US wants cyber partnerships to send ‘coordinated, strategic message’ to adversaries

MUNICH, Germany — The United States wants allies and industry partners to work alongside it in cyberspace to confront the most significant threats, a senior White House cyber official said Thursday in a discussion opening the Munich Cyber Security Conference.

National Cyber Director Sean Cairncross, who is leading a U.S. delegation including representatives from nearly every branch of government, said Washington is looking to deepen cooperation with partners rather than act alone. He echoed a line coined by Secretary of State Marco Rubio, saying the U.S. “America first” approach does not mean “America alone.”

Cairncross’ remarks stood in contrast to broader transatlantic tensions, including over Greenland and U.S. criticisms of European technology regulation.

“We are looking for partnership. We value partnership,” Cairncross said. “Everyone in this room faces the same sort of threat and the same threat actors,” he added, citing “everything from nation-state actors, espionage, to nation-state-adjacent criminal organizations, ransomware groups, [to] scam centers.”

Those adversaries “have scaled and continued to escalate,” he said, while the countries and companies gathered “have been less than effective at sending a coordinated, strategic message” that would change the “risk calculus and decision-making apparatus on the adversarial side.”

Cairncross said the Trump administration is elevating cyber into its own strategic domain. He said a forthcoming national cyber strategy will align with the broader national security strategy and use a “whole-of-government” approach spanning diplomacy, law enforcement and national security agencies, with the goal of changing adversaries’ calculations by shaping their behavior and raising the costs of attacks.

He placed particular emphasis on the role of the private sector, noting that much of the defensive burden for critical infrastructure falls on companies rather than governments. He said the U.S. wants deeper information sharing so executives and corporate boards understand what they are defending against and can direct resources accordingly, and he criticized European regulatory approaches that he said amount to shifting blame onto companies after an attack.

Governments, he said, have tools the private sector does not, including law enforcement and offensive cyber capabilities. Those tools should be coordinated with industry defenses rather than treated as separate efforts, he added.

“To date, a lot of emphasis has been put on resiliency. Resiliency is extremely important, but by definition, resiliency means you’re absorbing shots. It is not enough to say we need to be resilient. What’s needed is a mindset change that says we are going to work strategically… to say how can we make a dent in this space? …to send a message that this behavior is unacceptable, that maybe there’s a better way of making a living than DDoS attacks.

“Human beings are at the core of these decision-making processes, and so incentive schemes work, and I think governments — certainly the United States government — have many ways to incentivize or disincentivize behavior [from adversaries],” he added.

The effort should be treated as a whole-of-government issue so that “the message to the adversary is, if you want to act on whatever level, you are putting yourself at risk.”

The explicit push for partnership follows broader tensions between the United States and European countries over security, values and burden-sharing.

Cairncross said those tensions extend beyond cyber operations to debates over technology supply chains, artificial intelligence and digital sovereignty. He argued for what he called a “clean” technology stack rooted in U.S. and allied systems, drawing a sharp distinction between Western technology and Chinese systems and calling comparisons between the two a false equivalence.

Personal data, he said, does not flow to the state in the United States the way it does in authoritarian systems. He added that arguments about sovereignty often reflect cost concerns more than security ones, warning that cheaper Chinese technology can come with “a big bill on the back end” in terms of risk and exposure.

“We are for a clean tech stack. We do not want to build a surveillance state into the system, we want to fight that. We don’t want censorship in the system, we want to fight that. We don’t want tracking of dissidents in the system, we could prefer to fight that. And so we are looking for partners, and we would love that to be embraced.”

Cairncross said the U.S. administration wants partners who share those priorities, even if that leads to open disagreement at times. “Clear communication beats everything,” he said, adding that allies will not always agree, but avoiding hard conversations only creates more friction later.