America Just Changed the Rules of Cyber War
Find Threat Talks on
America Just Changed the Rules of Cyber War
America just released a new national cyber strategy. And it is not just about defense anymore – it is about preparing for what is coming.
In this episode of Threat Talks, Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, speaks with Caitlin Clarke, Senior Director of Cybersecurity Services at Venable and former Special Assistant to the President for Cybersecurity and Emerging Technology, to unpack what the strategy says and what it demands from security leaders.
From shaping adversary behavior to harmonizing cyber incident reporting requirements, the strategy sets a clear direction. The shift is deliberate: from absorbing attacks to making them costlier to launch. The implementation details are still coming. But the organizations that start now will be ahead when they do.
What you’ll learn
- What the US national cyber strategy means beyond the headlines
Why this strategy signals a shift from reactive defense to deliberate deterrence, and what that means for how organizations think about risk - How securing critical infrastructure is changing
Why moving away from adversary technology is no longer optional, and why mapping your supply chain now matters before guidance makes it mandatory - What regulatory simplification means in practice
How harmonizing cyber incident reporting requirements could reduce compliance burden without reducing accountability - What security leaders should do today
Why Zero Trust roadmaps, post-quantum cryptography planning, and supply chain analysis are the three areas that cannot wait
Your cybersecurity experts
Lieuwe Jan Koning
Co-Founder and CTO
ON2IT
Caitlin Clarke
Senior Director of Cybersecurity Services
Venable LLP
Episode details
A new US national cyber strategy is out. And the name alone tells you something.
It is not called a national cybersecurity strategy. It is a national cyber strategy. Cyber is no longer just a defensive domain. It is a tool of national power.
In this episode of Threat Talks, Lieuwe Jan Koning speaks with Caitlin Clarke about what that shift means in practice, working through three of the strategy’s pillars.
Pillar one is about shaping adversary behavior. Not hack-back, but something more deliberate: making it harder, costlier and riskier for malign actors to target US and allied interests. The private sector has a role here. Cybercrime infrastructure is in scope. And the expectation is that the economics of attacking US interests need to change.
Pillar four focuses on securing critical infrastructure. The US has already moved to rip and replace adversary technology from telecom networks. This strategy signals that approach is expanding across all 16 critical infrastructure sectors. The definition of adversary technology is still being worked out. But the direction is clear, and organizations that wait for the final guidance before mapping their supply chains will be starting from behind.
Pillar two addresses regulation. Not deregulation in the way some headlines framed it, but simplification. The goal is harmonizing cyber incident reporting requirements so that organizations spend less time responding to multiple regulators and more time actually defending their networks. CIRCIA is likely where this plays out first.
The episode also covers Zero Trust and post-quantum cryptography. Both appear explicitly in the strategy. Both require roadmaps that take time to build. The message is consistent: the organizations that treat these as future considerations are already late.
The strategy is a signal. The executive orders that follow will fill in the detail. But the conversation in this episode makes clear that for CISOs and security leaders, the time to act is not when those orders land.
It is now.
Get your Hacker T-shirt
Join the treasure hunt!
Find the code within this episode and receive your own hacker t-shirt for free.
