.svg)
New US Cyber Strategy Offers Ambition But Few Details
The Trump administration’s vision for cybersecurity signals its priorities, which include working closely with the private sector to identify fraud networks and suspicious financial flows, but stakeholders must wait to learn of any new obligations.
In March 2026, the Trump administration launched a new Cyber Strategy for America, which could lead to the creation of a US scam victim restitution programme.
The strategy was launched alongside an executive order, ‘Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens’, and together, the two documents outline the administration’s early thinking on cybersecurity policy.
The seven-page strategy document offers a high-level vision with few operational details, but the executive order contains some concrete actions that may shape policy in the near term.
It supersedes the Biden-era 2023 National Cybersecurity Strategy, and emphasises themes familiar in national security policy: deterring adversaries in cyberspace, maintaining technological leadership, modernising federal networks and strengthening critical infrastructure.
The strategy is organised around six pillars, which include “shaping adversary behaviour” and promoting what the administration calls “common-sense regulation”.
“Cyber defense should not be reduced to a costly checklist that delays preparedness, action, and response,” the document states.
“We will streamline cyber regulations to reduce compliance burdens, address liability, and better align regulators and industry globally.”
It also focuses on critical infrastructure resilience, prioritising domestic vendors and sustaining US superiority in areas such as artificial intelligence (AI) and quantum computing.
However, the strategy document is largely conceptual: it outlines key objectives but rarely specifies how they will be implemented.
Chris Jaikaran, specialist in cybersecurity policy at the Congressional Research Service, has highlighted the absence of these details in a Congressional briefing note.
“The strategy provides high-level policy outlines of the Administration’s cybersecurity objectives,” says Jaikaran. “How these objectives are accomplished and what effects these documents might have on agency budget requests and priorities remain to be seen.”
Jaikaran also notes that the Cyber Strategy for America builds on a previous executive order issued in June 2025: ‘Sustaining Select Efforts to Strengthen the Nation's Cybersecurity’.
He characterises this executive order as a “shift” from the approach of previous administrations to cybersecurity policy.
“Where other administrations had previously sought greater consolidation of cybersecurity responsibilities at the federal level, E.O. 14306 seeks to redistribute these responsibilities among industry participants or remove the responsibilities altogether.”
Executive order provides greater operational direction
In contrast to the broad strokes of the Cyber Strategy for America, the executive order on ‘Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens’ provides several concrete policy steps.
It directs elements of the federal government to mount a more coordinated response to cyber-enabled fraud and online scam networks targeting US citizens.
These networks, many of which operate from jurisdictions with limited enforcement capacity, have grown to become a major financial crime threat, targeting both US consumers and financial institutions.
Under the executive order, several cabinet departments, including State, Treasury, Justice, Homeland Security and Defense, must conduct a 60-day review of US operational, technical, diplomatic and regulatory tools for combating cybercrime linked to transnational criminal organisations (TCOs).
Within 120 days, those agencies must deliver an action plan to President Trump, identifying the most prevalent criminal groups responsible for scam operations, and recommending measures to prevent, disrupt and dismantle them.
The plan must also propose the creation of an operational cell within the federal government’s National Coordination Center to streamline efforts to detect and counter foreign cyber-enabled criminal activity.
The order explicitly endorses cooperation with private-sector partners as part of this effort.
A new emphasis on victim restitution
Another notable provision directs the Attorney General to consider establishing a Victim Restoration Program.
Within 90 days, the Department of Justice (DOJ) must recommend whether and how funds forfeited by or seized from TCOs could be returned to victims of cyber-enabled fraud.
For financial institutions, this could have implications for the recovery and distribution of funds associated with enforcement actions or asset seizures linked to cybercrime investigations.
However, it should be noted that financial institutions are likely to act only as intermediaries in the return of these funds in criminal cases.
Nothing in the executive order suggests the introduction of a mandatory reimbursement regime similar to that adopted in the UK.
Whereas the UK model shares the liability between the sending and receiving banks, the US Victim Restoration Program would rely exclusively on forfeited criminal assets.
Implications for payments and technology firms
Although the executive order does not create new compliance obligations for regulated firms, it signals two key trends that industry stakeholders should monitor.
First, the administration is framing large-scale cyber fraud as a national security issue, particularly when linked to TCOs operating abroad.
That framing could lead to expanded use of diplomatic tools, sanctions and coordinated law enforcement operations.
Second, the order suggests an expectation of closer collaboration with the private sector, particularly where financial institutions and technology platforms may have increased visibility of fraud networks or suspicious financial flows.
For now, the Cyber Strategy for America is still a work in progress. The strategy document outlines broad objectives, but many of the details that would matter most to firms – such as regulatory changes, enforcement priorities or new reporting expectations – are yet to be specified.
As Jaikaran notes in his analysis for Congress, the real policy direction may emerge through subsequent executive actions, agency initiatives or legislative activity.
