Cairncross Pushes Offensive Cyber Strategy in First Public Address

In his first public remarks since confirmation, National Cyber Director Sean Cairncross called for an overhaul of U.S. cybersecurity strategy, emphasizing the need to move beyond defense and, instead, shift the burden of cyber risk onto adversaries like China.

Speaking at the Billington Cybersecurity Summit, Cairncross criticized the current fragmented approach and stressed that the time for passive observation has passed. He laid out both near-term goals and a broader vision that includes better integration across federal agencies, increased support for international allies, and an emphasis on strategic coherence.

He pledged that the Trump administration will provide the political will and resources needed to drive long-overdue reforms in cyber policy and federal system modernization.

Why It Matters: Cairncross’s statements pivot from a primarily defensive cybersecurity posture to one that includes active deterrence. This shift comes particularly in the face of intensifying cyber threats from China and other adversarial states. The proposed approach could redefine America’s role in global cyber governance, influence corporate cybersecurity practices, and reshape interagency coordination.

• Shift from Defense to Deterrence: Cairncross emphasized that U.S. adversaries have operated in cyberspace with “near impunity” for too long, exploiting America’s reactive stance. His vision calls for shifting the burden of cyber risk onto foreign states by leveraging U.S. technology and coordination strengths. Rather than merely defending systems after an attack, the strategy would proactively impose costs on adversaries to deter malign behavior before it occurs.

• Modernizing Federal Systems for a Post-Quantum World: One of Cairncross’s top short-term priorities is modernizing federal IT infrastructure, which he characterized as outdated and ill-equipped for emerging threats. He stressed the importance of preparing for a “post-quantum future,” where quantum computing could break current encryption standards. This includes adopting next-generation technologies and updating legacy systems across federal agencies.

• Urgent Reauthorization of the Cybersecurity Information Sharing Act: Cairncross urged Congress to act by reauthorizing the 2015 Cybersecurity Information Sharing Act, which expires this month. The law provides legal protections that encourage private companies to share cyber threat intelligence with the government and each other. Without such reauthorization, collective defense capabilities across sectors could weaken due to decreasing information sharing.

• Ending “Turf Wars” and Fragmented Cyber Governance: Addressing internal inefficiencies, Cairncross pointed to bureaucratic infighting as a key barrier to effective cybersecurity. He pledged to align the Office of the National Cyber Director more closely with the National Security Council and the Cybersecurity and Infrastructure Security Agency (CISA), creating a more unified structure that integrates offensive operations and support for state and local entities under a single strategic framework.

• Global Cyber Alliances to Counter China’s Digital Expansion: In separate remarks, Cairncross highlighted the threat posed by China’s attempts to export authoritarian surveillance technologies worldwide. He underscored the U.S. commitment to aiding democratic allies, especially members of the Five Eyes intelligence alliance, in resisting this trend. The new strategy positions the U.S. as a partner in a global effort to combat digital authoritarianism and preserve internet freedom.

Go Deeper -> National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries – Cyberscoop