As the Trump Administration’s second term continues to disrupt the status quo, cybersecurity remains one of the few areas of government policy that still welcomes strong bipartisan support. Recognizing the rapid growth of threats in cyberspace, the administration is set to prioritize efforts to safeguard the nation’s critical infrastructure and secure its national supply chain. Building on previous efforts, the Trump Administration will continue to confront challenges in the digital domain while balancing national security, unwasteful spending, and regulatory reform.
In February, the administration cut 130 positions at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to reduce government spending. Following that move, a senior penetration tester at CISA announced on LinkedIn in March that an entire red team—more than 100 employees—was also terminated. However, The Register reported that a CISA spokesperson refuted the report's accuracy that the red team’s contract was canceled.
In addition to staffing cuts, the Trump administration recently cut about $10 million in annual funding from CISA to the Center for Internet Security. Two cybersecurity initiatives, the Elections Infrastructure Information Sharing and Analysis Center and the Multi-State Information Sharing and Analysis Center, were also cut in April. This move has been reported to be part of the administration’s effort to curb the federal government’s role in election security, which some critics say could make the U.S. more susceptible to foreign meddling in elections.
Given the rapid pace of the administration's efforts, assessing the impact of decisions to cut positions and budget expenditures at CISA will take time. This is especially true as conflicting accounts emerge regarding the extent of layoffs and budget cuts and their effect on the agency’s ability to safeguard critical infrastructure against cyber threats.
Continuing the Legacy of Cyber Defense
The Trump Administration is expected to adopt key elements from the 2023 National Cybersecurity Strategy, most notably the “defend forward” approach. This strategy, which emphasizes proactively addressing threats before they reach U.S. networks, will remain a cornerstone of the administration’s cybersecurity efforts. As evidenced by persistent attacks on critical infrastructure, such as those attributed to threat actors like Salt Typhoon, the need for a robust defense against cyber incursions is now more pressing.
Salt Typhoon, a state-sponsored actor linked to China, has breached several U.S.-based telecom companies targeting high-profile government and political figures. According to research by Tenable, advanced persistent threat actors like Salt Typhoon and Volt Typhoon will “continue to loom in the shadows, carefully planning and executing their next attack.” As the cyber threat landscape continues to evolve, Tenable reports that security teams will face “new threats and attacks from a myriad of malicious groups, including ransomware gangs and small collectives chasing financial gain or even clout in the hacking community.”
In line with the objectives of the National Cybersecurity Strategy, the Trump Administration will likely maintain the ongoing cyber risk management themes advanced by the CISA. These principles will continue guiding public and private sector efforts to strengthen defenses against increasingly sophisticated cyber threats.
A Shift in Regulatory Approach
While some aspects of the Biden Administration’s cybersecurity strategy will be carried forward, the Trump Administration is expected to diverge in key areas, particularly regarding industry regulation and liability. Unlike the Biden Administration, which has emphasized increased regulation for private sector cybersecurity, the Trump Administration will likely place a greater emphasis on deregulation and regulatory harmonization across industries. This shift aligns with the administration’s broader focus on reducing government intervention and fostering economic growth.
Moreover, while the Biden Administration sought to impose clearer liability frameworks on businesses, the Trump Administration is expected to focus on collaboration rather than regulation. Interagency government cooperation and public-private partnerships will take center stage to foster more efficient and effective cybersecurity responses. The administration’s desire for greater government efficiency will likely result in streamlined processes for collaboration across federal agencies, state entities, and private industry stakeholders.
Adapting to the Emerging Technology Landscape
In addition to defending against current cyber threats, the Trump Administration must address the rapidly evolving landscape of emerging technologies. Among the most significant challenges are the security implications of artificial intelligence (AI), quantum computing, and the defense of space-based assets. As these technologies advance, they present new opportunities and vulnerabilities requiring forward-thinking policies and cutting-edge cybersecurity solutions.
With its vast potential for both offense and defense in cyberspace, AI presents unique security, privacy, and accountability challenges due to its complexity and rapid evolution.
AI systems are vulnerable to manipulation of both the underlying model and training data, which can lead to flawed reasoning, and their capacity to process and analyze vast amounts of personal data amplifies the threat of unauthorized access, making safeguarding sensitive information increasingly complex. Given that many AI systems operate as "black boxes," where decisions are made autonomously, ensuring accountability for data integrity and confidentiality becomes a critical challenge. These factors necessitate robust regulatory frameworks and transparency to ensure AI’s responsible and secure deployment. Due to these factors, the Trump Administration must craft policies ensuring AI systems are designed with security at their core while balancing innovation and protection.
Similarly, the rise of quantum computing poses significant risks to the cryptographic systems that underlie much of the global digital economy. While quantum computing remains early, its potential to disrupt encryption protocols cannot be ignored. Preparing for this shift will require collaboration between government, academia, and the private sector to develop quantum-resistant cryptographic standards.
Finally, the security of space systems—an increasingly vital component of national security infrastructure—will become a focal point. As satellite systems and space-based technologies become integral to communications, navigation, and intelligence-gathering, securing these assets against cyber threats will be crucial to maintaining national security and economic stability.
Cyber Workforce Skills Development
While the Trump Administration’s cybersecurity agenda will likely focus on infrastructure defense, regulatory reform, and emerging technologies, developing a skilled cyber workforce will remain an important priority. The shortage of cybersecurity professionals continues to be challenging, with demand outpacing supply across the public and private sectors. During his previous term, President Trump initiated several efforts to address this gap, including signing an Executive Order to enhance the nation’s cybersecurity workforce through improved educational and training opportunities.
Given the administration's emphasis on efficiency and deregulation, cyber workforce development is likely to be framed to improve the effectiveness of federal cybersecurity roles and support public-private collaborations. While not the central focus of the administration’s cybersecurity strategy, the Trump Administration will likely continue to promote STEM education and vocational training programs to build a strong pipeline of future cybersecurity professionals. Public-private partnerships and increased collaboration with educational institutions will be crucial in closing the skills gap.
Next in Cybersecurity
The Trump Administration’s cybersecurity priorities will build upon the foundation laid by previous administrations, emphasizing defending critical infrastructure, fostering interagency cooperation, and addressing the challenges posed by emerging technologies. While regulatory reform may shift the focus away from direct industry oversight, the need for strong public-private partnerships will remain paramount in safeguarding the nation’s digital infrastructure. As the cybersecurity landscape continues to evolve, so will the strategies required to protect America’s interests in an increasingly interconnected world.
