The new administration’s cyber strategy: A shifting landscape for enterprise security

The cybersecurity sector entered the year facing three converging factors, creating a “perfect storm” that challenges our national cybersecurity. The first element, cybercrime, continues to spread at unprecedented speed: 2025 opened with a 44% year-over-year surge in cyberattacks, with the cost of cybercrime projected to reach $10.5 trillion by 2029. AI is the second element, exponentially improving attackers’ ability to impersonate, reduce costs and evade detection. The third — and probably the least expected — is the recent shifts in cybersecurity leadership and policy, eliminating many aspects of our existing cybersecurity programs and personnel.

Our modern economy depends on interconnected networks spanning global supply chains, military and critical infrastructure, the power grid, healthcare and election systems and financial institutions. When these systems are disrupted, the impact can debilitate national security, economic stability, public health and safety. The weakening of one link threatens the stability and security of the entire system. The interconnective nature of these distributed platforms demands a transparent and predictable set of rules and protections to ensure a stable and secure ecosystem.

It wasn’t supposed to be this way 

The first Trump administration implemented and supported robust cybersecurity efforts, leading to expectations of a stronger, not weaker, set of policies and programs. Much to the surprise of the security community, the fiscal 2026 budget proposal reduces CISA funding by $135 million. While budget fluctuations are not new, including larger cuts proposed during a prior administration, the cybersecurity community has expressed concern over the timing of this reduction amid escalating threats. This follows executive orders that have revoked Biden-era AI safety policies and disbanded the Cyber Safety Review Board (CSRB), while modifying other cybersecurity initiatives. Putting aside the merits of reform or evolving our security stance, it is the suddenness and lack of coordination that create uncertainty and potential gaps in our security stance. 

The overall impact appears to be a consensus on the degradation in CISA’s operational capacity precisely when cyber threats are increasing in frequency and sophistication. This tension between securing critical infrastructure and funding the agencies responsible for that security seems counterintuitive. 

A break in our national cyber strategy and personnel continuity is an invitation for adversaries to deploy AI tools to map our critical infrastructure vulnerabilities, disrupt global elections, erode civic trust and accelerate zero-day exploit development.

Building upon a strong foundation 

The current cyber infrastructure didn’t emerge overnight, and maintaining it demands equal parts agility and discipline. President Trump’s Executive Order 13800 in 2017 was a watershed moment in cybersecurity governance, elevating cybersecurity to a strategic priority for enterprises and federal agencies and laid the groundwork for a broader cyber deterrence strategy, shifting our posture from reactive compliance to a “defend forward” approach. The creation of CISA in 2018 codified this structure, advancing the mission to protect federal civilian agencies’ networks and bolster critical infrastructure security by creating a dedicated civilian cybersecurity agency with consolidated authority. 

Defending against cyber threats is akin to a game of whack-a-mole: when one form of intrusion is stomped out, another emerges. Take the SolarWinds cyberattack, which compromised its supply-chain platform in 2020, initiated by the Russian Foreign Intelligence Service a year earlier, and infected as many as 18,000 customers, including the US government. A year later, the ransomware attack on Colonial Pipeline resulted in a partial system shutdown and local gas shortages. Both are case studies for students of cybersecurity and demonstrate the importance, efficacy and efficiency of a coordinated response. The White hats (ethical hackers/defenders) need to share information to match the information sharing the bad operators (criminals or hostile state actors) already do. We learn from each other and can contribute in a coordinated way. Individually, we are left to fend for ourselves.

Centralized coordination and information sharing is critical. The federal government has the resources and ability to provide the framework 

Previous executive orders to improve the mechanisms used to identify and defend against threats to critical infrastructure created a formal roadmap for agencies to adopt a Zero-Trust stance, strengthened verification protocols to bolster software supply chain security, and implemented enhanced security requirements for government vendors. These previous measures included AI safety and security measures (since rescinded), and restricted the transfer and access of sensitive personal and government-related data by entities linked to designated “countries of concern.” 

The Cyber Safety Review Board, established in 2022 (now dissolved), brought unprecedented transparency to cybersecurity incident analysis. Their examinations of incidents like SolarWinds and Lapsus$ attacks provided insights that have fundamentally changed how those of us in the enterprise security space approach cyber resilience on a national scale.

Current threat landscape makes a well-funded, national Response critically important

Malicious activity by nation-state actors paints a stark picture of the vulnerability of our software supply chains, and highlights the increasing asymmetry and sophistication of state-sponsored tactics. China-sponsored activity, alone, surged 150% last year, according to CrowdStrike’s 2025 Global Threat report. Recent examples of cyber attacks on our business operations demonstrate the complexity of threats against our cyber defenses:

• In July, China-linked hackers targeted Microsoft’s SharePoint servers and the impact was broad. More than 400 organizations, including small and enterprise businesses, some 60 government agencies and universities across the US, Europe, the Middle East and Asia, have been exposed. According to Bloomberg, the National Nuclear Security Administration, which is responsible for maintaining our nation’s cache of nuclear weapons, was also hit.
• Cybersecurity risk to defense contractors, notably those “possessing holdings or relationships with Israeli research and defense firms,” by Iran or its affiliates received a CISA warning after the US military strikes in Iran on June 21.
• Salt Typhoon, a China-sponsored cyberespionage campaign that infiltrated government networks and at least nine US telecommunications companies, but CSRB’s investigation into this incident was disrupted with its disbandment in January. The Salt attack followed Volt Typhoon, which targeted operational technology across critical infrastructure sectors, demonstrating how adversaries can maintain persistent access to systems for years without detection.
• MOVEit saw a new spike in scanning activity targeting its high-value file transfer software used to share data between businesses and government agencies. The recent activity followed similar attacks on its systems in 2023, affecting more than 2,700 organizations, including the Justice Department and the Pentagon.
• 3CX breach by North Korean actors unleashed malware across the software-based phone company’s global customers’ operating systems in 2023.
• Ongoing threats against our federal agencies continue to be detected by CISA.

The AI acceleration problem 

AI-assisted attackers can automate reconnaissance, vulnerability scanning and lateral movement at machine speed. The time it takes for a malicious threat to move across a network is faster than ever. The average breakout time fell to 48 minutes, with the fastest dropping to just 51 seconds, according to CrowdStrike’s report. 

Our company has noted that more than 80% of phishing attacks now show some use of AI. Adding gasoline to the fire, AI-based spoofing has increased the profitability of these attacks by 50x, and are achieving success rates that outperform typical phishing by 3.5x (Zhou, A., Tang, Y., et al. (2024). “The Growing Threat of AI-Generated Phishing Emails.”). An accelerating “arms race” with AI competing with AI is afoot, and shows no signs of slowing down. 

A bright spot of note is seeing layered defenses that combine AI-powered threat detection with zero-trust authentication standards provide a strong antidote to attacks. All of this points to the truism: “A layered defense is the best approach” — just ensure that the layers are highly diverse to ensure weaknesses in one layer are covered by strengths in the other.

CISA is already defending against AI-powered cyberattacks, AI-generated misinformation and malicious AI use in critical infrastructure disruption. Substantially reducing CISA is akin to shutting down air traffic control during turbulent weather, with aircraft flying without centralized coordination to prevent collisions or learn about hidden obstacles in the flight path.

Continuity vs disruption

Since 2018, CISA has served as America’s cyber defense quarterback, protecting not just federal networks but the entire business ecosystem that businesses rely on daily. While not every breach can be prevented, the agency has been instrumental in helping enterprises integrate risk management practices and close the vulnerability gap that cybercriminals seek to exploit.

Since its creation, CISA has shown just how effective a well-funded and staffed national organization that interacts with the private sector can be:

• Improved cyber hygiene across federal agencies with faster patches, more data to feed baseline systems more consistently.
• Faster, coordinated incident response during cases like SolarWinds, Microsoft Exchange and Log4j.
• Coordinated cross-government and cross-industry responses and immediate guidance to federal and private sector entities.
• Sector-specific guidance ensuring essential services remain operational during cyber incidents. 

With more than 35 million enterprises operating across the US, disrupting the established framework could fracture federal response, enable more SolarWinds-style compromises and reduce the speed and unity of action. It sends a signal of a national deprioritization of cybersecurity at precisely the wrong moment. 

The simultaneous increase in AI investment presents a contradiction: we’re recognizing the need for enhanced AI security measures while reducing funding for the primary agency coordinating national cybersecurity efforts. This disconnect between threat recognition and resource allocation creates unnecessary risks for both government and private sector organizations. 

In recent months, we have seen the disbandment of top cybersecurity leaders at the National Security Agency, US Cyber Command and the Cyber Safety Review Board. The loss of institutional knowledge and established relationships with private sector partners takes years to rebuild. What follows is unknown, creating deep uncertainty across the cybersecurity community. This strategic shift threatens to destabilize established security frameworks when coordination is needed most.

Core principles for enterprise resilience

In the face of potential disruption, the next stage of enterprise cybersecurity must be designed for resilience. Immediate actions business leaders can take:

• Layer your approach to security: No single layer or vendor can protect us from all attacks. Each has its strengths and blind spots. Create a diverse and layered security posture.
• Pair zero trust authentication with active AI-based solutions: Zero trust authentication pairs well with AI-based defenses. They each bring different strengths to the table.
• Strengthen incident response: In addition to regular tabletop exercises and clear escalation procedures, join groups or organizations that are willing to share expertise and intel “we are stronger together.”
• Invest in threat hunting: Develop internal analysis capabilities, including strategic threat assessment that can evaluate adversary motivations and predict future attack vectors.
• Secure supply chains: Implement rigorous vendor risk assessments, maintain software component inventories and establish rapid response protocols for supply chain compromises. 

A defining moment 

The cybersecurity landscape will continue to evolve at an accelerated pace, driven by AI advancement, sophisticated adversaries and geopolitical tensions. This is a defining moment: we can build on the lessons and cybersecurity progress we’ve achieved — or we can undermine national resilience by unwinding the frameworks meant to protect us in an AI-powered world. Change and evolution of the frameworks can lead to more secure systems — if done in partnership and by leveraging our collective knowledge. 

Reverting to fragmented systems and a loss of expert personnel will create dangerous security gaps across the landscape. This moment must be met with open dialogue, transparency and in partnership with the public/private sector. Coordinated, consistent and unified action from both industry and policy leaders is needed to prepare for the challenges ahead.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?