The Claim

Strengthened U.S. cyber defenses against foreign attacks.

The Claim, Unpacked

What is literally being asserted?

That the Trump administration took actions during its first year that made U.S. cyber defenses stronger — specifically against foreign attacks. “Strengthened” implies a measurable improvement from a prior baseline. “Defenses” implies protective capability — the ability to detect, prevent, and respond to intrusions. “Foreign attacks” points to nation-state adversaries: China, Russia, Iran, North Korea.

What is being implied but not asserted?

That the U.S. is safer from cyberattacks than it was before the administration took office. That the administration’s actions were the cause of this improvement. The placement under “Forging a Stronger, Modernized Military Force” implies this is primarily a military achievement, though civilian cybersecurity infrastructure (CISA, FCC regulations, State Department cyber diplomacy) is equally central to defense against foreign attacks.

What is conspicuously absent?

That the administration’s first-year record on cyber defense is defined by a pattern of gutting the institutions responsible for defending against foreign cyberattacks while producing strategy documents and executive orders that describe ambitions rather than capabilities. CISA — the primary civilian cyber defense agency — lost approximately one-third of its workforce, had its election security program eliminated, its red teams disrupted, its stakeholder engagement division effectively closed, and its leadership in chronic turnover. The Cyber Safety Review Board was disbanded on Day One while actively investigating Salt Typhoon — the worst telecom hack in American history, which targeted Trump and Vance themselves. The FCC removed mandatory cybersecurity rules for telecom companies that were created in direct response to Salt Typhoon. The administration paused sanctions against China’s Ministry of State Security to protect a trade deal — despite Salt Typhoon remaining an active, ongoing intrusion. The State Department’s cyber diplomacy bureau was dismantled, with veteran diplomats fired and the ambassador position left unfilled. The National Cyber Director position sat vacant for seven months before being filled by a former RNC official with no cybersecurity experience. And the March 2026 Cyber Strategy for America — a seven-page document compared to Biden’s 39 pages — does not mention China, Iran, North Korea, or Russia by name.

Evidence Assessment

Established Facts

The administration issued two cybersecurity executive orders and a national cyber strategy, establishing a formal policy framework. Executive Order 14306 (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity”), signed June 6, 2025, amended Biden-era EO 14144 and Obama-era EO 13694. It retained some Biden-era mandates — including encrypted DNS traffic, email encryption, and IoT Cyber Trust Mark labeling — while rescinding software attestation requirements, PQC implementation acceleration mandates, and digital identity initiatives. On March 6, 2026, the administration released “President Trump’s Cyber Strategy for America,” a seven-page document organized around six pillars emphasizing offensive cyber operations, reduced regulation, and private-sector collaboration. An accompanying executive order addressed cybercrime, directing interagency coordination, foreign government engagement, and a Victims Restoration Program. ¹

CISA lost approximately one-third of its workforce and had multiple critical programs eliminated or reduced during the administration’s first year. CISA’s workforce fell from approximately 3,700 to approximately 2,400 by December 2025 — a reduction of nearly 1,000 workers (29%+). The administration’s FY2026 budget proposed cutting CISA’s budget from $2.87 billion to $2.38 billion (down ~$500 million) and reducing authorized positions from 3,732 to 2,649. Specific program eliminations included: the Election Security Program (14 positions, ~$39.6 million); the National Risk Management Center (35 positions, $70 million — a 73% budget reduction); the Stakeholder Engagement Division (effectively closed); the Critical Infrastructure Partnership Advisory Council (disbanded); and disruption of red team and threat hunting contract personnel (approximately 100 contractors affected by DOGE-initiated contract cancellations in February-March 2025). Senior leaders departed from counter-ransomware initiatives, threat hunting, and secure software development programs. ²

The administration disbanded the Cyber Safety Review Board on January 20, 2025 — Day One — while it was actively investigating the Salt Typhoon intrusion. Acting DHS Secretary Benjamine Huffman terminated all CSRB memberships “immediately” to avoid “misuse of resources.” Salt Typhoon — a Chinese state-backed campaign that compromised at least nine U.S. telecom companies, accessed lawful intercept (wiretap) systems across 80+ countries, and stole communications of Trump and Vance during the 2024 campaign — remained under active CSRB investigation. The CSRB was never reconstituted. As of February 2026, the FBI assessed the Salt Typhoon threat as ongoing, with unpatched routers and weak access controls remaining in telecom networks. Senator Ron Wyden called the disbandment “a massive gift to the Chinese spies who targeted Trump, JD Vance and other top political figures.” ³

The FCC removed mandatory cybersecurity rules for telecom companies that had been created in direct response to Salt Typhoon. On November 20, 2025, the Republican-majority FCC voted along party lines to rescind a January 2025 declaratory ruling that required telecom companies to secure their networks and submit annual certifications of cybersecurity risk management plans. FCC Chairman Brendan Carr argued the rules were “neither lawful nor effective,” claiming carriers had voluntarily agreed to network hardening. Commissioner Anna Gomez dissented, warning that “handshake agreements without teeth” cannot prevent future breaches. This occurred while Salt Typhoon intrusions remained unresolved and the FBI assessed the threat as ongoing. ⁴

The administration paused sanctions against China’s Ministry of State Security over Salt Typhoon to protect a trade deal. Despite Salt Typhoon being described as the worst telecom hack in American history — one that compromised Trump’s own communications — the administration shelved planned sanctions against China’s MSS following the October 30, 2025 trade framework between Trump and Xi Jinping. The Treasury Department’s January 2025 sanctions on one Chinese company (Sichuan Juxinhe Network Technology) were a Biden-era action finalized before the transition. As of March 2026, the administration has not imposed any new sanctions on China for Salt Typhoon. ⁵

The State Department’s cyber diplomacy bureau was dismantled and its staff fired. On July 11, 2025, the State Department fired between nine and 11 staffers from the Bureau of Cyberspace and Digital Policy, including five of eight people working on bilateral and regional affairs, two strategy office staffers, and deputy assistant secretary Liesyl Franz, a veteran cyber diplomat. Acting bureau head Jennifer Bachus was reassigned. The bureau was split apart, with its functions dispersed across different organizational units. The Office of the Coordinator for Digital Freedom was effectively closed. The ambassador-at-large position (held by Nathaniel Fick under Biden) was left unfilled. ⁶

The National Cyber Director position sat vacant for seven months and was filled by a nominee with no cybersecurity experience. Harry Coker departed as National Cyber Director on January 20, 2025. Sean Cairncross — a former RNC official and CEO of the Millennium Challenge Corporation — was nominated in February 2025 and confirmed in August 2025. During his confirmation hearing, Cairncross acknowledged: “It’s true, I don’t have a technical background in cyber.” The new Cyber Command commander, Lt. Gen. Joshua Rudd, is a career special operations officer with no direct cyber experience, confirmed in March 2026 after nearly a year of leadership vacancy. ⁷

Strong Inferences

The administration’s cyber strategy emphasizes offensive operations while systematically reducing defensive capacity — the precise opposite of what “strengthened defenses” means. The March 2026 strategy’s first pillar is “Shape Adversary Behavior” through offensive operations and “all instruments of national power.” It includes $1 billion for offensive operations supporting Indo-Pacific Command. But the institutions responsible for defense — CISA, the CSRB, the State Department cyber bureau, the FCC’s regulatory authority — were gutted, disbanded, or weakened. The Bloomsbury Intelligence and Security Institute concluded: “Unless defensive investment is restored, the US is highly likely to face an increasingly asymmetric posture where offensive capability outpaces defensive resilience.” The Council on Foreign Relations assessed that the strategy “fails to address the country’s biggest threats.” ⁸

Chinese cyber operations continued unimpeded and potentially expanded during the administration’s first year, contradicting the claim that defenses were “strengthened.” Salt Typhoon remained active in telecom networks as of February 2026. Volt Typhoon continued embedding in U.S. critical infrastructure (water, energy, ports) throughout 2025, with cybersecurity firm Dragos reporting the group “continued to attack U.S. utilities through 2025 and remains active despite increased scrutiny.” Volt Typhoon actors maintained access to some victim IT environments for at least five years, including systems near U.S. military bases in Guam. The shift from IT network infiltration to direct interaction with operational technology (OT) systems represents an escalation, not a retreat. ⁹

The executive order on Chris Krebs — targeting the former CISA director who had validated the 2020 election — signaled that loyalty concerns took priority over cybersecurity capacity. On April 9, 2025, Trump signed a presidential memorandum revoking Krebs’ security clearance, ordering a DOJ investigation into him, and suspending clearances at SentinelOne (the cybersecurity company where Krebs worked). The stated justification was CISA’s role in “censorship” related to election misinformation. The practical effect was to chill cybersecurity professionals’ willingness to serve in government or engage with federal programs. SentinelOne is a significant cybersecurity vendor — targeting it for a former director’s political activities conflated cybersecurity infrastructure with political grievance. ¹⁰

What the Evidence Shows

The administration produced policy documents that describe a vision for cyber defense: Executive Order 14306 retained some Biden-era technical mandates (encrypted DNS, email encryption, post-quantum cryptography timelines) while removing others (software attestation, PQC acceleration, digital identity). The March 2026 Cyber Strategy articulated six pillars and emphasized offensive deterrence. These are real policy outputs.

But the claim is about “strengthened defenses” — an assertion that the protective capability of the United States against foreign cyberattacks improved. The evidence shows the opposite. The primary civilian cyber defense agency (CISA) lost a third of its workforce. The board investigating the worst telecom hack in history was disbanded on Day One. The FCC removed mandatory cybersecurity rules for telecoms while the breach those rules addressed remained active. The State Department’s cyber diplomacy bureau was dismantled. The National Cyber Director position was vacant for seven months and then filled by someone without cybersecurity experience. Planned sanctions against China for Salt Typhoon were shelved to protect a trade deal. And throughout all of this, both Salt Typhoon and Volt Typhoon — Chinese operations that represent the most serious cyber threats to U.S. infrastructure — continued operating, with Volt Typhoon expanding from IT networks into operational technology systems controlling utilities and energy infrastructure.

The strategy’s emphasis on offensive operations represents a philosophical choice, not a defense improvement. Offense and defense are complementary, not substitutable. The ability to launch cyberattacks against Iran (as occurred during Operation Epic Fury, analyzed in item #190) does not protect American telecom companies from Chinese espionage, secure water treatment facilities from pre-positioned Chinese malware, or restore the institutional capacity lost when 1,000 CISA employees departed. Strategy documents are not defenses. Executive orders are not firewalls.

The Bottom Line

The steel-man case for this claim rests on the formal policy outputs: EO 14306 retained meaningful technical mandates (encrypted DNS, email encryption, post-quantum cryptography timelines), the March 2026 Cyber Strategy articulated a vision for deterrence, and Cyber Command’s hunt-forward operations discovered Chinese malware in allied nations’ networks. These are legitimate government actions in the cybersecurity domain.

But “strengthened U.S. cyber defenses against foreign attacks” requires that the net effect of the administration’s actions made the country harder to attack. The evidence overwhelmingly shows the opposite. Every major institution responsible for cyber defense was weakened: CISA gutted by a third, the CSRB disbanded, the FCC’s telecom security rules removed, the State Department’s cyber diplomacy bureau dismantled, the National Cyber Director seat vacant for seven months. The most consequential foreign cyber operations — Salt Typhoon and Volt Typhoon — continued and in some cases expanded. Sanctions against the adversary responsible were shelved for trade considerations. The administration wrote strategy documents describing what it would like to do while simultaneously tearing down the institutional capacity required to do it. That is not strengthening defenses. That is writing a fitness plan while dismantling the gym.

Footnotes

1. Executive Order 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity,” June 6, 2025, https://www.whitehouse.gov/presidential-actions/2025/06/sustaining-select-efforts-to-strengthen-the-nations-cybersecurity-and-amending-executive-order-13694-and-executive-order-14144/. Wiley Rein LLP analysis, “President Trump’s Cyber Mandate,” June 2025, https://www.wiley.law/alert-President-Trump-Cyber-Mandate-Analysis-of-Executive-Order-on-Strengthening-US-Cybersecurity. “President Trump’s Cyber Strategy for America,” March 6, 2026, https://www.whitehouse.gov/wp-content/uploads/2026/03/President-Trumps-Cyber-Strategy-for-America.pdf. Sidley Austin, “The New Cyber Doctrine of the United States,” March 10, 2026, https://datamatters.sidley.com/2026/03/10/the-new-cyber-doctrine-of-the-united-states-the-trump-administration-issues-cyber-strategy-and-executive-order-targeting-cybercrime/. ↩

2. Nextgov/FCW, “CISA projected to lose a third of its workforce under Trump’s 2026 budget,” June 2025, https://www.nextgov.com/cybersecurity/2025/06/cisa-projected-lose-third-its-workforce-under-trumps-2026-budget/405726/. Federal News Network, “DHS budget request would cut CISA staff by 1,000 positions,” May 2025, https://federalnewsnetwork.com/cybersecurity/2025/05/dhs-budget-request-would-cut-cisa-staff-by-1000-positions/. TechCrunch, “US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs,” February 25, 2026, https://techcrunch.com/2026/02/25/us-cybersecurity-agency-cisa-reportedly-in-dire-shape-amid-trump-cuts-and-layoffs/. CyberScoop, “Across party lines and industry, the verdict is the same: CISA is in trouble,” January 2026, https://cyberscoop.com/cisa-personnel-cuts-trump-second-term-analysis/. The Register, “CISA worker says 100-strong red team axed after DOGE action,” March 12, 2025, https://www.theregister.com/2025/03/12/cisa_staff_layoffs/. ↩

3. CSO Online, “Trump disbands Cyber Safety Review Board, Salt Typhoon inquiry in limbo,” January 2025, https://www.csoonline.com/article/3807871/trump-administration-disbands-dhs-board-investigating-salt-typhoon-hacks.html. CyberScoop, “Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker,” January 2025, https://cyberscoop.com/removal-cyber-safety-review-board-members/. Nextgov/FCW, “Salt Typhoon hackers targeted over 80 countries, FBI says,” August 2025, https://www.nextgov.com/cybersecurity/2025/08/salt-typhoon-hackers-targeted-over-80-countries-fbi-says/407719/. ↩

4. The Record (Recorded Future News), “FCC spikes Biden-era cyber regulations prompted by Salt Typhoon telecom breaches,” November 2025, https://therecord.media/fcc-removes-biden-era-cybersecurity-rules-telecoms-salt-typhoon. ↩

5. Axios, “How China is shackling Trump’s cyber agenda,” December 9, 2025, https://www.axios.com/2025/12/09/china-salt-typhoon-trump-economic-policy. Benzinga, “US Reportedly Pauses Salt-Typhoon Sanctions On China, Shelves New Export Controls To Protect Trade Truce,” December 2025, https://www.benzinga.com/news/legal/25/12/49204497/us-reportedly-pauses-salt-typhoon-sanctions-on-china-shelves-new-export-controls-to-protect-trade-truce. ↩

6. Cybersecurity Dive, “State Department cyber diplomacy firings and changes threaten US defenses,” July 2025, https://www.cybersecuritydive.com/news/state-department-cyber-bureau-firings-reorganization/753370/. CyberScoop, “By gutting its cyber staff, State Department ignores congressional directives,” 2025, https://cyberscoop.com/state-department-cyber-diplomacy-setback-congress-action-op-ed/. Nextgov/FCW, “State Department cuts hit cyber diplomats doing international engagements,” July 2025, https://www.nextgov.com/people/2025/07/state-department-cuts-hit-cyber-diplomats-doing-international-engagements/406727/. ↩

7. Nextgov/FCW, “Senate confirms Sean Cairncross to be national cyber director under Trump,” August 2025, https://www.nextgov.com/people/2025/08/senate-confirms-sean-cairncross-be-national-cyber-director-under-trump/407178/. Cybersecurity Dive, “Trump’s national cyber director nominee dodges criticism of funding cuts,” 2025, https://www.cybersecuritydive.com/news/sean-cairncross-national-cyber-director-confirmation-hearing/749993/. DefenseScoop, “Cyber Command, engaged in war with Iran, gets new commander,” March 10, 2026, https://defensescoop.com/2026/03/10/gen-rudd-cyber-command-commander-nsa-director/. ↩

8. BISI, “Trump’s Cyber Strategy: Offensive Ambitions, Defensive Gaps,” March 2026, https://bisi.org.uk/reports/trumps-cyber-strategy-offensive-ambitions-defensive-gaps. CFR, “Trump’s Cyber Strategy Fails to Address the Country’s Biggest Threats,” March 2026, https://www.cfr.org/articles/trumps-cyber-strategy-falls-short-on-china-iran-and-the-threats-that-matter-most. ↩

9. The Register, “China-linked crew embedded in US energy networks,” February 17, 2026, https://www.theregister.com/2026/02/17/volt_typhoon_dragos/. The Record, “Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found,” 2025, https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure. The Record, “Volt Typhoon hackers were in Massachusetts utility’s systems for 10 months,” 2025, https://therecord.media/volt-typhoon-hackers-utility-months. ↩

10. Nextgov/FCW, “Trump signs order targeting former CISA head Chris Krebs,” April 2025, https://www.nextgov.com/people/2025/04/trump-signs-order-targeting-former-cisa-head-chris-krebs/404445/. TechCrunch, “Trump orders federal investigation into former CISA director Chris Krebs,” April 10, 2025, https://techcrunch.com/2025/04/10/trump-orders-federal-investigation-into-former-cisa-director-chris-krebs/. Krebs on Security, “Trump Revenge Tour Targets Cyber Leaders, Elections,” April 2025, https://krebsonsecurity.com/2025/04/trump-revenge-tour-targets-cyber-leaders-elections/. ↩