With Donald Trump preparing for his return to the White House, the cybersecurity community waits in anticipation. During his second term, cybersecurity can bank on a mix of aggressive international posturing, deregulation and a potential shake-up of key federal agencies. While some policies may mirror those of his first term, the rapidly evolving threat environment and political dynamics will influence the administration’s approach.
So, what exactly can cybersecurity professionals expect under Trump 2.0?
A Deregulatory Shift in Cybersecurity Policy
The Trump administration is expected to pursue significant reductions in federal cybersecurity regulations and enforcement. The focus will shift away from mandatory compliance toward voluntary standards and private-sector collaboration. Industries like healthcare, energy and critical infrastructure will likely face fewer federal requirements, encouraging self-regulation and industry-led improvements. Trump’s approach is anticipated to reject key regulatory elements of Biden’s 2023 National Cybersecurity Strategy, particularly regulations targeting software company liability. However, there may be efforts to harmonize the fragmented state and federal regulatory landscape to alleviate compliance burdens for businesses, promoting efficiency while minimizing government oversight.
New Priorities for Critical Infrastructure Protection
Trump’s administration is likely to prioritize protecting critical infrastructure, such as power grids, water systems and healthcare facilities, in response to rising cyber threats from China and Iran. While Biden-era mandates for cybersecurity in these sectors may be rolled back, Trump is expected to emphasize collaboration with the private sector and incentivize voluntary improvements. Programs like the State and Local Cybersecurity Grant Program face uncertainty, with potential funding cuts or expiration in 2025. This shift means critical infrastructure operators must bolster resilience and incident response capabilities despite reduced regulatory oversight.
International Cyber Threats and Offensive Operations
Heightened geopolitical tensions with China, Russia and Iran are expected to shape Trump’s cybersecurity strategy. Trade policies and support for Israel may provoke increased cyber threats and disinformation campaigns. Trump is likely to favor aggressive offensive operations, disrupting adversary IT infrastructure and imposing sanctions on nations harboring cybercriminals. His approach may prioritize bilateral agreements over multilateral cooperation, avoiding initiatives like the U.N. Cybercrime Convention. The continuation of “defend forward” operations, initiated during Trump’s first term, will provide proactive disruption of foreign cyber threats before they impact U.S. infrastructure.
CISA’s Future Under Scrutiny
The Cybersecurity and Infrastructure Security Agency (CISA) faces potential budget cuts and restructuring under Trump due to political criticism, particularly regarding its role in addressing election-related disinformation. However, bipartisan support for CISA’s core functions—such as protecting critical infrastructure and facilitating public-private collaboration—makes its complete elimination unlikely. Despite leadership uncertainty and possible reorganization, CISA’s mission to secure critical systems and respond to cyber threats is expected to continue, though potentially with reduced influence and resources.
Trump’s Laissez-Faire Approach to AI Regulation
Trump’s administration is likely to adopt a laissez-faire approach to AI regulation, rolling back Biden-era measures focused on AI safety, ethics and fairness. The emphasis will shift toward securing AI models against cyber threats and intellectual property theft. Rather than addressing algorithmic bias or discrimination, Trump’s AI strategy will likely prioritize ensuring that AI systems perform reliably and securely, especially in critical applications like healthcare and transportation. Trump recently nominated David Sacks as AI czar—a new position that will help shape the administration’s AI and cryptocurrency policies. Sacks allegedly holds a “long track record of doubts about government regulation.”
State and Local Cybersecurity Funding at Risk
The future of the State and Local Cybersecurity Grant Program is uncertain under Trump’s administration, with potential resistance or expiration by 2025. Some states, such as South Dakota, have previously declined to participate in these federal grant programs. As a result, state and local governments may face challenges in securing reliable funding for cybersecurity initiatives, increasing the importance of self-reliance and regional collaboration to address cyber threats.
Potential Federal Privacy Legislation
Trump’s administration may push for a business-friendly federal privacy law to streamline the current patchwork of state regulations, potentially preempting stricter laws like California’s Consumer Privacy Act (CCPA). Reduced federal oversight may prompt states to enhance their privacy regulations to fill the gap. This approach would alleviate compliance burdens for businesses while potentially limiting the scope of consumer protections and enforcement mechanisms.
Impact on Key Industries and Tech Companies
Despite deregulation, industries such as defense, finance and healthcare are unlikely to scale back cybersecurity investments due to persistent ransomware threats and global instability. Trump’s preference for tariffs over subsidies casts uncertainty on Biden’s CHIPS and Science Act, which aimed to boost domestic semiconductor production. Additionally, while reduced regulations may ease compliance burdens for tech companies, increasing cyber extortion and infrastructure threats will compel organizations to maintain strong cybersecurity defenses. The fate of Section 230, which shields tech platforms from liability for user-generated content, remains uncertain, though Trump’s and Elon Musk’s platform ownership may reduce pressure for its repeal.
What Cybersecurity Professionals Should Do
Preparing for Trump’s term will require cybersecurity professionals to remain flexible and adaptable as policies and agency structures may shift rapidly. Organizations supporting government operations should strengthen their offensive capabilities to align with a potential focus on “defending forward” strategies. As federal regulations decrease, investing in private-sector partnerships and participating in information-sharing initiatives will be essential for maintaining security standards. Critical infrastructure will remain a key target for cyber threats, necessitating continued investment in resilience and incident response capabilities. Additionally, securing AI models and infrastructure should be a top priority to protect against emerging threats in a rapidly evolving technological landscape
A second Trump administration promises a cybersecurity approach that emphasizes deregulation, offensive operations and voluntary private-sector compliance. While some elements of Biden’s strategy may be discarded, the core mission of protecting U.S. infrastructure and countering foreign cyber threats will remain. For cybersecurity professionals, staying informed, adaptable and prepared for policy shifts will be crucial in navigating the evolving landscape.
