White House’s New Cyber Strategy and Executive Order Seek to Deter Adversaries and Strengthen Resilience

On March 6, 2026, the White House released its National Cyber Strategy (Strategy) and issued an accompanying Executive Order, “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens” (EO). These documents outline the administration’s priorities for combating cybercrime and call for coordination across the federal government and the private sector to invest in new technologies, continue innovation, and prioritize the United States’ cyber capabilities. Key sectors of concern include energy, financial services, telecommunications, data centers, water, and health care. The Strategy and EO encourage increased public-private coordination, signal greater latitude for private sector offensive cyber operations, prioritize securing critical infrastructure, elevate cybercrime as a national security priority, outline a path for victim compensation, and promote streamlining cyber regulations.

National Cyber Strategy

The Strategy is organized around six “Pillars of Action,” which the administration intends to implement and resource through follow-on policies. While it contains relatively few details on how these policies will be implemented, the direction set forth in the Strategy provides valuable guideposts for potential engagement with the operative agencies. The pillars include the following:

1. Shape Adversary Behavior. Deploy the government’s defensive and offensive cyber operations. This includes creating incentives for the private sector to disrupt bad actors before cyberattacks occur and working with allies to combat the threats that cybercrime and intellectual property theft pose to the global economy.  
2. Promote Common Sense Regulation. Streamline cyber regulations to better align regulators with industry needs while reducing compliance burdens and addressing liability. Regulations should “emphasize” the right to privacy of Americans and American data.
3. Modernize and Secure Federal Government Networks. Accelerate the modernization, defensibility, and resilience of federal information systems. This pillar directs federal agencies to adopt “AI-powered cybersecurity solutions” to better protect government networks, and it encourages the modernization of procurement processes to remove barriers to entry so the government can obtain the best technology.
4. Secure Critical Infrastructure. Identify, prioritize, and harden America’s critical infrastructure and secure its supply chains, including the energy grid, financial and telecommunications systems, data centers, water utilities, and hospitals.
5. Sustain Superiority in Critical and Emerging Technologies. Build secure technologies and supply chains that protect privacy, promote post-quantum cryptography, secure quantum computing, and advance AI security tools, including generative and agentic AI, to scale network defense. This includes promoting American AI models and frustrating the spread of foreign AI platforms.
6. Build Talent and Capacity. Develop a talent pipeline that is pragmatic and accessible, drawing from academia, vocational schools, corporations, and venture capital opportunities to educate the existing cyber workforce and recruit the next generation.

Executive Order

The EO takes a multi-pronged approach to combating the growing threat of cybercrime targeting the United States. Recognizing that cybercrime is in many cases supported by rogue nation states, the EO directs senior cabinet officials to review existing frameworks for combating cybercrime related to Transnational Criminal Organizations (TCO). Additionally, it instructs these officials to submit an action plan to the President that (1) identifies TCOs responsible for scam centers and cybercrime; (2) proposes strategies for combating the TCOs; and (3) establishes an operational cell within the National Coordination Center (NCC) to coordinate federal efforts. The EO also directs relevant agencies to use threat intelligence and capabilities from commercial cybersecurity firms to enhance tracking and disruption of bad actors.

According to the FBI’s 2024 Internet Crime Reporting statistics, business email compromise schemes generated more than six times as many complaints as ransomware attacks. In light of these trends, the EO directs the Attorney General to submit a recommendation for establishing a Victims Restoration Program to provide financial compensation to victims of cyber-enabled fraud, funded from assets seized, clawed back, or forfeited from TCOs.

The Secretary of State is directed to pressure foreign governments to take enforcement action against TCOs operating within their borders. Countries deemed to promote or tolerate cybercrime may face consequences including limitations on foreign assistance, sanctions, and trade penalties.

Bottom Line

• Shaping Adversary Behavior. Taken together, the Strategy and the EO seek to deter and shape adversary behavior for cyber adversaries at large — both nation state actors and cyber criminals. By elevating cybercrime to the same level as nation state adversaries, the administration recognizes the intertwined nature of cyber threat ecosystem and in turn raises the stakes for state sponsors of cybercrime, with penalties including limitations on foreign assistance, sanctions, visa restrictions, trade penalties, and expulsion of foreign officials.
• Victim Compensation. The EO also appears to incentivize reporting of cyberattacks through the creation of the new Victims Restoration Program. The details for this program, including the specific criteria for eligibility, the method for applying for restored funds, the timeline for disbursement, and how funds will be prioritized if seized assets are less than the total losses, have yet to be determined. It is also unclear how this new Victims Restoration Program will operate in conjunction with the Department of Justice’s (DOJ) Crime Victims Fund and other criminal restitution statutes, such as the Mandatory Victims Restitution Act (MVRA). Nevertheless, for private sector victims, clawing back funds may necessitate quicker involvement of and notification to law enforcement to effectively aid recovery efforts.
• Public-Private Dynamic. The Strategy also appears to signal that the administration may allow greater latitude for private sector offensive cyber operations. So-called “hack back” actions from the private sector are generally prohibited when they go beyond the victim organization’s own systems and have historically been questioned because of their potential for collateral damage. Nevertheless, opening avenues for active defenses or establishing attribution for easier criminal prosecution, for example, has the potential to provide a strong deterrent effect and aid victim recovery efforts. Again, there are few details around this development, including safe harbors for those that engage in such operations. We are closely monitoring policy changes in this space, including the availability of safe harbors, and anticipate future guidance from the executive branch, including the DOJ.  
  
  The Strategy continues the administration’s trend of enhanced public-private coordination to combat cyber adversaries. In December 2025, the administration’s National Security Strategy highlighted the U.S. government’s “critical relationships” with the private sector to surveil persistent cyber threats. Such coordination could translate into increased government requests to companies for telemetry, indicators of compromise (often simply called IOCs), victim reporting, and support in coordinated disruption campaigns.

• Policy Opportunities. For private sector organizations, including companies in the critical infrastructure, telecommunications, threat intelligence, and cybersecurity spaces, the new emphasis on coordination provides avenues for federal contracting, and opportunities to engage in policy discussions surrounding safe harbors, sensitive information such as trade secrets, attorney-client privileges, and streamlined information sharing. In parallel, Congress is set to consider a fuller reauthorization of the Cybersecurity Information Sharing Act of 2015 (CISA 2015) this year. Set to expire on September 30, 2026, CISA 2015 provides liability protections and other legal safeguards for entities sharing cybersecurity information in accordance with the statute’s requirements, including protections related to disclosure, privilege, and regulatory use.
• Securing Critical Infrastructure. For critical infrastructure organizations, the Strategy focuses on identifying, prioritizing, and hardening systems and securing supply chains. Companies operating in or supplying these sectors should anticipate new security mandates, vendor vetting requirements, and potential restrictions on the use of foreign technological products. The Strategy also prioritizes securing the AI technology stack, including data centers, and promotes rapid adoption of AI-enabled cyber tools to detect and divert bad actors, as well as the use of AI to securely scale network defense. Companies operating in these sectors should expect both increased government partnership opportunities and increased regulatory and security attention directed at their products, supply chains, and infrastructure.
• Regulatory Landscape. The push for a simplified and streamlined regulatory regime, while ambitious, may be easier said than done, as evidenced by earlier efforts under the Biden administration’s Office of the National Cyber Director. Additionally, with changes in the federal government cybersecurity requirements, the regulatory landscape is likely to become increasingly fragmented by overlapping international, national, local, and sector-specific rules. The Strategy appears to acknowledge this by recognizing state and local authorities as a “complement” to the administration’s efforts in this space. Companies will need to closely monitor which specific regulations are revised and prepare for new frameworks that may replace them.