What CISA’s Cuts Mean for U.S. Cybersecurity, And How Organizations Can Adapt
Table Of Contents:
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) might not have been first on the chopping block when the Trump administration came to power, but its day came soon enough. While Elon Musk’s DOGE initiative was busy axing other federal departments, the White House had the Department of Homeland Security’s cybersecurity agency in its sights. Following a relatively small number of initial layoffs in February, reports emerged in April that up to half of its full-time staff and 40% of its contractors were scheduled for termination. According to CBS News, that accounted for around 1,300 staff.
Early this month, Russell Vought, who heads up the Office of Management and Budget, sent a letter to Congress proposing a $491m cut to CISA’s approximately $3bn budget, which equates to 17%.
The cut “refocuses CISA on its core mission—Federal network defense and enhancing the security and resilience of critical infrastructure—while eliminating weaponization and waste,” the letter said. It would eliminate the agency’s efforts to counter misinformation, along with external engagement offices such as international affairs.
Why It Happened
CISA’s downscaling is politically motivated. The language coming out of the White House about the agency’s role has been alarming. Vought’s letter called it “a hub in the Censorship Industrial Complex” that had targeted the president. “CISA was more focused on censorship than protecting the Nation’s critical systems,” he said. The White House also parroted these claims in a document it released titled Ending Weaponization of The Federal Government.
The move to curtail CISA came during a period of score-settling for President Trump, in which he aired personal grievances and exacted revenge. On April 9, Trump signed a presidential memorandum revoking the security clearance for Chris Krebs, whom he had appointed as head of CISA when he created it in 2018. Krebs had questioned Trump’s claims about corruption in the 2020 election, and CISA also called the election the most secure in US history. Both drew Trump’s ire at the time, leading him to fire Krebs.
The campaign against Krebs also extended to his private sector associates. Cybersecurity company SentinelOne, which he had joined as an advisor, also had its security clearance wiped.
What Has Been Lost
The cuts at CISA have affected a broad range of efforts at the agency. It terminated several external contracts for access to Google-owned VirusTotal, along with threat intelligence services from Censy, Nightwing, and Peraton.
Several red-teaming contracts with the rest of the federal government ended, as detailed by one of the team employees, Christopher Chenoweth. Other critical cuts felled several DHS cyber advisory committees, including the Critical Infrastructure Partnership Advisory Council, the Cyber Investigations Advisory Board, and the Artificial Intelligence Safety and Security Board.
CISA’s election security unit has been effectively terminated by eliminating the Center for Internet Security funding, prompting Arizona Secretary of State Adrian Fontes to warn that the state is “effectively flying blind” as it prepares for local elections.
The Multi-State Information Sharing and Analysis Center (MS-ISAC), which collaborated with over 17,000 local government institutions, has also lost at least some of its funding, curtailing its activities.
What It Will Mean
Response to the cuts has been swift and sharp. The election and multi-state cuts saved a relatively small $10m for CISA, but that’s a short-term saving on a long-term loss, warned cybersecurity and privacy law firm Robinson + Cole.
“This saving will be dwarfed by the amount spent on future attacks without MS-ISAC’s assistance,” it warned. “Responding to state and local government cyberattacks still expends taxpayer dollars. This shift is an unhelpful one that will leave state and local governments in the dark and at increased risk. This is a short-sighted strategy by the administration.
“It is difficult to convey in writing the full extent of my concern regarding the rumored plans to decimate CISA, but it suffices to say that upending an agency that plays such an important role in defending the homeland while keeping Congress in the dark is wholly unacceptable,” said Eric Swalwell, ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection in a letter to its acting director, Bridget Bean, on April 10.
Over 400 cybersecurity professionals also signed an Electronic Frontier Foundation petition in support of Krebs. Jen Easterly, who resigned as CISA director as Trump came into office, called what’s happening “a zero-day in our civic integrity”.
How Organizations Should Respond
CISA’s security work benefited everyone, both inside the US and further afield. The reduction in resources and the termination of some pivotal programs make it more difficult for the agency to detect threats at a time when they are rapidly evolving.
Everyone should take heed and do their best to shore up their own capabilities. That means expanding security operations capabilities and focusing hard on incident response. Tracking those advisories that CISA is still able to issue, along with those from other federal agencies, is key, and organizations can also look at others further afield, like the UK’s National Cyber Security Centre.
Community engagement is also an increasingly good practice for those who seek strength in numbers. Sector-specific information sharing and analysis centres (ISACs) are valuable conduits to share information and advice with peers in your sector.
And then, of course, there’s effective cyber hygiene. Best practices, from simple backup automation to network segmentation, are excellent ways to protect yourself against attackers who will be emboldened by a lack of clarity and leadership at the agency.
