- The White House’s newest cyber strategy represents a shift in focus from guidance, with best practices, to strict compliance requirements.
- The U.S. is dealing with a rise in commonly available AI tools like ChatGPT that is massively increasing threat vector opportunities.
- Hear directly from Sam Hussain, Capgemini Government Solutions head of U.S. defense sector, during a panel discussion at the 2026 Cyber Summit on May 21!
The White House’s new Cyber Strategy for America represents a clear shift from guidance to enforcement with specific requirements for GovCons to be eligible for contracts, according to a leading executive.
Sam Hussain, Capgemini Government Solutions head of U.S. defense sector, told GovCon Wire in an exclusive interview ahead of his appearance at the Potomac Officers Club’s 2026 Cyber Summit on May 21 that the Pentagon’s Cybersecurity Maturity Model Certification, or CMMC, program is an example of this cyber enforcement approach. CMMC requires contractors to meet specific cybersecurity standards to win contracts while also providing legal mechanisms, including the False Claims Act, for enforcement.
These strict cyber strategies don’t allow contractors to promise to implement strong cyber practices after a contract win. Instead, contracts can companies to pass third-party assessments to be eligible for contracts.
“That is a step in the right direction,” Hussain said.
Hussain said the White House is grappling with the rise of new technological cyber threats, especially those from mainstream artificial intelligence tools like OpenAI’s ChatGPT and IT products with built-in large language models such as Google Gemini and Microsoft Copilot.
“The avenues that an adversary can take [have] just opened [a highway] to them,” he said. “Before it was like a two-lane highway that had certain avenues, but now you have multiple highways that can [provide] attack vectors.”
Hear directly from Hussain during his panel discussion on Cybersecurity at Commercial Speed at the Potomac Officers Club’s 2026 Cyber Summit on May 21! Bolster your expertise on protecting controlled unclassified information across non-traditional vendors and transitioning prototypes into secure mission systems. Secure your seat today!
How Does the White House Cyber Strategy Empower the Private Sector?
The March-released national cyber strategy vowed to unleash the private sector by creating incentives to identify and disrupt adversary networks and scale national capabilities. Hussain said compliance-first approaches to cybersecurity like CMMC would improve private sector cybersecurity performance.
He also said the federal government should increase investment in workforce training for emerging cyber technologies to bolster private sector skills. Hussain’s greatest concern about the next big threat isn’t technology, but the lack of knowledge transfer from older to younger workers.
How Can the U.S. Improve Cyber Workforce Training?
Hussain recommends a number of approaches to improve U.S. workforce training in cyber and other essential emerging technologies. He said the U.S. should expedite funds to secondary schools, community colleges and vocational schools to improve their training while showing students pathways to federal employment in emerging technologies.
The federal government should also include a line item in every contract dedicated to training, he said, and the Cybersecurity and Infrastructure Security Agency, or CISA, should be funded at the correct levels to spur training of future cyber practitioners.
Hussain also said the federal government should have more cooperation between the Pentagon and other agencies like the General Services Administration and CISA to improve federal cyber effectiveness. He said the Department of War should assist CISA with funding for utilization or improvement of aging cyber infrastructure. The DOW wouldn’t overtake CISA with its own mandates and controls. Instead, the DOW would share some of CISA’s burdens and improve some of its controls.
The Potomac Officers Club’s 2026 Cyber Summit on May 21 is the elite forum in GovCon for evaluating new business opportunities in the rapidly shifting cybersecurity realm. Win more contracts with business intelligence from our all-star lineup of keynote speakers:
- Aaron Bishop, DOW acting principal deputy chief information officer and chief information security officer
- Chris Butera, CISA acting executive assistant director
- Michael Duffy, Office of Management and Budget acting federal CISO
- Will Loucks, White House Office of the National Cyber Director senior director for intelligence
- Katherine Sutton, DOW assistant secretary for cyber policy
- Rear Adm. Jason Tama, Coast Guard Cyber Command chief
Hussain said there are multiple precedents and contracting methods utilizing the Pentagon working with other agencies, such as the CIA, National Security Agency and the Defense Intelligence Agency. Together, they work toward a collective national mission target area.
But he especially recommends that GSA work more closely with the Pentagon as the GSA covers every federal agency.
“When it’s done in concert with GSA, it’s done very well,” Hussain said. “GSA can be that neutral contracting mechanism to apply Pentagon funds for a collective mission from both agencies.”
What Does the White House Cyber Strategy Say About Promoting U.S. Technologies?
The White House cyber strategy also says the U.S. must move away from adversary vendors and products and, instead, promote U.S. technologies. Hussain said this is critical because it wasn’t that long ago when Chinese-developed Huawei and ZTE components were deployed on U.S. systems with backdoor capabilities.
This, he said, is why there has been such a Pentagon emphasis on secure supply chains and enforcement-focused cyber practices.
“That sentence is reinforcing that we need [a] secure supply chain [with] made in USA components and that we are going to verify that if you are giving me hardware, yeah, we’re going to check that this hardware doesn’t have any back doors,” Hussain said.
