries. Former FBI Director Christopher Wray called it “the most significant cyber espionage campaign in history.”
China’s operations have continued to expand. Hackers penetrated the U.S. Treasury Department’s email system – despite its $1 billion annual cybersecurity budget – and spent more than a year monitoring over 100 accounts containing sensitive data on federally regulated financial institutions. The Treasury’s network spans 800 locations and connects some 200,000 devices, underscoring the scale of the exposure.
Malware has been detected across U.S. energy, water, pipeline and transportation networks, leaving them exposed to potential sabotage. In a Taiwan conflict scenario, Chinese cyberattacks could delay U.S. military deployments, disrupt air traffic control, trigger power outages and hinder retaliation efforts.
More by energy and cyber security expert Frank Umbach
- Is nuclear power key to the global energy transition?
- The race for critical raw material self-sufficiency
- The escalating chip war between China and the West
In July 2024, Chinese hackers exploited Microsoft SharePoint vulnerabilities, compromising systems at hundreds of government agencies, private companies and even the National Nuclear Security Administration. A federal review later blamed Microsoft for a “cascade of security failures” following similar breaches in 2023 that exposed senior officials’ email accounts. Analysts warn that the full extent of these intrusions may take years to uncover.
Beijing increasingly relies on private contractors – such as iS00N, Chengdu 404, Storm 2603, Linen Typhoon and Violet Typhoon – to execute complex operations that were once handled by state intelligence. Former MI6 official Nigel Inkster has warned that the scale of China’s cyber offensives is overwhelming Western defenses. German intelligence chief Thomas Haldenwang put it starkly: “Russia is a storm. China is climate change.”
Even as China dominates U.S. attention, threats from Iran and North Korea are also intensifying. Both use cyber operations as asymmetric tools against Washington. Iranian hackers, reportedly from a group called “Robert,” claimed to have stolen 100 gigabytes of emails from President Donald Trump’s inner circle and 2024 campaign team, threatening to release them. While CISA described the incident as “digital propaganda,” Iranian actors have also targeted U.S. critical infrastructure.
Scenarios
Likely: Reforms will allow the U.S. to counter cyber threats more effectively
By concentrating on state actors, advanced persistent threats and resilience in strategic technologies such as AI and post-quantum cryptography, current policy narrows its focus and directs limited resources toward the most pressing national security risks. This sharper targeting could enhance effectiveness against sophisticated intrusions and espionage. Streamlining compliance rules may also ease cooperation between government and industry, accelerate federal system upgrades and simplify contracting.
A tighter, threat-focused federal posture enables faster attribution and sanctions when state involvement is evident. However, this focus can leave gaps in cross-jurisdictional cases – such as attacks on schools or municipal utilities – where federal assistance is reduced. Prioritizing post-quantum computing and AI resilience may speed the adoption of new standards, while the administration’s promotion of “secure-by-design” principles will likely improve technology and AI safeguards.
Yet rapid top-down shifts risk creating compatibility issues if industry and standards bodies lack resources or input. As a result, the administration’s approach may inadvertently heighten systemic vulnerabilities for the U.S. and its allies.
Possible: U.S. cybersecurity is undermined by funding cuts and politicization
Unlike authoritarian rivals such as China or Russia, the U.S. cannot legally monitor private critical-infrastructure operators without their consent, creating uneven protection across sectors. The Biden administration introduced mandatory post-incident reporting, but state-level legal objections blocked broader transparency and data-sharing measures. Many operators remain vulnerable, while federal authorities lack visibility into their defenses.
Cuts to CISA threaten to weaken ties with industry and diminish state and local cyber capacity – the frontline responders to ransomware and supply-chain incidents. Defunding the Multi-State Information Sharing and Analysis Center, which serves over 18,000 state, local, tribal and territorial entities, would remove vital real-time threat intelligence, training and support, leaving critical infrastructure more vulnerable to foreign attacks.
The expiration of CISA’s 2015 legislation at the end of September – coinciding with the federal government shutdown and deep partisan gridlock – has left a major gap in U.S. defenses. The law had enabled intelligence sharing and early warnings against state-sponsored cyber actors from China, Russia, Iran and others, providing a foundation for national cybersecurity. Without CISA’s framework, private operators may be less willing to cooperate, slowing detection, increasing costs and heightening the risk of cascading economic disruptions. The agency also played a vital role in testing and strengthening federal networks, which is even more crucial as cybercriminals adopt AI-driven tools. As critics of the cuts have stated, CISA funding is not only a political question, but “a national security imperative.”
Congress will play a decisive role in shaping cybersecurity outcomes. It may amend the administration’s budget to preserve funding for CISA, state-level programs and interagency coordination. Without this support, resource-constrained state and local governments will struggle to compensate for federal retrenchment.
Furthermore, politicization has compounded the challenges facing U.S. cybersecurity. Rapid staff turnover, revoked clearances and growing partisanship within federal agencies have undermined trust and retention across the cyber workforce. Experts warn that political interference erodes the professional networks essential for effective communication, intelligence sharing and rapid crisis response.
The downsizing of cyber units within the FBI, NSA and other agencies has further weakened capacity. Prioritizing loyalty over expertise risks creating intelligence blind spots reminiscent of Russia’s pre-2022 failures, when politicized analysis led to critical misjudgments. The FBI’s reorganization under Director Kash Patel – redirecting agents from counterintelligence and cyber operations to immigration and narcotics enforcement – illustrates this diversion of specialized talent.
Likely: Information sharing declines between the U.S. and allies
A more transactional U.S. approach to digital regulation, particularly toward European initiatives, has strained cooperation across the Atlantic and Indo-Pacific. Diverging standards weaken collective leverage on cyber norms and intelligence-sharing. Cyberattacks on critical infrastructure worldwide rose by 668 percent between 2020 and 2024, including more than 700 incidents targeting NATO members.
Trust among allies has also declined. In July, Director of National Intelligence Tulsi Gabbard reportedly restricted intelligence sharing with Five Eyes partners (the United Kingdom, Canada, Australia and New Zealand) regarding Russia-Ukraine peace talks. Directives reallocating resources toward surveillance in Greenland – including against NATO ally Denmark – have further undermined cohesion within the alliance.
Cuts to Russia-focused departments could backfire given Moscow’s growing cyber activity. State-backed Russian hackers have breached U.S. court systems and exploited SolarWinds software, exposing long-term underinvestment in critical institutions. Russian-linked hybrid attacks tripled between 2023 and 2024; in one case, hackers briefly seized control of a Norwegian dam, releasing 500 liters of water per second before being detected.
Global cyber risks will likely increase without renewed transatlantic collaboration. Europe’s security depends on U.S. cyber resilience, just as Washington relies on its allies. Without sustained cooperation, trust and shared standards, European partners may hesitate to share critical intelligence, weakening collective defenses in an increasingly aggressive digital landscape.
Conclusion
The Trump administration’s recalibrated cybersecurity policy could enhance focus on high-end threats and accelerate the adoption of AI and post-quantum technologies. Yet the benefits risk being outweighed by agency cuts, politicization and weakened alliances. As AI accelerates both attack and defense capabilities, adversaries are adapting just as fast. A reactive posture toward the evolving cyber strategies of Russia, China, Iran and North Korea is untenable. The true test lies not only in U.S. resilience but in sustaining the collective resilience of the broader Western security ecosystem.
Contact us today for tailored geopolitical insights and industry-specific advisory services.
Sign up for our newsletter
Receive insights from our experts every week in your inbox.
