President Trump’s Cyber Strategy: Cross Sector Implications for U.S. and UK Businesses

This is the first article in a series about the Trump Administration’s approach to cybersecurity, including its recently released “Cyber Strategy for America.” The series will address the latest developments affecting a variety of sectors and agencies, including telecom, government contracts, energy, and digital infrastructure.

The Trump Administration’s new Cyber Strategy for America outlines the Administration’s cybersecurity posture through six pillars that build on prior federal approaches. The strategy emphasizes strengthening protection of critical infrastructure across sectors including energy, finance, water, health care, and telecommunications. It builds on existing federal agency actions, which assuredly will expand in the months ahead. It also prioritizes maintaining U.S. leadership in emerging technologies like AI, quantum computing, and blockchain, while using diplomacy to coordinate cybersecurity measures globally, particularly with allies such as the U.K.

Federal officials also indicated that an accompanying action plan would be forthcoming, which as of this writing has not been released yet. 

On the Horizon: Increased Federal Agency Activity and Scrutiny

The Administration has been extremely active on the cybersecurity front, and the Cyber Strategy appears to be the Administration’s attempt to provide a cohesive and comprehensive outline of its cybersecurity approach. More broadly, the Cyber Strategy clearly signals that the federal government is prepared to use every tool to address the risks that cyber-attacks pose to the country’s national and economic security. It also, in a first, calls for greater public-private collaboration and information-sharing, as well as a more aggressive approach to bad actors in the digital realm.

Looking ahead, expect federal agencies to engage in more cyber-related rulemaking and enforcement activity, such as the U.S. Department of Energy’s (DOE) more granular Cybersecurity, Energy Security, and Emergency Response (CESER) Strategic Plan or the U.S Department of Justice’s (DOJ) Civil-Cyber Fraud Initiative. In addition, companies operating in one of the sixteen critical infrastructure sectors should monitor for updates regarding the rulemaking initiated pursuant to CISA’s Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). After lengthy delays, CISA appears poised to advance this rulemaking.

Cross‑Sector Implications for Business 

A. Communications, Telecommunications, and Connectivity‑Dependent Industries

For companies in the telecom and connectivity-dependent sectors, expect a continued federal focus on network security and supply chain risk, even as agencies roll back some of the prior requirements. 

Specifically, the Federal Communications Commission (FCC) is expanding efforts to block equipment and services, viewed as national security threats. Recent actions include blocking devices from entering the U.S. market, initiating a proceeding on expanding the list of covered categories to include connected car technologies, investigating entities already on the covered list, and prohibiting Bad Labs, owned or controlled by foreign entities, from testing and certifying devices as safe to enter the U.S. market. These actions signify a move toward adoption of robust oversight mechanisms to identify and counteract potential security vulnerabilities within the communications supply chain.  

In addition, the FCC recently expanded its Covered List to include new, foreign-produced consumer routers. That means that such items can no longer be imported, marketed, or sold in the U.S. This strategy likely will be used to target other technologies that federal officials believe may undermine cybersecurity, while also aligning with the Trump Administration’s efforts to bring manufacturing onshore.

Any changes in FCC enforcement are likely to involve the agency’s Council on National Security, which was established in early 2025. This group’s stated purpose is to use the FCC’s regulatory and enforcement powers to protect American interests and counter foreign adversaries, with China mentioned by name. 

However, the U.S. Supreme Court currently is reviewing whether the FCC may impose civil forfeitures through administrative proceedings or must seek them in federal court with a jury trial. If the Court affirms a Fifth Circuit decision, the FCC could lose its ability to impose civil forfeitures directly, forcing greater reliance on DOJ litigation and reshaping enforcement across the Communications Act.

B. Data Centers, Power Grid-Connected Assets, and Digital Infrastructure

The Cyber Strategy for America plan identifies data centers as a focal point for federal cybersecurity efforts, given their importance in the growth of AI and the sensitive information they house. Data centers present a physical infrastructure security challenge, as well as a cybersecurity one. Their security depends upon grid reliability and energy policy as well as cyber defense. 

Under the strategic plan, the federal government aims to identify, prioritize, and strengthen the security of the nation’s critical infrastructure and supply chains, including defense-related systems and associated private-sector partners. This effort spans key sectors such as energy, finance, telecommunications, data centers, water utilities, and hospitals, with a focus on securing both information and operational technology supply chains. 

The Trump Administration is seeking to reduce reliance on adversary-linked vendors by promoting U.S.-based technologies and solutions. The Administration sees state, local, tribal, and territorial governments in a complementary role, rather than replacing national cybersecurity initiatives.

But while the Administration has staked out a pro-data center position, a number of states have introduced legislation to slow the growth of data centers. These concerns principally center around such issues as increased electricity and water prices, Co2 and methane emissions, and a lack of noise abatement. 

Earlier this month, Florida signed into law stricter new requirements for data center development. The new law requires data center projects to fully cover the costs of their energy consumption, without passing on higher prices to consumers. The law also protects the rights of local governments to reject data center projects and allows water management districts to deny permits if a data center development would threaten the local water supply. 

On May 14-15, the FCC’s Public Safety and Homeland Security Bureau will host cybersecurity workshops for broadcasters and telecommunications carriers, which will provide additional guidance.

The Federal Energy Regulatory Commission (FERC) also will likely play a key implementation role. The agency is responsible for overseeing the reliability of the nation’s interstate bulk power system and it approves and enforces federal standards, including those related to cybersecurity. The North American Electric Reliability Corporation (NERC), an industry organization that FERC has designated to develop those standards, will be at the forefront of efforts to explore new cybersecurity requirements. 

Work is already underway at NERC to assess whether new or modified regulations are needed to mitigate reliability risks related to data centers and other large load interconnections. Whether this initial work translates into new cybersecurity rules—rather than remaining centered on operational and planning risks—is an open question.

C. Nuclear and Emerging Technologies

In March and April 2026, the Nuclear Regulatory Commission (NRC) finalized a new regulatory framework (Part 53) for advanced reactors—its first major update in over 30 years. The new regulations include specific cyber requirements demanding protection proportional to the facility's risk level. The new Part 53 regulations require applicants to define, detect, and mitigate cyberattacks on safety-related digital systems.

The NRC also has drafted new rules specifically directed at microreactors, and it has announced new procedures designed to dramatically reduce permitting timelines. With 2024’s ADVANCE Act paving the way for small modular reactors, new technology could be employed to support data centers and energy resilience. However, it will undoubtedly require additional federal regulatory oversight, the details of which are yet to be determined.

Government Systems, National Security, and Information Sharing 

Administration officials hope to accelerate the deployment of emerging technology on federal networks, including artificial intelligence, post-quantum cryptography (designed to be effective against future, high-powered quantum computers that are not yet in service), and AI-enabled cybersecurity tools. As part of its accelerated deployment goals, the Administration is also looking for ways to improve and expedite the procurement process.

In addition, the Trump Administration’s Cyber Strategy advocates for the nation to take an offensive approach to cybersecurity, with federal response teams actively seeking out and eliminating potential cyber threats. This is a shift from the country’s traditional defensive position, and likely would receive push-back from the UK and other allies.

Expect Information Sharing and Analysis Centers (ISACs) to take on an increasingly vital role as a practical compliance and risk‑mitigation tool. By sharing timely indicators, tactics, and mitigation strategies, ISACs help members identify and address risks that align with NIST‑based risk management expectations under FISMA and agency guidance.

UK and EU Perspective: Transatlantic Cyber Alignment