Trump security plan calls for consequences for cyberattacks

Trump official 

President Trump released his National Security Strategy on Dec. 18.

President Donald Trump's first National Security Strategy included several sections that touched on cybersecurity, calling for improved risk management and resilience, but the document remained vague on authorities and coordination.

The strategy, required under the National Security Act of 1947, outlines cyber priorities in broad strokes in a section titled "keeping America safe in the cyber era." The text emphasizes ongoing initiatives, including information sharing, securing critical infrastructure, strengthening public-private partnerships and modernizing federal tech.

In a Dec. 18 campaign-style speech announcing White House's National Security Strategy, Trump made scant mention of cybersecurity, but the issue is central (if somewhat vague) throughout the document. Trump is the first president to release the report with a public speech, according to the Center for a New American Security.

According to the document, the White House will invest in attribution capabilities and expand collaboration with industry to better detect and pinpoint attack sources. Additionally, the government plans to work with Congress to improve information sharing with private industry.

The strategy also prioritizes granting IT and cybersecurity personnel "necessary [acquisition] authorities, information, and capabilities to prevent attacks," and promises "swift and costly consequences on foreign governments, criminals, and other actors who undertake significant malicious cyber activities."

The document also warns about adversaries leveraging the features of an open society to foment mistrust.

"Today, actors such as Russia are using information tools in an attempt to undermine the legitimacy of democracies," the strategy states. "Adversaries target media, political processes, financial networks, and personal data." Elsewhere, the strategy warns, "Russia uses information operations as part of its offensive cyber efforts to influence public opinion across the globe. Its influence campaigns blend covert intelligence operations and false online personas with state-funded media, third-party intermediaries, and paid social media users or 'trolls.'"

The strategy recommends improved public diplomacy and stronger local partnerships. The document also notes that "U.S. efforts to counter the exploitation of information by rivals have been tepid and fragmented," and have been "hampered by the lack of properly trained professionals."

While cyber is woven throughout the strategic document, there's a lack of detail regarding the precise U.S. protocol following a cyberattack, how the U.S. would respond, and what agencies would lead a U.S. response. A 2016 Government Accountability Office report warned about a lack of clearly defined roles and responsibilities for the military when it comes to defending domestic networks and infrastructure.

Christine Wormuth, the Atlantic Council's Center for Resilience director and a former DOD policy undersecretary, said on a press call that while the strategy "certainly doesn't give a clear indication" as to how the government will handle a cyberattack, it does "put emphasis on integrating procedures and authorities" across the government.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.