America’s Cyber Withdrawal Needs a Replacement

The Trump administration announced in January 2026 that the United States would withdraw from several international cybersecurity forums, including the Global Forum on Cyber Expertise (GFCE), which focuses on critical infrastructure protection, cybercrime, and cyber skills development, and the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE), which supports EU and NATO members through expertise-sharing and coordination on cyber and hybrid risks. The administration argues that these institutions are duplicative, inefficient, and misaligned with U.S. priorities. Reassessing international commitments is a legitimate exercise of strategic leadership. However, while these two forums represent only a portion of America’s overall cyber diplomacy portfolio, each plays a distinct role not replicated elsewhere, from coordinating global capacity-building to supporting hybrid-threat cooperation. As the United States exits these institutions, it should quickly replace the capabilities they provided, or risk creating gaps in coordination, norm-setting, and collective defense that adversaries will exploit.

Cybersecurity is inherently a global issue, not merely a domestic one. Criminal groups and state-backed actors routinely exploit globally shared infrastructure and target interconnected supply chains, taking advantage of vulnerabilities that do not respect national borders. Common vulnerabilities and exposures can affect systems worldwide simultaneously. In a highly interconnected digital ecosystem, a flaw that emerges in one country can impact systems in the United States as well. Early warning mechanisms, shared expertise, and coordinated diplomatic or technical responses remain essential during fast-moving cyber incidents.

The administration argues that many international cyber institutions suffer from overlapping mandates or limited accountability. Although the United States remains engaged in several international cybersecurity forums—such as the Organization for Security and Co-operation in Europe, which promotes cyber confidence-building and stability measures, and Interpol’s Cybercrime Unit, which facilitates international cooperation against cybercrime—withdrawing from GFCE and Hybrid CoE removes specific coordination channels not available in other forums.

The GFCE serves as a primary platform for coordinating global cyber capacity building. The Hybrid CoE helps NATO allies align strategies across cyber, information, and hybrid domains. Withdrawing from these forums without establishing alternatives forfeits access to early warning networks, shared expertise, and trusted coordination mechanisms that are difficult to recreate on short notice. Ad hoc bilateral agreements or informal partnerships may eventually fill some gaps, but they do not offer the same scale, continuity, or legitimacy needed for rapid, multilateral responses.

This gap is particularly concerning as Russian, Chinese, Iranian, and non-state-backed criminal cyber actors increasingly target critical infrastructure—including water and wastewater facilities, telecommunication companies, and energy grids— and global communications systems to operate across multiple countries simultaneously while using living-off-the-land techniques, which exploit legitimate systems tools already present on networks to blend in, evade detection, and remain inside systems for extended periods. No nation, regardless of its cyber capabilities, can counter these threats alone. Multilateral forums exist precisely because cyber risks require collective action and coordinated responses.

Withdrawal also carries long-term strategic costs. Cyberspace is governed as much by norms and standards as by technical capabilities, and international institutions serve as the primary arenas where those norms take shape. For decades, the United States and its allies have advanced a vision of an open and secure cyberspace grounded in human rights, multistakeholder governance, and limited state control. That vision, however, now competes with rival models advanced by China, Russia, and Iran, which prioritize digital sovereignty, centralized state authority, and strict information control. When the United States disengages from norm-setting bodies, it does more than step away from institutions it views as inefficient; it limits its ability to coordinate with partners and to shape the broader environment in which global cyber norms are developed. Reduced U.S. participation erodes allied cohesion and opens the door for authoritarian models to gain influence in international forums as a whole.

The United States need not remain in institutions that no longer serve its interests, but strategic disengagement requires strategic replacement. If existing forums are ineffective, the administration should determine how it can preserve those forums’ core functions—capacity‑building coordination, hybrid‑threat alignment, early warning, and norm‑shaping—through better‑suited mechanisms. This could include forming new mini‑lateral coalitions modeled on the Five Eyes intelligence‑sharing partnership, bringing together a small group of trusted European partners to coordinate cyber defense and strengthen early‑warning mechanisms. The United States could also lead the creation of focused subgroups within existing bodies like the G7—building on the G7 Cyber Expert Group—to keep cybersecurity priorities aligned with U.S. interests. Finally, the Trump administration could establish an international cybersecurity body inspired by President Trump’s Board of Peace, chaired by the National Cyber Director and composed of senior U.S. and allied cyber officials. Such a structure would institutionalize U.S. leadership and ensure its interests remain central even as it steps back from outdated forums.

Cybersecurity is fundamentally collective, and leadership depends on shaping the partnerships and standards that govern cyberspace. Leaving institutions that no longer serve U.S. interests is valid; leaving their functions unfilled is not. If the United States does not replace these capabilities, others will, and the resulting architecture is unlikely to reflect U.S. interests.