U.S. Cyber Strategy Aims to Reset Adversaries’ Risk Calculus Amid Iran Threats

The White House’s newly released National Cyber Strategy aims to reshape how adversaries calculate the risks of targeting U.S. infrastructure, particularly during conflict, National Cyber Director Sean Cairncross said this week at the McCrary Cyber Summit 2026 in Washington, D.C.

Cairncross said the strategy is designed to recalibrate adversaries’ decision-making by elevating the consequences of cyberattacks and reinforcing the U.S. government’s response posture.

“The risk calculus on our adversary side in this space doesn’t seem to be calibrated correctly. Things like holding our critical infrastructure at risk. That is something that an adversary would not consider doing in any sort of kinetic way, primarily because they know the response from the United States would be rather dramatic,” Cairncross said during the fireside chat Tuesday. “That same level of thinking should have to be applied when they are making calculations in [the cyber] domain.”

Since the beginning of Operation Epic Fury late last month, Iran has threatened cyber attacks against American critical infrastructure, civilian networks and businesses connected to the Defense Industrial Base (DIB). After an alleged Iran-linked cyber attack on Michigan-based medical device manufacture Stryker, experts said that organizations need to buttress their cyber defenses against potential follow-on activity.

“We have to adapt or die. Use the tools that you have. That’s what nations are doing,” said Eastern Michigan University School of Information Security and Applied Computing Professor Ryan Weber in an interview with GovCIO Media & Research. “Iran typically looks at energy, defense, finance, government, health care and telecommunications.”

Public-Private Partnerships Central to Defense

In the wake of the Stryker attack, Cybersecurity and Infrastructure Security Agency Acting Director Nick Andersen said his agency is engaging with target organizations. He added that the industry-CISA relationship works both ways and that he hopes to continue to engage with businesses.

“We’re entirely dependent upon these partnerships that we have with operators in the field,” Andersen said Tuesday during the McCrary event. “We’re hopeful that as soon as the shutdown ends, we’ll be able to reschedule those and get them get this going again and … continue to engage with the community in a thoughtful way.”

Cairncross said that the White House is engaged with the DIB and other targeted industry. He promised to help any organizations targeted by nation-state adversaries.

“It’s not your job to defend against the Chinese or the Russians or the Iranians. That’s the United States government’s job. We’re asking to work with you to get that done,” Cairncross said.

CISA’s acting Executive Assistant Director For Cybersecurity Chris Butera added that the strategy relies heavily on a unified front between the government and the private sector being targeted by Iran.

“We are a partnership agency first, and so we are working with all the people here on stage, with all of the companies and critical structure organizations in this room,” Butera explained. “In shaping adversary behavior. We’re really looking to increase the cost of doing business to the adversary, and we’re trying to figure out ways to do that at scale.”

Securing Infrastructure Key to Military Readiness

Defense officials said the strategy has direct implications for military operations, particularly in sustaining logistics and power projection during conflict.

Brandon Pugh, principal cyber adviser for the U.S. Army, said disruptions to critical infrastructure could undermine the military’s ability to deploy forces and maintain operations.

“If there is a disruption to the critical infrastructure to supply some of our bases, can we move people and equipment in a time of conflict?” Pugh asked. “We have priorities given to [the strategy’s] pillar four: protecting our defense, critical infrastructure. All of our installations we’ve been doing, seeing that now come out from the White House with a very clear directive to prioritize and work together.”

Cairncross promised that implementing the strategy – even in the time of conflict – is a priority across government.

“This administration is highly communicative with one another, so this is something that we are all engaged in,” Cairncross said. “This is a real whole of government approach and not in theory. In actual practice.”