WASHINGTON — National Cyber Director Sean Cairncross used his first major public address since Senate confirmation to call for an aggressive, coordinated strategy to counter escalating cyber threats from nation-state actors.
Speaking at the Billington Cybersecurity Summit, Cairncross said the Trump administration is moving toward a whole-of-nation approach to deal with cyberattacks from adversaries such as China, which he accused of infiltrating U.S. government systems and critical infrastructure.
“We have all the tools we need, and now we’ve got the political will in place to address these challenges,” Cairncross said, urging stakeholders to work together to shift the burden of cyber risk away from Americans and toward malicious actors.
Call for Unified Cyber Posture Across Government
Cairncross emphasized that the U.S.’s decentralized political system — spanning federal, state, local, and tribal authorities — has created a patchwork of defenses. This has resulted in too much focus on reactive measures instead of a coherent, forward-leaning cyber strategy.
He said the administration’s goal is to create a unified posture that combines offensive capabilities, strong defensive measures, and coordinated policy actions. This shift, he said, is necessary to counter espionage campaigns, ransomware operations, intellectual property theft, and prepositioned malware targeting critical infrastructure.
Priorities for Cybersecurity Policy and Modernization
Cairncross outlined three immediate priorities for the administration’s cybersecurity agenda:
- Reauthorization of the Cybersecurity Information Sharing Act (CISA 2015): The law, set to expire at the end of the month, is considered critical for enabling private sector threat intelligence sharing with the federal government. Cairncross said he is actively engaging with lawmakers to ensure its extension.
- Modernization of Federal IT Systems: Many federal agencies continue to run outdated software and legacy systems that are vulnerable to intrusions. Cairncross called for urgent investment in technology upgrades across federal networks.
- Strengthening Secure-by-Design and Privacy-by-Design Practices: Cairncross urged the technology sector to adopt stronger security standards by default, while streamlining federal compliance regulations to remove redundant and burdensome requirements for companies.
Sending a Message to Nation-State Threat Actors
Cairncross singled out recent Chinese intrusions as a wake-up call, warning that adversaries are embedding themselves in U.S. networks to enable future destructive attacks. He said the U.S. must send a clear signal that such behavior will have consequences.
His remarks mark a noticeable shift toward imposing costs on attackers, including cyber deterrence measures and potential retaliatory actions.
Building a Resilient Cyber Environment
Policy experts say the keynote reflected an understanding of cyber strategy as a core pillar of national security.
Haiman Wong, resident fellow for cybersecurity and emerging threats at the R Street Institute, said in an email that Cairncross’s call for a coordinated cyber policy is essential:
“His call for an overarching cyber policy — from offense to end user defense — brings the coherence we need to effectively deter adversaries and emerging cyber threats targeting our critical infrastructure, businesses and everyday Americans.”
Cairncross, who previously served as CEO of the Millennium Challenge Corp and as a senior adviser to the White House chief of staff, now faces the challenge of transforming these priorities into actionable programs that can strengthen U.S. cyber resilience and deter state-sponsored threats.
