On March 6 last year, the White House unveiled President Trump’s cyber strategy for America. Although the title may sound excessive, it is worth looking beyond the surface because, beyond the rhetorical wrapping, the document contains a genuine statement of power: it places cyberspace at the intersection of defending the homeland, great-power competition, and technological and industrial supremacy. Its core thesis is not merely that the United States should better protect its networks, but that it should use cyberspace to strengthen its strategic position, raise the adversary’s costs, and guarantee its technological edge.
What changes in the new Trump America cyber strategy?
In fact, the best way to understand this strategy is to read it alongside the 2025 National Security Strategy and the 2026 National Defense Strategy. The former provides the overall framework: reducing dependencies, securing supply chains, reindustrialization, leadership in emerging technologies and strengthening the state capacity for attribution and response to cyber incidents. All of this is accompanied by an explicit push for deregulation as an instrument of competitiveness and innovation. The latter translates that logic into the military arena: it places homeland defense as the primary line of effort, proposes strengthening cyber defense and developing options to deter or degrade any cyber threat against the United States, and makes burden-sharing with allies and the revitalization of the industrial base two central axes of the strategy.
“This is a plan that uses the digital domain to articulate security, artificial intelligence, industry, supply chains and coercion within the same logic of power”
Viewed in this context, the new cyber strategy acts as a hinge between grand strategy and its military projection. We are therefore not looking at a generic cybersecurity strategy. It is a plan that uses the digital domain to articulate security, artificial intelligence, industry, supply chains and coercion within the same logic of power. Its brevity and openly political tone are part of its nature, as it aims to leave behind the detail of an exhaustive technical architecture in order to set a clear general direction. Its underlying message calls for less naivety and more competition; less compartmentalization and more integration between technology, economy and security.
This orientation does not emerge from nowhere. The American cyber-strategy tradition has ripened for decades. Since the late 1990s, Washington has assumed that national security depended on increasingly digitalized critical infrastructures and that, consequently, cyberspace could not be read only in military or policing terms. Later it sought to articulate that concern with a particular idea of digital environment governance, technological leadership and defense of a certain open order. Yet the decisive shift came in 2018, with the consolidation of the logic of advanced defense (defend forward): moving beyond a predominantly reactive stance to detecting, disrupting and degrading hostile activity before it reached its own networks or critical infrastructure. The Biden Administration did not reverse that shift, although it tried to correct some of its limits by insisting that external offensives were of little use if the domestic base remained too vulnerable. The 2026 strategy inherits that trajectory, but again shifts the center of gravity toward coercion, toward industry and toward technological superiority.
That shift is most clearly visible in its first pillar, dedicated to shaping the adversary’s behavior. The strategy proposes guiding the full spectrum of cyber operations—both defensive and offensive—to detect, disrupt and defeat the adversary before they can penetrate American networks, degrade their capabilities and mobilize, when necessary, the full array of national power instruments to deter (through denial and punishment) any aggression. The language here is particularly meaningful. The grammar here no longer centers on risk management, but on strategic will. The document adds that the response won’t be confined to the cyber realm and that burden sharing with allies should be “fair.” In that sense, cyberspace moves from being a mere problem of protection or resilience to becoming a space of integrated coercion.
The second major move occurs on the regulatory front. Against the National Cybersecurity Strategy of 2023, which saw regulation and incentive correction as instruments to harden the digital ecosystem, the 2026 one targets the logic of bureaucratic compliance and promises to reduce regulatory burdens. That does not mean, however, a withdrawal of the State. It means something else: a redefinition of its priorities. The document emphasizes modernizing federal networks through zero-trust architectures (zero trust), post-quantum cryptography and cloud migration; in strengthening critical infrastructures and supply chains; and in securing the technological base of artificial intelligence, from data centers to the models and the infrastructure that supports them. So we are not facing a simple deregulation, but a fairly defined form of techno-nationalism: less faith in broad regulatory discipline and more confidence in the technological, industrial and operational edge of the United States.
“Washington does not aspire merely to be safer in cyberspace; it actually aims to be stronger because of it”
That’s where its relationship with the 2025 National Security Strategy becomes clearer. That document already linked national security, technological resilience, supply chains, offensive cyber operations and deregulation as levers of competitiveness and innovation. The new cyber strategy simply transfers that general logic to the digital domain. The “cyber” thus ceases to be a purely functional policy—protect networks, pursue criminals, raise standards, etc.—and is embedded in a broader strategy of economic, technological and geopolitical primacy. Washington does not merely want to be safer in cyberspace; it aims to be stronger because of it. That is, probably, the most important key.
The National Defense Strategy of 2026 completes this picture. By placing homeland defense as the priority, strengthening protection against cyberattacks targeting military objectives and critical civilian infrastructure, and considering options to deter or degrade those threats, cyberspace is solidified as a pillar fully integrated into national defense. It also insists on a greater burden-sharing with allies. This is no small detail: it means that this cyber strategy also responds to a long-promised conception of the transatlantic bond: less external tutelage, greater pressure on allies to meet their commitments and closer alignment with Washington’s industrial and technological priorities.
What limits does the U.S. strategy have and what does it imply for Europe?
Now, that the strategic logic is coherent does not mean it is without tensions. The main one is fairly simple: being more assertive does not necessarily equal being better defended. Washington’s insistence on protecting critical infrastructures and supply chains highlights how vast, complex, and essentially civilian the surface of exposure remains. Put differently, the strategic problem is not only about raising the cost of aggression, but also about reducing the structural vulnerability of its own digital ecosystem. That is, in essence, the most visible limit of any strategy that relies too heavily on deterrence by punishment.
For Europe, the lesson should be fairly clear. Washington is integrating cybersecurity, industrial policy, artificial intelligence, homeland defense and geopolitical rivalry within a single strategic framework, and does so—as one would expect—from a transactional conception of the transatlantic relationship. That obliges Brussels to view cyberspace with less naivety: as much an area of regulation, data protection or resilience as from the perspective of a power problem, technological dependence and strategic competition. Here is where the limits of a European strategic autonomy emerge, which has advanced more in rhetoric and normative terms than in strategy: the European Union arrives late to this convergence of technology, industry and power, and does so still without a convincing translation into capabilities, scale and political will. That is precisely the terrain on which the new American cyber strategy obliges Europe to move beyond regulatory comfort and begin to think in terms of power.
