President Trump signed an executive order launching a new federal strategy against cybercrime and global scam networks. The directive expands coordination across agencies while raising questions about how cyber threats are defined and addressed by the government.
U.S. President Donald Trump signed an executive order directing federal agencies to develop a sweeping new strategy to combat cybercrime, fraud, and online scams targeting Americans.
The order frames cyber-enabled fraud as a national security threat and instructs multiple federal departments to produce a coordinated plan within 120 days to identify, disrupt, and dismantle the transnational networks responsible.
But beyond its stated goal of protecting Americans from scams, the directive also expands the administration’s authority to define and respond to cyber threats — raising questions about how broadly those powers could be used.
The order argues that cybercrime — including ransomware, phishing attacks, impersonation schemes, and “sextortion” — is increasingly organized by transnational criminal networks operating abroad.
In response, the administration is directing federal agencies to:
The plan is expected to identify specific criminal networks and propose ways to detect, disrupt, and dismantle them.
One of the most consequential elements of the order is the range of tools it authorizes.
The administration explicitly signals that responses to cybercrime could include:
The order also directs the State Department to pressure foreign governments to crack down on scam networks operating within their borders.
Countries that fail to do so could face economic or diplomatic consequences.
In practice, this approach treats cyber fraud networks less as criminal enterprises and more as geopolitical actors tied to hostile states or tolerated by them.
The order gives the executive branch broad authority to determine which organizations or networks qualify as “transnational criminal organizations” targeting Americans.
That definition matters.
Cyber activity exists on a wide spectrum — from traditional financial scams to espionage, activism, influence campaigns, or political information operations.
The executive order does not clearly define where those boundaries lie.
Instead, it instructs federal agencies to identify and attribute malicious actors, drawing on intelligence capabilities and private cybersecurity firms.
That raises an important structural question:
who ultimately decides what qualifies as a cyber attack against Americans — and what response is justified?
The directive also strengthens White House oversight of cyber policy.
It calls for a new operational coordination cell within the federal cyber coordination framework to centralize intelligence sharing and response across multiple agencies.
Those agencies include:
While this may improve coordination, it also places more decision-making power inside the executive branch rather than through congressional legislation.
The timeline in the order is also notable.
Federal agencies have 120 days to produce the full strategy.
That timeline would bring the plan’s completion close to the early stages of the U.S. midterm political cycle.
In practice, this means the administration could unveil a new national cyber strategy — potentially including sanctions, enforcement actions, or major investigations — during a politically sensitive period.
There is no evidence in the order itself that it is intended for political purposes.
However, national security measures announced close to election cycles often carry political implications.
Despite its strong language, the executive order does not immediately launch new enforcement actions or create new legal authorities.
Instead, it begins a review and planning process.
Most of the real impact will depend on what agencies propose in the action plan due later this year.
Cyber fraud has become one of the fastest-growing criminal economies in the world.
Americans lose tens of billions of dollars annually to online scams, and organized scam centers operating abroad increasingly target victims at scale.
The executive order reflects a growing consensus in Washington that cybercrime is not only a law-enforcement issue, but also a national security challenge.
At the same time, the directive highlights a broader tension in cyber policy:
the balance between protecting citizens from digital threats and expanding government authority to define and respond to those threats.
Over the next several months, that balance will likely become clearer as the administration’s action plan takes shape.
The order also reflects a broader shift in how governments are approaching the digital world.
Cybercrime enforcement increasingly overlaps with other areas of digital governance — including financial regulation, online platforms, and information security.
Many cyber-enabled fraud operations rely on the same infrastructure used in other forms of digital activity: social media accounts, encrypted messaging services, cryptocurrency transactions, and global payment systems.
As a result, efforts to disrupt criminal networks can also expand government visibility into — and influence over — the wider digital ecosystem.
Cybersecurity experts have long noted that the line between criminal activity, espionage, influence campaigns, and online political operations can sometimes be difficult to define in practice.
Policies designed to combat one category can therefore affect others.
As cybercrime becomes one of the largest global criminal industries, governments are increasingly moving to confront it with national security tools — a shift that could reshape not only how fraud networks operate, but how states govern the digital world itself.
