Cyber threats continue to evolve at an unprecedented pace, presenting significant challenges to America’s digital infrastructure from sophisticated nation-state actors. In President Trump’s first term, the administration released a National Cyber Strategy that took steps to secure Federal networks and information, secure critical infrastructure, combat cybercrime, and improve incident reporting, while supporting a vibrant and resilient digital economy.

The administration has taken important steps by appointing key cybersecurity leaders, including nominating Sean Cairncross as national cyber director. To ensure continued progress, it is essential to maintain cybersecurity as a top national security priority and build on the foundation of the Trump administration’s first National Cyber Strategy. Below are crucial focus areas that the Trump administration should prioritize in order to strengthen and solidify America’s cyber-readiness.

1. Accelerate emerging technology adoption

The existing cybersecurity stack, focusing on firewalls and EDRs, has been actively exploited. Sophisticated attackers use AI to discover firewall vulnerabilities and evade EDR detections in widely used solutions and launch zero-day attacks. Attackers are leveraging AI to generate endless malware variants that are capable of evading detection, leading to an exponential rise in patient zeros. This highlights the urgent need for innovative and emerging technologies that are scalable, cost-efficient and easy-to-deploy. No security solution is infallible on its own.

To stay ahead, organizations need to move beyond reactive defenses and embrace proactive cyber security solutions. DNS plays a critical role here — it provides early visibility into adversaries’ infrastructure, allowing organizations to identify and stop threats in advance of attackers creating and deploying new malware variants.  

The administration can play a critical role in identifying, experimenting, educating and enabling the wide adoption of a zero-day proactive security approach that leverages defense-in-depth. Innovative tools, such as Protective DNS (Domain Name System), have already been adopted by governments around the world and proven to be effective. In fact, according to the National Security Agency, using secure DNS can mitigate 92% of malware attacks by limiting adversaries’ command and control of victim networks. Moreover, by targeting the DNS infrastructure that adversaries use in attacks (vs the malware itself), security teams can identify and stop security events proactively without having to wait for malware to activate on their or someone else’s network. 

2. Speed up execution on existing best practices

Government systems and critical infrastructure have been slow in implementing well-established best practices. A notable example is the delayed execution of Memorandum M-21-07 (Completing the Transition to Internet Protocol Version 6 (IPv6)), issued in 2020 by the first Trump administration. Despite the well-documented security benefits of IPv6, many agencies continue to rely on outdated IPv4 protocols that expose them to evolving cyber threats. 

The administration must take decisive action to enforce a structured timeline for full IPv6 deployment. Additionally, reinforcing existing cybersecurity best practices, such as multi-factor authentication, protective DNS, endpoint detection, and a zero-trust architecture, will be critical in fortifying national security. By putting execution rigor and speed behind these best practices, the administration can help bridge the gap between policy and execution, increase government efficiency and enhance public trust.

3. Modernize cyber technology procurement process 

Existing government procurement processes, such as FedRAMP and other compliance frameworks, have significantly hindered the timely adoption of emerging cybersecurity technologies. Tools procured by the government are often several iterations behind state-of-the-art solutions widely available in the private sector, leaving government systems vulnerable to modern cyber threats. Organizations seeking FedRAMP certification must grapple with significant front-end resource investments, including hiring a third-party assessor, and must navigate the misaligned incentives that drive federal agencies to procure already-certified (but potentially outdated) technologies rather than taking on time-intensive sponsorship of innovative products. This contradiction is especially concerning given the urgent need for agile, best-in-class security protections against sophisticated nation-sponsored attacks targeting government systems. 

To address this, the administration should implement an Agile Federal Acquisition Methodology (FAM) for cybersecurity technologies, enabling agencies to rapidly test, procure, and integrate cutting-edge solutions without unnecessary delays. By modernizing procurement policies and streamlining certification procedures, government entities can ensure a more resilient and secure digital infrastructure.

4. Increase government investment to modernize critical infrastructure and align economic incentives for high-risk sectors 

The United States economy, national security, and public safety are deeply interconnected with critical infrastructure sectors, including water, energy, utilities, military operations, healthcare, and education. However, these sectors remain highly vulnerable due to reliance on outdated infrastructure, which creates technical debt and weakens national resilience. We need a fresh approach that aligns the economic incentives of these high-risk sectors with national security. Strengthening cybersecurity resilience demands sustained government investment, but funding alone is insufficient. It must be strategically allocated to drive accountability, improve efficiency, and encourage long-term innovation.

The administration could incentivize critical infrastructure providers to modernize their infrastructure and embed cybersecurity protections into their operational models, while also making use of existing programs proven to support vital municipal services that Americans rely on every day, such as the FCC’s Schools and Libraries Cybersecurity Pilot Program and Department of Homeland Security’s State and Local Cyber Grant Program. A shift towards a holistic and forward-thinking modernization strategy is imperative to ensure sustained security, resilience and efficiency. 

5. Elevate the role of standards without burdensome regulations

The U.S. has long been at the forefront of setting best practices and driving technological innovation. Industries around the world look to American-based standard-setting bodies such as NIST to provide much-needed operational clarity. Strong public-private partnerships have also demonstrated the potential for impactful collaboration. While NIST has made strides in releasing important guidance on zero trust and cloud security, other critically needed cybersecurity best practices have lagged by many years. 

For example, NIST’s Secure DNS Implementation Guide is already 11 years old. The internet has changed more in the last decade than in its entire history before that, so why should these guidelines stay frozen in time? By embracing a pragmatic approach, the Trump administration has an opportunity to further elevate best practices in cybersecurity without resorting to overly burdensome regulations. By elevating the role of standards and best practices, aligned with proper economic incentives, the administration will enable the nation to remain competitive and resilient in the face of growing cyber challenges. 

Cybersecurity is a fundamental pillar of national security, economic prosperity, and public safety. I am confident that the Trump administration will take a proactive approach to safeguard America’s digital future and maintain economic leadership, ensuring resilience against both current and emerging cyber threats.