The White House released its 2026 National Cyber Strategy on Monday, outlining a six-pillar plan to defend U.S. National interests in cyberspace. The strategy emphasizes bolstering both offensive and defensive capabilities, streamlining regulations and strengthening public-private partnerships, but experts say its success hinges on concrete implementation and a clearer articulation of the threats facing the nation.
Whereas the strategy document broadly calls for shaping adversary behavior, it notably avoids explicitly naming Russia and China as primary aggressors, despite repeated instances of both nations targeting U.S. Critical infrastructure. According to a January 23rd hearing before the House Homeland Security Committee, cybersecurity experts testified to the ongoing threats posed by these actors. Specifically, the strategy does not mention China’s “Volt Typhoon” campaign, which has been actively preparing for potential attacks on U.S. Soil, or Russia’s targeting of networking devices, as highlighted by the FBI’s Internet Crime Complaint Center (IC3) in an advisory issued on February 8th.
The strategy does, however, advocate for developing offensive cyber capabilities, a direction the current administration has already demonstrated through operations in Venezuela and Iran. A January 15th New York Times report detailed a cyberattack conducted against Venezuela’s military, while a Lawfare analysis published on February 14th examined a four-hour cyber war waged against Iran. The administration is also reportedly considering expanding the role of the private sector in offensive cyber operations, a move that has sparked debate. Officials are weighing whether to allow private companies to “hack back” against attackers, but concerns remain about potential escalation if such authority is granted. The White House reportedly prefers a model where the private sector focuses on tool building and network defense, rather than directly conducting offensive actions.
Streamlining cybersecurity regulations is another key pillar of the strategy. The proliferation of cyberattacks has led to a corresponding increase in regulations, creating a complex landscape for businesses. The administration aims to ensure these regulations are comprehensive without imposing undue burdens on the private sector.
Securing federal networks is also prioritized, with the strategy highlighting the importance of post-quantum cryptography, zero-trust architecture, and cloud transition. A report from the Foundation for Defense of Democracies (FDD) published in September 2024 underscored the need for quantum readiness, while the Department of Defense has been actively pursuing zero-trust architecture to prevent data theft. The strategy acknowledges the need to modernize procurement processes to facilitate the continuous improvement of federal networks and adopt these emerging technologies.
However, the strategy’s call for strong private-public collaboration to defend critical infrastructure is undermined by recent actions taken by former Homeland Security Secretary Kristi Noem. According to reporting in Alternet, Noem significantly reduced the workforce of the Cybersecurity and Infrastructure Security Agency (CISA) by nearly 40 percent and disrupted cybersecurity grant programs, weakening the agency’s ability to support state and local governments and public utilities. She also cancelled the Critical Infrastructure Partnership Advisory Council, effectively dismantling a key mechanism for federal engagement with the private sector.
Experts suggest reversing this trend is crucial. Resourcing and rejuvenating CISA should be a priority for Noem’s successor.
The strategy also emphasizes American superiority in critical and emerging technologies, recognizing the need for sustained investment in research and development. Finally, it reaffirms the commitment to building a skilled cyber workforce. The administration highlights the CyberCorps: Scholarship for Service program, which provides scholarships in exchange for government service, but acknowledges the program has faced funding challenges and placement difficulties due to recent workforce cuts and hiring freezes. A November 24th FDD analysis detailed the challenges facing CyberCorps. The strategy calls for expanding funding for the program and prioritizing the hiring of its participants.
The administration is also considering the creation of a U.S. Cyber Force as a dedicated military service for cyber operations, a move that proponents argue would improve the generation of a skilled military cyber workforce. An FDD analysis from May 15th outlined ten reasons why a Cyber Force is needed.
To ensure the strategy’s goals are met, the administration is expected to issue additional executive orders (EOs) to task federal agencies with specific deliverables. These EOs are expected to prioritize support for CISA, cyber workforce development, and the establishment of a framework for aggressive action against U.S. Adversaries.
