Strengthening National Cyber Resilience: Reflections from My Fireside Chat with ONCD Director Sean Cairncross

Last week, I had the privilege of hosting a fireside chat with Office of the National Cyber Director (ONCD) Director Sean Cairncross during SecurityScorecard’s exclusive briefing on strengthening the nation’s cyber resilience.

The discussion brought together federal leaders, industry partners, and cybersecurity practitioners to explore how the United States is reshaping its cyber strategy to meet an increasingly complex and volatile threat landscape.

One theme was unmistakably clear: cybersecurity is no longer an adjacent technical issue, it is now a core pillar of national security, economic stability, and public safety.

A New National Cyber Strategy is Coming

Director Cairncross confirmed that the administration is preparing to release a new National Cyber Strategy designed to be concise, actionable, and directly tied to resourcing and execution across the federal government. Unlike prior strategies that were often expansive and conceptual, this approach is intended to drive measurable outcomes across six foundational pillars:

• Shaping adversary behavior by shifting incentives and increasing consequences for nation-state and criminal cyber actors
• Reforming the regulatory environment to move away from checklist-driven compliance and toward outcome-focused security
• Modernizing and securing federal networks to strengthen government operational resilience
• Protecting critical infrastructure through scalable state-federal pilot programs rather than one-size-fits-all mandates
• Establishing dominance in emerging technologies, particularly ensuring AI is secure by design
• Developing the cyber workforce, including innovative venture capital incubators designed to foster startup-driven innovation similar to Israel’s cyber ecosystem

The strategy reflects a fundamental shift toward operational accountability and real-world resilience.

Rethinking Resilience: Moving Beyond Absorbing Attacks

One of the most compelling moments in our conversation was Director Cairncross challenging the traditional concept of cyber “resilience.”

For too long, resilience has implied absorbing cyber attacks as inevitable. Cairncross argued that this mindset must change. The administration’s focus is to alter the adversary’s risk calculus entirely, making cyberattacks against U.S. infrastructure unacceptable, costly, and strategically disadvantageous.

This approach expands beyond defensive cybersecurity measures. The government intends to use all instruments of national power, including economic, diplomatic, and policy tools, to impose meaningful consequences on malicious actors. This represents a significant evolution in how the United States frames cyber deterrence.

Public-Private Partnership is No Longer Optional

Another central theme was the government’s recognition that national cyber defense cannot succeed without the private sector.

Director Cairncross emphasized that defending against sophisticated nation-state adversaries is fundamentally a shared responsibility. He noted that while defending against foreign intelligence services is the government’s mission, success depends heavily on industry collaboration and transparency.

He also issued a direct call to industry to identify areas of regulatory friction and overlap, acknowledging that compliance-driven models can sometimes divert resources away from effective defense. The administration is actively seeking to streamline requirements and ensure shared information results in actionable outcomes, not lost in bureaucratic processes.

Additionally, Cairncross highlighted the importance of reauthorizing the 2015 Cybersecurity Information Sharing Act for another decade, providing legal certainty and operational predictability for organizations sharing threat intelligence.

AI, the Global Technology Race, and Securing the Digital Future

Artificial intelligence emerged as another major focal point of our discussion. Cairncross described how AI is dramatically accelerating cyber threats, particularly the rise of sophisticated scam operations that are increasingly replacing traditional ransomware campaigns.

To address this evolving threat environment, the administration is working to ensure security is embedded into AI development from inception. This includes collaboration with the Office of Science and Technology Policy to establish foundational security frameworks that integrate cybersecurity directly into emerging technologies.

Beyond domestic policy, Cairncross also described a broader diplomatic effort to promote a global “clean technology stack” aligned with U.S. cybersecurity and democratic values. This initiative seeks to counter the expansion of insecure foreign technologies and strengthen alliances across the Five Eyes community, Japan, and other partners.

Building a Patriotic Cyber Workforce

Finally, Director Cairncross outlined an ambitious vision for workforce development. The administration is working to consolidate fragmented training programs while fostering a national cyber workforce that blends technical excellence with public-service commitment.

This includes exploring venture capital incubators designed to accelerate innovation, mirroring the success of Israel’s cyber startup ecosystem. The goal is to create a sustainable pipeline of cyber talent capable of protecting both government and private sector infrastructure.

The Path Forward

Hosting this conversation reinforced a critical truth: the United States is elevating cybersecurity into a fully integrated strategic domain. Attacks on infrastructure are now viewed through a national-security lens requiring coordinated, whole-of-government and whole-of-industry responses.

The shift away from compliance-driven security toward outcome-based resilience, transparent information sharing, and proactive deterrence signals a transformational moment in cyber policy.

At SecurityScorecard, we see this transformation every day through the growing demand for transparent, real-time cyber risk visibility across supply chains and critical infrastructure ecosystems. As Director Cairncross highlighted, denting attacker incentives requires data-driven insights that help both government and industry prioritize defensive resources and respond at scale.

The road ahead will require continued partnership, innovation, and shared accountability. But if the conversation we hosted is any indication, the United States is taking decisive steps toward building a stronger, more resilient digital future.