The White House’s cyber strategy, unveiled in March 2024, presents a stark contradiction: it demands national resilience against cyber threats while simultaneously reducing the United States’ offensive and defensive cyber capabilities. The strategy, authored by National Cyber Director Chris Inglis, frames cyberspace as a domain of sustained strategic competition rather than a compliance problem. It emphasizes national resilience as a core pillar, acknowledging that cyber threats require long-term preparedness and adaptation. Yet, the same policy choices that fund these goals are slashing the very tools needed to achieve them.

Strategy’s bold goals vs. shrinking resources

The strategy outlines a vision for cyberspace as a contested domain where the U.S. must compete with adversaries like China and Russia. It calls for integrating offensive cyber operations with diplomacy, economic pressure, and military deterrence. This approach reflects a growing recognition among policymakers that cyberspace is not merely a battleground for hackers but a front in geopolitical competition. However, the strategy’s reliance on resilience—defined as the ability to withstand and recover from cyberattacks—is undermined by budget cuts that reduce the nation’s cyber workforce, research funding, and critical infrastructure protections.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has seen its budget request for fiscal 2025 reduced by $100 million compared to 2024. This cut comes despite rising cyber incidents, including ransomware attacks on hospitals, schools, and municipal governments. The Department of Defense has also scaled back its Cyber Mission Force, a unit of 6,200 military personnel specializing in cyber operations, citing reallocation of funds to other priorities. Meanwhile, private-sector partnerships, which the strategy highlights as essential, are struggling to fill gaps left by government retrenchment.

Experts warn of a self-defeating approach

Critics argue the strategy’s emphasis on resilience is aspirational without the capacity to back it. Suzanne Spaulding, former CISA director, calls the plan “a house built on sand.” “You can’t have resilience without the tools to detect, respond, and recover,” she said. “The strategy’s reliance on private sector and allied support assumes those actors will always be available and capable, which is a gamble we can’t afford.” Other analysts point to the 2023 Office of the National Cyber Director report, which warned that U.S. cyber deterrence capabilities are eroding due to underinvestment and workforce shortages.

The strategy’s focus on deterrence through resilience also raises questions about its realism. Unlike traditional military deterrence, cyber deterrence relies on the threat of retaliation—something the U.S. has struggled to credibly demonstrate. The 2020 SolarWinds hack, attributed to Russian intelligence, exposed vulnerabilities in U.S. defenses but resulted in no significant U.S. cyber response. Analysts say the lack of retaliation emboldened adversaries, who now view cyber operations as low-risk, high-reward activities.

Political and bureaucratic hurdles

Implementation faces obstacles beyond budget cuts. The strategy requires coordination across at least 12 federal agencies, each with competing priorities. The Department of State and Department of Justice have clashed over how to attribute and respond to cyberattacks, delaying action on key initiatives. Meanwhile, Congress remains divided on cybersecurity funding, with some lawmakers pushing for stricter regulations while others advocate for deregulation to spur innovation.

The White House has not publicly addressed the tension between its resilience goals and budget reductions. When asked for comment, a spokesperson for the National Cyber Director’s office deferred to a March 2024 fact sheet that reaffirmed the strategy’s commitment to “resilience through partnership.” Yet, experts say partnerships alone cannot compensate for systemic underfunding. The strategy’s reliance on state and local governments, often under-resourced and overwhelmed, further compounds the risk.

What happens next

The strategy’s success hinges on whether Congress approves supplemental funding for cybersecurity in the next budget cycle. Without it, the U.S. risks falling behind rivals in cyberspace, where adversaries like China are rapidly expanding their capabilities. The Cybersecurity and Infrastructure Security Agency is already warning that critical infrastructure remains vulnerable to attacks that could disrupt power grids, water supplies, or financial systems. Analysts say the window to address these gaps is closing fast.

For now, the White House’s cyber strategy remains a paradox: a blueprint for resilience built on a foundation of shrinking resources. Whether it can achieve its goals will depend not just on the strategy’s vision, but on the willingness of policymakers to fund it.

What You Need to Know

  • Source: War on the Rocks
  • Published: April 22, 2026 at 07:30 UTC
  • Category: War
  • Topics: #defense · #military · #geopolitics · #war · #conflict · #resilience-without-capacity

Read the Full Story

This is a curated summary. For the complete article, original data, quotes and full analysis:

Read the full story on War on the Rocks →

All reporting rights belong to the respective author(s) at War on the Rocks. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.

Curated by GlobalBR News · April 22, 2026

🇧🇷 Resumo em Português

O presidente dos EUA, Joe Biden, surpreendeu o mundo ao lançar uma nova estratégia cibernética que promete “resiliência” sem investir nas capacidades essenciais para defendê-la, um paradoxo que especialistas já classificam como um “defeito fatal”. Enquanto nações como China e Rússia aceleram seus arsenais digitais, Washington optou por reduzir investimentos em defesa cibernética avançada, uma decisão que abre flancos perigosos em um cenário global cada vez mais volátil.

O plano, anunciado em meio a tensões crescentes com ciberataques patrocinados por Estados hostis, ignora um alerta histórico: sem tecnologia, treinamento e recursos humanos qualificados, a “resiliência” prometida se torna apenas retórica. Para o Brasil, que enfrenta ondas de ataques de ransomware e espionagem digital — muitas vezes vinculados a grupos ligados a potências estrangeiras —, a estratégia americana soa como um mau exemplo. Além disso, o país sul-americano tem buscado fortalecer sua posição em cibersegurança, mas depende em grande parte de parcerias internacionais que agora podem enfraquecer. A decisão dos EUA de priorizar “defesa passiva” em vez de dissuasão ativa deixa dúvidas sobre a capacidade de proteção não só deles, mas de aliados como o Brasil em um futuro próximo.

A falta de ações concretas pode deixar o mundo digital ainda mais vulnerável, incentivando novos ataques e reduzindo a confiança em acordos internacionais de segurança cibernética.

🇪🇸 Resumen en Español

El nuevo plan cibernético de la Casa Blanca apuesta por la resistencia digital, pero deja sin recursos clave a sus propias agencias, un riesgo que expertos consideran insostenible. Washington promete blindar infraestructuras críticas contra ciberataques, pero recorta herramientas esenciales, lo que podría exponer a Estados Unidos a vulnerabilidades irreparables.

El enfoque, criticado por especialistas, prioriza la retórica sobre la acción real: sin capacidades operativas reforzadas, la estrategia pierde credibilidad ante adversarios como China o Rusia, que aprovechan cualquier debilidad para escalar conflictos. Para los hispanohablantes, el mensaje es claro: si la potencia más avanzada en tecnología digital no garantiza su protección, ningún país está a salvo. La falta de inversión en ciberseguridad no solo debilita a EE.UU., sino que normaliza un escenario global donde las amenazas digitales crecen sin control.