The second Trump administration is signaling a sharp turn in U.S. cybersecurity strategy—emphasizing offensive cyber operations, reducing regulatory burdens, and reshaping public-private collaboration. In a recent webinar with Venable professionals the emerging direction became clear through the analysis of key personnel changes and early policy signals.
Caitlin Clarke, senior director of cybersecurity services at Venable, noted that Sean Cairncross has held several leadership roles within the Republican National Committee and highlighted the administration’s decision to appoint politically aligned figures over seasoned cybersecurity professionals. She added that Alexei Bulazel’s return to the National Security Council indicates “a focus on offensive cyber.”
Senior director of cybersecurity services Ross Nodurft noted that Katie Arrington, currently performing the duties of Chief Information Officer for the Department of Defense, “is continuing to look across the ecosystem at things like supply chain risk and cybersecurity risk, and she’s also taking a … greater role in the approach that the department is playing towards acquisition of technologies, modern advanced commercial technology solutions.”
New Strategy Emerges Amid Mounting Cyber Threats
As the administration enters office, it faces a turbulent cyber threat landscape, Clarke said, marked by state-sponsored actors like Vault Typhoon and Salt Typhoon, as well as ongoing ransomware attacks. “There was a 74% increase in ransomware attacks against U.S. critical infrastructure” in 2023, Clarke said, noting a slight dip in 2024 due to U.S. disruptions of major cybercrime groups.
Despite the threats, the administration is prioritizing deregulation broadly. “For every one regulation being pursued in 2025, ten [are] being pulled back,” Clarke explained. Several Biden-era rules, including the CIRCIA incident reporting rule, SEC cyber risk disclosures, and HIPAA security updates, will serve as a bellwether for how the Trump Administration will view cybersecurity vis-a-via the broader push for deregulation. Nodurft underscored a shift in acquisition strategy as well: “They’re looking across the…acquisition space to figure out how to consolidate and drive enterprise government-wide agreements for commercial adoption.”
Public-Private Partnerships and Global Cyber Policy Face Uncertainty
Traditional cyber collaboration models may also evolve. Clarke raised concerns about the dissolution of structures like the Critical Infrastructure Partnership Advisory Council, explaining that the “public-private collaboration model” will find more certainty once leaders like Sean Plankey are confirmed. Nodurft added, “There’s an intentionality to work with the private sector... [but] we have not necessarily seen how those discussions are going to be implemented.”
Internationally, cyber policy is becoming increasingly fragmented. “Tensions have risen between the EU and the US,” said Alex Botting, senior director for global security and technology strategy, citing the EU’s push for digital sovereignty and its expansive Cyber Resilience Act. Botting warned that differing global standards could drain cybersecurity budgets and impede incident response. “More and more cybersecurity budgets are getting devoted to compliance,” he said, and “that can be a drag on money that’s going to operational cybersecurity activities.”.
To learn more about upcoming webinars or watch past recordings from our series, Transition Outlook: What to Expect from the Second Trump Administration, click here. The weekly webinar series runs through mid-April 2025.