Less than two weeks after the Trump administration launched its National Cyber Strategy, intelligence and cybersecurity agencies are already taking steps to integrate its six cyber pillars into their operations.
The strategy’s pillars include deterring adversaries, improving regulatory coordination, modernizing federal systems, protecting critical infrastructure, preserving U.S. leadership in emerging technologies, and closing workforce gaps. All stress cross-agency collaboration, industry feedback, and parallel efforts to build security into artificial intelligence (AI) innovation.
Officials from the Department of Energy (DOE), FBI, U.S. Army, and Cybersecurity and Infrastructure Security Agency (CISA) said the strategy is already shaping priorities from offensive cyber operations to infrastructure protection and workforce development, with a strong emphasis on coordination between government and industry.
“The national cyber strategy outlines a clear direction for the future,” said Alex Fitzsimmons, acting undersecretary at DOE, during the McCrary Cyber Summit on Tuesday. “It gives all of the agencies, all of us sitting here, clear marching orders for how to implement it.”
Fitzsimmons said DOE is prioritizing the strategy’s focus on critical infrastructure and emerging technologies, particularly in operational technology environments that are often under-resourced.
“We at the Department of Energy are especially happy to see the emphasis on critical infrastructure,” he said, pointing to interdependencies across “energy, water, telecom, etc.”
“A lot of those organizations are well-resourced, but a lot of them are not,” Fitzsimmons explained. “They might have one person working on OT [operational technology] or IT – not even a dedicated cyber person, but they’re expected to defend their networks against nation-state threat actors.”
Fitzsimmons said DOE is also making progress in the strategy’s fifth pillar – emerging technology, specifically AI. “AI for security is a big priority,” he explained, pointing to DOE efforts to secure energy systems, defend against adversarial AI, and secure the AI itself.”
At the FBI, Brett Leatherman, assistant director of the agency’s cyber division, pointed to the strategy’s deterrence and critical infrastructure pillars as central to the FBI’s mission. Leatherman said the bureau is focused on “shifting that risk calculus” by using law enforcement and intelligence authorities to proactively disrupt adversaries, pointing to the FBI and international partners’ recent takedown of a major hacking forum.
“We are one of the few agencies who can conduct offensive action in order to remove capacity and capability from the actors doing technical disruptions,” Leatherman said.
He also emphasized the FBI’s nationwide footprint in protecting critical infrastructure, such as through Operation Winter Shield. “Every one of those 56 field offices have at least one dedicated cyber component to engage and share what we know on the threat to defend critical infrastructure,” he said.
Brandon Pugh, principal cyber advisor to the U.S. Army, said the strategy sends a clear signal on the importance of agencies working together on cyber.
“We shouldn’t see cyber as just a siloed capability,” Pugh said.
He also noted that the strategy clearly emphasizes the importance of offensive cyber strategies.
“You’ve seen so many administrations just shy away from ever alluding to offensive operations, but they were very clear in the strategy … [on] how offensive cyber has a key role to play,” Pugh said. “I think it’s putting adversaries on notice that the United States government is not going to be shy to respond with all types of means.”
Chris Butera, acting cyber division director at CISA, said the agency is working across all six pillars, with a focus on partnerships and scaling defensive measures. “We are a partnership agency first,” he said.
Butera said the agency is working to “increase the cost of doing business to the adversary” at scale while improving vulnerability management and software security. “We really believe that is the only way we’re going to win this cyber war … by getting better at software at the front end, understanding how software is written, and trying to eliminate entire classes of vulnerabilities,” he said.
At the same time, Butera emphasized that workforce development is central to executing the strategy. “The workforce [is] a strategic asset,” Butera said, adding that agencies must continue “upskilling and reskilling for our cyber workers” as the threat landscape rapidly evolves.