Trump’s administration is getting ready to involve private companies in offensive cyber operations against foreign countries.
The White House wants to expand how the US responds to state-backed hackers and major cybercrime groups. This would move some offensive work beyond intelligence agencies and the military.
New National Cyber Strategy Incoming
The plan is expected to appear in a new national cyber strategy. A draft has already been shared with industry officials and experts. The Office of the National Cyber Director is set to release it in the coming weeks.
The draft says the government should rely more on private businesses when responding to cyberattacks. That includes breaches of critical infrastructure, telecom networks, and large ransomware campaigns. It does not explain exactly how companies would take part.
Legal and Policy Details Still Unclear
A spokesperson for the cyber director’s office declined to comment on the draft. They said the strategy is not final and that the administration remains focused on protecting US systems and data.
More details may follow after the strategy is released. An executive order is also being discussed. That order could define the role of private firms and give them stronger legal protections. New legislation may be needed as well.
Risks for Private Companies
Right now, there is no clear legal basis for private companies to run offensive cyber operations. Any move in that direction would be a major shift.
It could also put those firms at risk of retaliation by foreign governments and their proxy groups. Intelligence services often rely on affiliates to carry out cyber operations, and private firms could become targets.
Why the Administration Wants Industry Involved
Support for the idea is growing inside government. Officials argue the US needs more capacity to deal with hostile hacking groups that often receive strong backing from foreign states.
Bringing in private firms could expand resources. It could also free up intelligence agencies and Cyber Command to focus on missions only they can handle.
Similar discussions happened during the Biden administration, according to people familiar with those talks. No final policy came out of that effort.
What Else Is in the Draft Strategy
The draft strategy also covers other topics. It calls for simplifying cyber regulations and modernizing federal systems.
It also focuses on securing critical infrastructure and pushing adoption of post-quantum cryptography and secure quantum computing. Industry feedback is still being collected, and changes are possible.
Signals of a More Aggressive Cyber Stance
Trump officials have signaled a tougher stance for months. In September, a senior National Security Council official said the administration is not afraid to use offensive cyber capabilities.
There is also money behind the message. A provision inside Trump’s large tax and spending law set aside an extra $1 billion for offensive cyber operations. The law does not say how the funds must be used, but it shows the priority given to this area.
Business Opportunities and Open Questions
For private cybersecurity firms, the move could open new business lines. Many companies focused on defense already have tools and skills that could be adapted for offense.
But the risks are real. Offensive work brings legal uncertainty. It can also scare off customers and investors who prefer low-profile, defensive vendors.
And that tension is likely to shape the debate as the strategy moves closer to release.
