This month, the White House released its Cyber Strategy for America, which calls for “unprecedented coordination across government and the private sector” to ensure the nation remains unrivaled in cyberspace and can defend the safety, security and prosperity of the American people.

To achieve this objective, the strategy includes six pillars guiding both how it will be implemented and how it will be evaluated for success. Reiterated throughout the strategy is the importance of protecting data, modernizing networks and leveraging emerging technologies – all of which signal a need to double down on Zero Trust, artificial intelligence and protecting critical infrastructure.

Zero Trust Is as Important as Ever for All National Security Systems

The strategy addresses the criticality of Zero Trust and does so in a few important ways. First, it makes clear that protecting data is at the center of a sound, resilient national cybersecurity strategy. Zero Trust is all about protecting data in that it requires dynamic verifications and access controls, rather than permanent permission to operate on a network.

That’s important because data protection is an imperative for all national security systems – from border protection systems to critical infrastructure to national defense. At every turn, the complex data-sharing relationships we have in place today need to be maintained for joint, inter-agency, state and local and open-source data-sharing and collaboration. We need to ensure we can continue to quickly and securely deliver the right data to the right people for the mission – and Zero Trust gives us the ability to do that.

AI Is Reshaping How We Think About Cybersecurity

Like everywhere else, artificial intelligence is changing the game in cybersecurity, and the new strategy reflects that. One way AI is changing things involves the proliferation of AI-driven capabilities into cyber solutions. That’s good – there is tremendous power in automating certain portions of a cyber analyst workflow, specifically when it comes to things like using agentic AI to identify threats and potential exploits or to automate certain tactics, techniques and procedures.

The other way AI is reshaping cybersecurity involves protecting the AI models themselves. One could rightly argue there’s not been enough focus on this front and that we need to do more. A model that is impacted by data poisoning or delivering false positives – or false negatives, which can be even worse – is a model that can do tremendous damage.

A recent research paper highlights that AI agents will often have a bias for trusting one another. If a hacker can exploit just one agent, the other agents will trust that the agent worked within its guardrails and is operating as it was designed to do. That one agent misstep could lead to catastrophic results – not dissimilar to the Target data breach in 2013. In that instance, hackers breached a networked HVAC system, and then got into larger and larger systems, eventually reaching the point-of-sale system packed with credit card numbers and personally identifiable information.

This kind of lateral movement on a network, which Zero Trust was designed to combat, works similarly with agents – hence, the need to secure them from attacks. Avoiding a 2026-style lateral attack requires “zero agent trust,” and you achieve that by securing the AI models foundational to the agent’s ability to perform. This is not to say we need to avoid using agentic AI. Not at all. We need agentic Zero Trust models, and we need to apply those models to modern AI environments.

Protecting Critical Infrastructure Is a National Security Imperative

Protecting critical infrastructure is a national security imperative and it is highly prioritized in the new strategy. We know, for example, that the state-sponsored hacking group Volt Typhoon regularly targets critical infrastructure. We saw the same type of activity in Russia ahead of its invasions of Crimea and Ukraine. There are several recent reports in open source press documenting China, Russia, and Iran’s probing activity into critical into critical infrastructure in the U.S. and around the world.

These types of non-kinetic preludes to kinetic activity are not limited to foreign adversaries – the United States government does the same things. Because of this reality, this is no longer an exotic cybersecurity capability. It’s become standard operating procedure for tier-one militaries. Protecting critical infrastructure from a cyber perspective may, in fact, become the defense industrial complex partnership of our time.

Protecting critical infrastructure will take coordinated action from the U.S. government, private and public sector partners and state and local regulators all sharing information, lessons learned and best practices. Because when the battlefield is everywhere, the obligation to defend falls to everyone. Zero Trust, artificial intelligence and critical infrastructure protection are the right areas of priority in the new strategy – and they’re also areas where GDIT has invested in solutions and stands ready to serve the nation.