Switching to Offense: US Makes Cyber Strategy Changes TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsEndpoint SecurityChinese APT Infects Routers to Hijack Software UpdatesChinese APT Infects Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadThreat Intelligence'Matrix Push' C2 Tool Hijacks Browser Notifications'Matrix Push' C2 Tool Hijacks Browser NotificationsbyNate Nelson, Contributing WriterNov 20, 20254 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllEndpoint SecurityChinese APT Infects Routers to Hijack Software UpdatesChinese APT Infects Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadCyberattacks & Data BreachesCoyote, Maverick Banking Trojans Run Rampant in BrazilCoyote, Maverick Banking Trojans Run Rampant in BrazilbyAlexander CulafiNov 13, 20254 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyber RiskCybersecurity OperationsThreat IntelligenceVulnerabilities & ThreatsNewsSwitching to Offense: US Makes Cyber Strategy ChangesThe US national cyber director describes the next cyber strategy as focusing "on shaping adversary behavior," adding consequences and aggressive response.Robert Lemos, Contributing WriterNovember 21, 20255 Min ReadWhite House's National Cyber Director Sean Cairncross. Source: Capture from Aspen Summit videoThe US will pursue a single coordinated cyber strategy focused on taking a more aggressive stance against the groups that attack US companies, government agencies, and citizens, but whether the initiative works will rely greatly on execution, experts say.Earlier this week, the White House's National Cyber Director Sean Cairncross said the Trump administration plans to release an updated National Cyber Strategy that takes a more aggressive stance toward attackers, deepens public-private partnerships, aims to fill cybersecurity rolls, and combines the efforts of disparate federal agencies."It's going to be focused on shaping adversary behavior, introducing costs and consequences into this mix," he said. "I think, as a country, we have not done a terrific job of sending a signal to our adversaries that this behavior is not consequence-free. And we need to do that because [the threat] is scaling, and it is becoming more aggressive every passing day."Overall, the national cybersecurity strategy will consist of six pillars, which were not specified during the Aspen Cybersecurity Summit, but appear to include active defensive measures, public-private partnerships, and workforce initiatives. In addition, the Trump administration has pledged to "streamline the regulatory environment, sector by sector," according to Cairncross.Related:Cloudflare Blames Outage on Internal Configuration ErrorThe consequences will likely include economic measures — such as sanctions against individuals, organizations, and nation-states — as well as more aggressive measures, such as taking down attackers' infrastructure, says Nick Tausek, lead security automation architect at Swimlane, a provider of security automation.While international takedowns by law enforcement have had some major successes, Tausek does not necessarily see that cooperation continuing."I expect to see widespread attacks from the United States against a variety of nation-states and organizations, both to disrupt adversary behavior and to conduct reconnaissance, data theft, and intelligence gathering — similar to how our adversaries attack us currently," he says. "I also expect a winding down of the international law enforcement cooperation we have historically relied on to prosecute and disrupt adversarial actors in foreign countries, along with more unilateral action."Offensive Cyber a Tricky PropositionHowever, offensive cyber operations have always been seen as a hard line to which to hew. The US is already in an ongoing conflict in cyberspace with different entities, but there is a difference between taking down cybercriminals' infrastructure and attacking the systems and networks of a rival nation, says Jen Roberts, associate director of the Cyber Statecraft Initiative at the Atlantic Council, a policy think tank.Related:How CISOs Can Best Work With CEOs and the Board: Lessons From the Field"The risk of escalation cannot be ignored," she says. "Without clear norms and communication channels, unintended consequences can occur, and this risk must be addressed robustly in the strategy."Yet, with tens of billions of dollars being stolen by Southeast Asian cybercrime syndicates and innovative uses of cyberwarfare being pioneered in conflict zones, both cyber offense and cyber deterrence need to be included in the nation's cyber strategies, says Verona Johnstone-Hulse, government affairs lead for the NCC Group, a cybersecurity services provider."The US is not alone in its recent pivot to focus on the offensive cyber operations," she says. "Virtually all national cyber strategies, from the Republic of Korea to Australia, now involve a balance of defensive and offensive activity, recognizing that you can't have one without the other. "For the US, however, the devil is in the details, and one of the most important details will be which agency will take the lead with any cyber offensive capability, says Atlantic Council's Roberts.Related:Microsoft Exchange 'Under Imminent Threat,' Act Now"The pivot toward 'active cyber defense' has been underway for years now, but a key area of uncertainty at the moment is what entity or entities will be undertaking this more offensive mission," she says. "Cyber Command? FBI? Intelligence agencies? CISA? Each has different authorities and capabilities. We need clear roles — right now the lines are too blurry."'Fractured' ResponseFiguring out who will lead a combined offensive security alliance among US agencies is difficult, especially following the government shutdown and the cuts initiated by the "Department of Government Efficiency" (DoGE) which has left various agencies' cyber capabilities understaffed.In his comments at the Aspen Summit, Cairncross described the current approach as "a fractured way of responding to things" and said that agencies will focus on long-term approaches to dissuade attackers in the future. He did not specify which agency has the lead in the race to house the nation's cyber offense.Cairncross did focus on other problems that will be tackled by the National Cybersecurity Strategy, especially ways of strengthening the pipeline of cybersecurity workers. He pointed to the Israeli system of funneling talented youths into the elite Israeli intelligence group, Unit 8200, during their mandatory military service as one possible model. Veterans of that program account for a significant share of startup founders and mid- to senior-level executives in cybersecurity industry."If something is working, I want to try to copy that thing," Cairncross said of the Israeli model. "They have developed a terrific system, an ecosystem of startups and new technology companies. Part of the reason for that is the involvement of venture capital and that sort of [creates] market incentive."The last National Cybersecurity Strategy, released by the Biden administration in 2023, was a 57-page document that had more than 65 initiatives that the administration aimed to implement in the coming years. However, in the US's polarized political environment, the strategy lacked bipartisan support and funding. An executive order signed by President Biden in January 2025 aimed to further strengthen the nation's cybersecurity, but was largely reversed by President Trump in his first 100 days.Cairncross was nominated in February and confirmed in August. He formerly served as chief operating officer of the Republican National Committee (RNC) but appears to not have held a cybersecurity position prior to the appointment. Cairncross did not specify a timeline for releasing the national strategy, but said it will be released "as quickly as [the administration] can."About the AuthorRobert Lemos, Contributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.See more from Robert Lemos, Contributing WriterMore InsightsIndustry Reports2025 State of Threat Intelligence: What it means for your cybersecurity strategyGartner Innovation Insight: AI SOC AgentsState of AI and Automation in Threat IntelligenceGuide to Network Analysis Visibility SolutionsOrganizations Require a New Approach to Handle Investigation and Response in the CloudAccess More ResearchWebinarsIdentity Security in the Agentic AI EraHow AI & Autonomous Patching Eliminate Exposure RisksSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeEditor's ChoiceCybersecurity OperationsDo National Data Laws Carry Cyber-Risks for Large Orgs?Do National Data Laws Carry Cyber-Risks for Large Orgs?byNate Nelson, Contributing WriterNov 19, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsIdentity Security in the Agentic AI EraTues, Dec 9, 2025 at 1pm ESTHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersMissing 88% of Exploits: Rethinking KEV in the AI EraThe Straightforward Buyer's Guide to EDRThe True Cost of a Cyberattack - 2025 EditionHow to be a Better Threat HunterFrom the C-Suite to the SOC: Consolidating the Network Security SolutionsExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The United States is shifting its cyber strategy towards a more assertive, consequence-oriented approach, spearheaded by National Cyber Director Sean Cairncross. This represents a departure from previous strategies, aiming to deter adversaries by introducing tangible risks and escalating responses. The core of this new approach is a six-pillar strategy, though specific details remain undisclosed, emphasizing active defense, public-private partnerships, and workforce development. A key component involves significant consequences for cyberattacks, potentially including economic sanctions and infrastructure takedowns, reflecting a willingness to engage in more aggressive action.

However, this shift is not without significant challenges. The current cyber landscape is “fractured,” marked by a lack of coordinated responses across government agencies, partly due to budgetary constraints and restructuring initiatives. There’s an acknowledged need to streamline regulatory environments, but a clear lead agency for offensive cyber operations remains uncertain. Cairncross is seeking to learn from successful models, citing the Israeli intelligence system's focus on cultivating a cybersecurity talent pipeline as a potential blueprint.

Despite these complexities, the US is preparing to confront escalating threats, including significant cybercrime activity in Southeast Asia and increasingly sophisticated cyberwarfare tactics. This necessitates a balance between defensive and offensive capabilities, as seen in strategies adopted by numerous nations globally. The focus on shaping adversary behavior and introducing consequences reflects a growing recognition that traditional law enforcement approaches are insufficient against increasingly sophisticated and globally distributed cyber threats.

The transition is being driven by Cairncross’s experience in the Republican National Committee, and his goal for the new strategy is to quickly release its full scope. However, the timeline for this release remains flexible. The effectiveness of this new strategy hinges not only on the boldness of its approach but also on the ability of fragmented government agencies to coordinate their efforts and execute a cohesive, impactful response. The US is committed to bolstering its workforce capabilities, drawing inspiration from successful models in other countries, a critical element in achieving a sustainable and effective cyber defense posture.