Trump Signs Executive Order on Cybercrime and Unveils National Cyber Strategy
What Happened
On March 6, 2026, the Trump administration released two major cybersecurity policy documents:
- "President Trump's Cyber Strategy for America" — a broad national strategy document
- An Executive Order titled "Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens" — a directive with specific timelines and requirements
Together, they represent the administration's most comprehensive cyber policy action to date, directing an interagency coalition to target transnational cybercrime organizations and improve the federal government's ability to detect, disrupt, and prosecute cyber-enabled crime.
What the Executive Order Requires
60-Day Interagency Review
The order mandates a 60-day interagency review of all existing "operational, technical, diplomatic, and regulatory frameworks" for combating transnational cybercrime. This is essentially a government-wide audit of what tools and authorities already exist, and where the gaps are.
120-Day Action Plan
Within 120 days, agencies must deliver an action plan that identifies responsible criminal networks and proposes solutions to disrupt them. This means named threat groups, specific infrastructure, and concrete operational plans — not just policy recommendations.
New Coordination Cell
The order directs the creation of a coordination cell within the National Coordination Center to detect, disrupt, dismantle, and deter cyber-enabled criminal activity targeting U.S. persons, businesses, and critical infrastructure. This is meant to centralize what has historically been a fragmented response across FBI, CISA, Secret Service, and other agencies.
Prosecution Priorities
The Attorney General is directed to prioritize prosecutions of cyber-enabled fraud and scam schemes, pursuing the most serious provable offenses. Additionally, the DOJ has 90 days to recommend a Victim Restoration Program that would provide restitution to victims from seized or forfeited cybercriminal funds.
Diplomatic Leverage
The order includes provisions for diplomatic engagement with foreign governments, with consequences for countries that tolerate cybercrime operations within their borders — including sanctions, visa restrictions, trade penalties, and expulsion of complicit officials.
Target Areas
The executive order specifically names these categories of cybercrime:
- Ransomware and malware
- Phishing campaigns
- Financial fraud
- Sextortion and other extortion schemes
- Impersonation attacks
The emphasis on sextortion is notable — it reflects the growing scale of attacks targeting minors and vulnerable individuals, an area where federal law enforcement has been increasingly active.
What the National Cyber Strategy Says
The accompanying strategy document, "President Trump's Cyber Strategy for America," provides the broader framework. While the full details are still being parsed by policy analysts, the key themes include:
- Offensive cyber operations — signaling a willingness to use cyber capabilities proactively against threat actors
- Private sector partnership — acknowledging that the government can't secure cyberspace alone and needs industry cooperation
- Critical infrastructure protection — identifying specific sectors (energy, healthcare, financial services) for enhanced security requirements
- Workforce development — addressing the chronic shortage of cybersecurity professionals
What This Means for the Industry
For Security Teams
The coordination cell and prosecution directives are designed to make federal cyber response faster and more effective. In practice, this means:
- Faster incident reporting pathways — expect streamlined processes for organizations to report cyberattacks to federal authorities
- More aggressive takedowns — the emphasis on disruption over just investigation could mean faster action against criminal infrastructure
- Victim restitution — the proposed Victim Restoration Program could create a mechanism for organizations to recover losses from government-seized assets
For Developers and Tech Companies
The diplomatic provisions are the most interesting signal. If the U.S. follows through on threatening sanctions and trade penalties against countries that harbor cybercriminals, it could reshape the threat landscape by raising the cost of operating ransomware and fraud schemes from safe-haven countries.
For Enterprises
The 120-day action plan will be the document to watch. If it names specific threat groups and infrastructure, it could provide actionable intelligence for security teams to proactively block or monitor for those threats.
The Skeptic's View
Executive orders are directives, not legislation. They can be reversed by the next administration. The real question is whether the 60-day review and 120-day action plan produce concrete operational changes, or whether they join the long list of government cybersecurity documents that describe the problem without meaningfully changing the response.
The diplomatic leverage provisions are ambitious, but the U.S. has struggled to impose meaningful consequences on countries like Russia and North Korea that openly harbor cybercriminal operations. Whether sanctions and trade penalties will deter states that already operate under heavy sanctions remains to be seen.
That said, the creation of a dedicated coordination cell and the emphasis on prosecution could have a real operational impact, particularly for ransomware groups that have operated with relative impunity.
Sources
- Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House
- Fact Sheet: President Donald J. Trump Combats Cybercrime — The White House
- President Trump's Cyber Strategy and Executive Order: Key Takeaways — Latham & Watkins
- White House Releases New National Cyber Strategy and Executive Order — Inside Privacy
- Trump signs executive order to combat cybercrime — ABA Banking Journal