Distinguished Fellow Ken Westbrook argues that the National Security Strategy could have done more to recognize cyber-enabled financial crime as a first-order national security crisis.
“Transnational crime networks are using American dollars for drug trafficking, human trafficking, arms trafficking and other evil projects…this is a national security crisis hiding in plain sight.” -- Senator Charles Grassley, June 2025
The new National Security Strategy of the United States misses an opportunity to address a major threat that skyrocketed between 2020 and 2024: cyber-enabled financial crime. US citizens and businesses are under siege by foreign criminals who are exploiting internet vulnerabilities to steal hundreds of billions from our economy each year. We must prioritize this issue and raise our defenses.
Americans—young and old—are under constant threat. Losses reported to the FBI have quadrupled since 2020. The Federal Trade Commission estimates that scammers stole $196 billion from Americans in 2024. Losses at this level would exceed the annual revenue of such corporations as General Motors, Bank of America, or Meta. It would also be about double the annual budget of the Department of Homeland Security.
About eight-in-ten Americans say online scams and attacks are a major problem, according to Pew Research. Small businesses, too, report that fraud losses have surged since 2020.
US government officials and companies are raising the alarm about financial cybercrime and its impact on our nation’s security. In June 2025, Senator Grassley opened a Senate Judiciary Committee hearing by highlighting that “Transnational crime networks are using American dollars for drug trafficking, human trafficking, arms trafficking and other evil projects. Let me be absolutely clear: this is a national security crisis hiding in plain sight.”
In September 2025, 46 companies—including Amazon, Google, Meta, Microsoft, and JPMorganChase—signed a letter to Congressional leadership that emphasized the national security threat of fraud and scams. These companies described how transnational crime organizations are “targeting a broad swath of US companies… in an effort to erode public trust and destabilize the economy.”
Despite the urgency and prevalence of financial crimes, they receive short shrift in the new National Security Strategy. The strategy says “the United States must protect and defend our economy and our people from harm, from any country or source” and gives seven examples, but financial crimes are not among them. Crime is mentioned narrowly in the context of mass immigration and human and drug trafficking. Transnational criminal organizations are only mentioned in the context of the Western Hemisphere, not in the context of a global cybercrime threat.
The Strategy correctly states that “border security is the primary element of national security.” But it does not address the reality that we now have a cyber border that needs protection, just like our physical borders. We need to prioritize cyber-enabled financial crimes where the criminals never cross a physical border—they remain safe in their home countries and hijack the internet and telecom systems to attack us at scale. Foreign cybercriminals have created a sophisticated business model that involves impersonating American organizations and stealing hundreds of billions a year. Criminal use of AI will turbocharge the fraud.
The National Security Strategy articulates a series of goals, including that “we want the world’s strongest, most dynamic, most innovative, and most advanced economy.” It mentions the need to “return economic freedom to our citizens.” Let’s add a new goal: To protect our society from economic attack by making the United States the safest place to be online.
