Listen to the article
By Andre Pienaar
The Trump Administration’s Cyber Strategy for America signals a decisive shift — from reactive compliance to proactive deterrence, with the protection of critical infrastructure elevated to a first-order national security imperative. For the Collective Defence community, this is the policy framework we have been waiting for.
On 06 March 2026, the Trump Administration released a seven-page Cyber Strategy for America, accompanied by an Executive Order on Combatting Cybercrime. Together, these documents represent the most substantive recalibration of American cybersecurity posture in years: lean, action-oriented, and built around a recognition that the infrastructure underpinning modern civilisation is the primary battlefield of 21st-century conflict.
For those working at the intersection of cybersecurity investment and national security, this is not merely a policy update. It is a strategic mandate.
The energy grid, financial systems and telecommunications networks are no longer just economic assets. They are military targets. The Trump strategy treats them accordingly.
Infrastructure as the new frontline
Pillar Four, Securing Critical Infrastructure, is the heart of the strategy. Energy, telecommunications, financial systems, data centres, water utilities and hospitals are identified as top priorities for hardening, supply chain security and the removal of adversary vendors. This is the correct diagnosis.
Adversarial states including Iran, China and Russia have embedded themselves within critical infrastructure networks not merely as espionage platforms but as pre-positioned strike capabilities. The IRGC’s exploitation of Irancell’s telecommunications infrastructure for military targeting, China’s penetration of US networks through Salt Typhoon, and Russia’s hybrid warfare campaigns against European energy grids all point to the same reality: infrastructure is the weapon system of choice for adversaries seeking to degrade allied capability without triggering a kinetic response.
The strategy’s commitment to moving away from adversary vendors and promoting US technologies is not protectionism. It is strategy. Networks built on components sourced from authoritarian states are, by design, compromised. Every Huawei router in a telecoms backbone and every ZTE component in an emerging market network represents latent capability in hostile hands.
Collective Defence is not a slogan. It is a structural requirement because no single government, company or allied nation can defend the interconnected systems of modern civilisation alone.
Deterrence, not just defence
The strategy’s most significant departure from its predecessor is its emphasis on offensive cyber operations as a primary deterrence tool. Pillar One directs the full suite of US defensive and offensive cyber operations, pledges to uproot criminal infrastructure, and commits to denying financial exit and safe haven to those who operate it.
The accompanying Executive Order operationalises this approach. A new coordination cell will detect, disrupt and dismantle cyber-enabled criminal activity, backed by a 120-day action plan and diplomatic pressure through sanctions, visa restrictions and trade penalties against governments that shelter cybercriminals.
These are operational directives with defined timelines. The economics of cybercrime have long favoured the attacker. Shifting that calculus through credible offensive threat and systematic infrastructure dismantlement is the only sustainable model.
AI, technology and the adversary vendor question
Pillar Five commits to securing the full AI technology stack, from data centres to the models themselves, deploying agentic AI to autonomously detect and disrupt foreign threats, and advancing post-quantum cryptography. The strategy’s commitment to countering foreign AI platforms that censor, surveil and mislead is a direct reference to Chinese platforms whose architecture and legal obligations to the Chinese Communist Party make them instruments of surveillance.
Which AI systems can be trusted is not a technical question. It is a national security question.
AI infrastructure is critical infrastructure. The administration’s commitment to securing the full stack, from data centres to models, is the right frame.
The Collective Defence mandate
The strategy’s vision of expanded private sector partnership as the backbone of American cyber resilience is a direct validation of the Collective Defence model. No government agency can monitor and defend the full attack surface of the modern digital economy. Energy companies, telecommunications providers, financial institutions, hospitals and data centre operators are not passive beneficiaries of government protection. They are active participants in national defence.
This is the core insight behind the Centre for Collective Defence: that the boundary between public and private, between government and industry, and between military and civilian in the cyber domain is not a boundary at all. It is a seam, and seams are where adversaries attack.
The strategy’s deregulatory thrust reinforces this principle. Cyber defence should not be reduced to a costly checklist. Compliance-driven frameworks create a false sense of protection while diverting resources from genuine resilience. The right structure rewards resilience and punishes negligence.
For the Collective Defence community, including investors, operators, policymakers and technologists working to secure the systems on which modern civilisation depends, the Trump Cyber Strategy is not a threat. It is an opportunity. The policy framework is now aligned with the strategic reality. The question is whether the institutions, companies and coalitions positioned to act on it will move with the urgency the moment demands.
The grid is the battlefield. For the first time, the Trump Administration’s cyber strategy treats it as such.
