In the second of this two-part blog series, CTI Consultant Kit Palmer investigates US foreign and domestic policy and the wider implications for European security.
The first hundred days of the second Trump administration have been characterised by turmoil and uncertainty, with the ‘America First’ agenda seeing Washington adopt an increasingly isolationist foreign policy position, decoupling US national interests from global security and the advancement of liberal democratic values worldwide.
Bringing into question decades-long relations with both allies and adversaries alike, the implications of this seismic shift are broad-reaching and will have a notable effect on Europe’s cyber threat landscape and wider security environment.
One of President Trump’s first actions in office was to shutter the USAID foreign aid programme, which provided civilian cybersecurity support and infrastructure protection across numerous geographies, including Ukraine. Decisions like the politically motivated – albeit temporary – pausing of intelligence sharing and military support with Ukraine in February 2025 negatively impacted not only Ukraine’s military operations but also its cybersecurity posture, reducing visibility into cyber and broader intelligence threats as Russia continued directing the full force of its cyber actors against Kyiv.
The wider availability of cyber threat intelligence has also been impacted by Trump’s domestic policies. Internal cuts to the staffing and operational capability of critical organisations like CISA(Cybersecurity and Infrastructure Security Agency) have exacerbated critical delays to updating key resources like the Known Exploited Vulnerabilities (KEV) database, which many organisations use to identify, track and patch critical vulnerabilities.
Funding for the non-profit MITRE Corporation’s threat actor and intelligence-sharing initiative – a key component of the intelligence collection capabilities for many public and private sector entities worldwide - was also brought into doubt in April 2025.
Aside from damaging the US’ own defensive capabilities and wider national security posture, the reduction of these critical components directly reduces visibility into malicious cyber activity and wider state and non-state behaviour, reducing the ability to identify and respond to emerging and ongoing threats and to protect critical infrastructure and assets.
Removing support also impacts entities’ ability to engage in effective incident response, heightening their susceptibility to malicious cyber activity and increasing the likelihood of a malicious actor – state or non-state – achieving various objectives.
Even where US intelligence products remain available, a series of politically motivated cuts and personnel changes within key US agencies have raised concerns over US intelligence capabilities and politicisation of its intelligence outputs.
In April 2025, the White House fired several key National Security Council aides and removed General Timothy Haugh, the head of the National Security Agency and US Cyber Command. Anonymous sources positioned the actions as politically motivated targeting of personnel deemed disloyal to the president or unwilling to implement Trump’s ‘America First’ agenda. Former Cybersecurity and Infrastructure Security Agency (CISA) head Chris Krebs was also placed under investigation in April 2025 over defending the validity of the 2020 elections, with a White House memorandum denoting Krebs as a ‘bad-faith actor’. Wider anti-DEI (diversity, equality and inclusion) policies across the Trump administration are also likely to impact security personnel.
Politically motivated personnel changes will have a detrimental impact on US cyber security posture and wider security and intelligence capabilities, with adversarial actors highly likely to exploit these opportunities.
Use of a federal agency to investigate a cyber security professional like Krebs could dissuade pursuit of security- or government-related careers over fear of political persecution, leading to a longer-term ‘brain drain’ effect out of both the security industry and the US itself.
This effect may be compounded by ongoing pressure on US universities to acquiesce to Trump’s domestic agenda. Anti-DEI policies will not only contribute to politicisation but will also likely weaken intelligence and security capabilities and eliminate the widely documented benefits diversity brings to intelligence as a field.
Ultimately, broader politicisation of intelligence will reduce the ability of an objective intelligence community able to confidently speak truth to power, undermining the veracity and efficacy of intelligence outputs, to the detriment of both the US and its allies and intelligence partners.
On a more abstract level, US policy also creates opportunities for other states and actors to expand their presence in affected regions and pursue their own geopolitical and wider interests.
For example, as well as shuttering USAID, Washington has shut down the long-running Radio Free Europe programme and enacted cuts across multiple outward-looking initiatives, including the Peace Corps. Such actions fundamentally undermine Washington’s capability – and indeed highlight its unwillingness – to project soft power in pursuit of wider geopolitical goals, but also present an opportunity for other states – and indeed US adversaries – to expand their own presence in affected regions.
China, for example, is increasingly positioning itself as the safe and stable choice in the face of US tumult and is exploiting US isolationism to diffuse its own model of digital authoritarianism. Meanwhile, Zambia’s recent adoption of a highly intrusive cyber surveillance law was likely influenced by its close surveillance and technology cooperation with Beijing.
Allowing authoritarian states to set global cyber norms is inherently detrimental to the wider security landscape. Setting and exporting these standards exposes individuals and entities in affected regions to intrusive surveillance and censorship regimes while also normalising offensive and reckless cyber activity against adversaries, while encouraging the diffusion of surveillance and intrusion technologies.
It also helps consolidate power within authoritarian regimes and encourages alignment of both authoritarian and more neutral states with adversarial powers like Russia and China, exacerbating the slide towards multipolarity. Ultimately, it is adding additional adversaries into an already challenging and complex operating environment.
Of greater direct consequence for Europe’s security is the Trump administration’s relationship with Russia. Trump has criticised certain Russian actions in Ukraine, threatened Russia with new sanctions and invoked personal rebuttals of Putin; however, peace talks excluding Kyiv, talks of removing sanctions, blaming Ukraine for starting the war and the highly public February 2025 conflict with Zelenskyy in the White House have played entirely into Russia’s hands and indicate an underlying desire to expand and normalise relations with Moscow.
The May 2025 minerals deal between the US and Ukraine, while superficially appearing to signal a shift back from Moscow and recommitting the US to supporting its long-time ally, lacks concrete security guarantees and will do little to deter longer-term Russian revanchism and designs on Ukraine.
This rapprochement will embolden Putin to continue pursuit of his wider objectives of reestablishing Moscow’s great power status, reinvigorating Russia’s international standing and enacting punitive measures against a Europe which Russia perceives as hostile, aggressive and standing in the way of its wider domestic and foreign policy ambitions.
In the cyber domain, Russia is likely to continue directing the majority of its cyber power against Ukraine, but Europe is likely to be subject to intensified intrusion efforts and espionage activity against critical infrastructure, governments and other priority targets, with Moscow seeking intelligence on Europe’s relations with the US, inter-continental tensions and other information of potential value to the Russian state.
Moscow will almost certainly continue its expansive influence campaigns focused on undermining governments, dissuading support for Ukraine and disrupting burgeoning European unity to the benefit of Moscow. Multi-spectrum operations, including hybrid cyber-enabled and human intelligence networks and sabotage operations conducted via proxies acting on behalf of the Russian state will continue unabated.
The efficacy of these efforts is likely to be compounded by the simultaneous reduction indirect cyber security and technical support as a result of US policies, making Europe as a whole less resilient, less secure and more vulnerable.
Rapprochement with Russia and Washington’s broader unpredictability raise a broader concern: the question of trust between the US and its allies. Ongoing concerns over US trustworthiness and politicisation of intelligence positions could make allies increasingly reticent to share information with Washington over concern sit will find its way into Moscow’s hands, damaging the integrity and utility of intelligence partnerships. While not directly related to intelligence sharing, UK officials increased security around sensitive trade documents following Washington’s implementation of global tariffs in April 2025, highlighting increased tensions between allies and burgeoning viewpoints of the US as an adversary to Europe. Downstream intelligence partners of close US allies may also restrict intelligence sharing and cooperation over wider concerns regarding US policy and reliability. Operational security failings at the highest levels of US government have done little to alleviate these concerns.
Conversely, this issue of trust and fluctuating international relations could be viewed as an opportunity for Europe. The spectre of aEurope without the US, the continent’s de facto security guarantor since at least the Second World War, has catalysed a bloc-wide push for collective defence and security and a much more proactive and autarkic stance than has been observed for much of the last century.
For example, European leaders have rallied around Ukraine, pledging additional aid and pushing to establish a peacekeeping force against future Russian aggressions while also expanding their own commitments to defence and military rearmament in the looming shadow of Russian revanchism.
Europe is also making moves to expand intelligence partnerships and defensive alliances both within and without the continent: such initiatives bolster the diversity and resilience of intelligence streams and cement new and emerging partnerships, of significantutility in an increasingly multipolar world.
However, these potential benefits and the results of increased defence spending will take time to come into effect, leaving Europe vulnerable in the short term.
A range of adversarial actors – including, but not limited to, Russia - are likely to exploit this vulnerability, seeking to undermine Europe from within through a range of measures ranging from proxy sabotage operations to promoting extremist politics.
Prioritisation of defence over other programmes like foreign aid or social initiatives could drive domestic unrest and complicate overseas relations: these developments would further undermine the West’s political capital worldwide, potentially exacerbate already contentious issues like migration, and ultimately provide ample fuel for malicious influence campaigns targeting the continent and its citizens.
The foreign policy and wider actions of Washington under Trump will shape the international landscape for decades to come.
For Europe, US isolationism will almost certainly have a negative effect on cyber security and intelligence sharing capabilities as support and partnerships are removed and whittled down, while providing opportunities for Europe’s adversaries and emboldening aggression and promotion of anti-democratic values worldwide.
Of greater strategic consequence is the damage done to the sacred bond of trust underpinning cooperation between the continent and the transatlantic hegemon, with the potential to unravel over a century of goodwill and rewrite global relationships to the detriment of both Europe and wider post-Cold War liberal international order.
These tumultuous times should finally be a wake-up call for the continent. In response, Europe should continue exploring and supporting national and collective rearmament and defensive movements, increasing both defensive and offensive capabilities to prepare for an increasingly dangerous world.
These issues of uncertainty and trust should also demonstrate to Europe the need to begin exploring, supporting and implementing homegrown technologies, with many across the continent increasingly interpreting the overwhelming reliance on US- and foreign-made technology as a strategic weakness and national security concern.
Europe’s robust regulatory frameworks should be used to promote a security-first approach with these technologies, emphasising principles like secure-by-design over rushed development and deployment. On a more global scale, where possible, Europe should seek to exemplify and promote a model of internet governance combining both digital sovereignty and a multi-stakeholder approach promoting a free, fair and open internet that is a viable and attractive alternative to digital authoritarianism, while also recognising the importance of soft power initiatives promoting European values and bolstering international partnerships.
Ultimately, Europe should pursue solidarity, unity and collective courses of action and present a united front against a myriad of current and future threats – wherever they may emanate from.
It is yet to be seen whether Europe’s burgeoning collective security efforts will be sufficient in protecting the continent, its citizens and its interests against current and emerging threats, but one thing is clear: while Trump’s Washington is currently unlikely to develop into a strategic adversary for Europe, many of its current and future actions embolden adversaries worldwide and undermine and threaten Europe’s own security, both in the cyber realm and beyond.
SecAlliance produces monthly Geopolitical analysis and bi-annual PESTLE-M Horizon Scanning for the cyber domain that is released to its ‘ThreatMatch Access’ clients. For details on ThreatMatch subscriptions please contact info@secalliance.com
