The US Information Technology Industry Council (ITI) has called on president Donald Trump’s White House to slash red tape around cyber security regulations – potentially undoing some of the work done during previous president Joe Biden’s administration – saying the federal government must also do more to coordinate consistent cyber security policy and work hand in hand with the private sector.
In a report published this week, titled A roadmap for results: ITI’s strategic recommendations for driving American cyber security, the organisation, which counts the largest IT businesses in the world as its members – including all of the so-called Big Five – Alphabet, Amazon, Apple, Meta and Microsoft – offered up a series of recommendations for the White House Office of the National Cyber Director (ONCD), helmed by new appointee Sean Cairncross.
“The administration’s vision should translate into results-driven action,” wrote the report’s authors. “That means empowering defenders with what they need to win: efficiency, appropriate resourcing and the freedom to focus on real threats, not on navigating a web of regulatory regimes.
“There is a need to prioritise impactful security outcomes, slash red tape, rethink legacy network architectures, invest in secure modern systems and strengthen trusted partnerships between the public and private sectors,” they continued.
“Cutting red tape, aligning requirements and streamlining cyber operations will free up government and private sector defenders alike to focus on stopping real threats. Efficiency is not just good governance – it is national security.”
The report offered some guidance on what areas ITI’s members would like to be considered by the ONCD should the regulatory bonfire be lit.
It called on the US government to “respond with speed and strength” in using AI to secure networks and critical infrastructure, and empower frontline cyber defenders; to do more to implement a less fragmented approach to incident reporting; to walk back the scope of the 2022 Cyber Incident Reporting for Critical Infrastructure Act, which it said was leading to too much paperwork and a burdensome system; and to build a unified cyber certification system and better scale shared cyber services across the government.
Further concerns
Following the April 2025 “scare” over the near-demise of the Mitre-backed Common Vulnerabilities and Exposures (CVE) Programme due to a lack of funding, ITI also said the scheme cannot be allowed to run out of money again.
“A lapse would erode national security, trigger wasteful duplication and create openings our enemies would exploit,” said ITI.
“Securing predictable funding will preserve the role of the CVE program as the trusted source of vulnerability data for defenders across the ecosystem.”
Other areas of concern to the trade body include the need to address end-of-life technology as a source of cyber risk – the approaching end of Microsoft Windows 10 being a pertinent current example – to implement strategic action on post-quantum cryptography, to drive adoption of zero-trust architectures, and to further harden the software development supply chain.
Reasserting US leadership
The ITI report also noted concerns that the US risks losing its global leadership position in setting international cyber security norms and standards, particularly as the UK, the European Union and others move forward with their own efforts.
The ITI said the US “must lead”, and called on the ONCD to work with the State Department to serve as a “strategic anchor” for US engagement on global security policy, with the nation’s domestic cyber priorities better aligned with outreach beyond US borders.
