The Trump administration’s cuts in cyber programs are putting national security at risk.
Secretary of Homeland Security Kristi Noem defended such cuts in her confirmation hearing, saying that the Cybersecurity and Infrastructure Security Agency needed to be “smaller, more nimble to really fulfill their mission.” She is mistaken.
Over the past three weeks, the agency has reduced staff, slashed budgets and terminated programs, with the administration suggesting that these cuts will “eliminate redundancies” and focus its work on “mission critical areas.” However, the cuts, imposed by the Department of Homeland Security, are in fact undercutting the agency’s core mission areas, weakening U.S. national resilience and casting doubt on America’s ability to repel, thwart and deter attacks in cyberspace.
The Cybersecurity and Infrastructure Security Agency has attempted to fire 130 probationary workers. Among them are some of its most talented cyber experts. They include career intelligence analysts, experienced vulnerability analysts and world-class threat hunters. An unreported number of terminated employees were hired through the Cyber Talent Management System, an initiative created by Congress to help the federal government entice talent from the private sector to address significant federal cyber workforce shortages.
In addition to firing employees, the Cybersecurity and Infrastructure Security Agency also terminated contracts with cybersecurity experts who serve as “red teams.” These penetration testers hack into systems to help the government identify vulnerabilities so that defenders can bolster security before adversaries corrupt their systems.
These red teams are often the most experienced and specialized experts in the cyber field. Without their essential work, vulnerabilities in government networks will go unidentified, further risking infiltration by foreign adversaries.
At the same time, the agency terminated $10 million in funding to the Center for Internet Security. This nonprofit houses the Election Infrastructure Information Sharing and Analysis Center, the mechanism through which state and local election officials and federal partners can share information about cyber and physical threats to election infrastructure.
Complicating this action, the Center for Internet Security also houses the Multi-State Information Sharing and Analysis Center, which provides cyber threat intelligence, cyber incident response assistance and free services to state and local governments. Among its 16,000 members are municipalities that manage local electric and water utilities and K-12 schools. The center is now unfunded, and its future is uncertain. The result is that state and local governments are made increasingly vulnerable to foreign actors.
Noem also dismantled several cybersecurity advisory boards, including the Homeland Security Science and Technology Advisory Committee, the Data Privacy and Integrity Advisory Committee and the Secret Service’s Cyber Investigations Advisory Board. Each of these boards provides unique perspectives on threats to U.S. cybersecurity and technology development. They serve as vehicles for the government to gain insights and advice from private industry.
More concerning was the decision to disband the Cyber Safety Review Board, an investigative body that reviews significant cyber incidents. At the time it was disbanded, the board was specifically looking into how China has compromised U.S. telecommunications infrastructure. The secretary of Transportation would never have dared eliminate this board’s aviation equivalent, the National Transportation Safety Board.
Finally, Noem suspended the Critical Infrastructure Partnership Advisory Council, which is essential for bridging the divide between the government and private companies. It provides legal protection and serves as the convening body under which the Sector Coordinating Councils — consisting of critical infrastructure owners, operators and their associations — meet with the federal government to share threat information, engage in cyber response simulations and flesh out industry-wide cyber challenges. Not every such council was running perfectly, but some were highly successful anchor points of public-private collaboration.
Because of these actions, the Sector Coordinating Councils are not operational. It remains unclear when or whether they will be reactivated, especially without the protection of the Critical Infrastructure Partnership Advisory Council. Their absence leaves industry without a critical lifeline to the government and its intelligence-gathering resources, severely limiting the public and private sectors’ collaborative ability to combat threats in cyberspace.
Another unintended consequence of disestablishing the Critical Infrastructure Partnership Advisory Council was the removal of protections for the use of the Enduring Security Framework, a favorite tool of the National Security Agency to share information with the private sector.
There is nothing wrong with building a more efficient Cybersecurity and Infrastructure Security Agency, and certainly the agency needed some corrective course action. What Noem has done, however, is take a chainsaw to an agency that needed only a scalpel.
Congress specifically created some of these now disbanded programs to address gaps in both the government’s and the private sector’s cybersecurity capabilities. The rationale behind and necessity for these programs remain.
The consequences of these cuts will be felt in our schools and hospitals, in our water systems and electric grids and in many other critical areas as America’s ability to defend itself in cyberspace erodes. This matters because the Trump administration, like the Biden team, recognizes the rapidly growing threat to our national security from China’s malicious cyber activity, as shown by the exploitation of critical U.S. infrastructure by both the Volt and Salt Typhoon operations.
The Cybersecurity and Infrastructure Security Agency should rehire its talent, restore funding and reinstate these programs immediately. Elections have consequences and the Trump administration certainly can make changes as it sees fit, but canceling the tools for public-private collaboration in securing America’s cyberspace is a mistake.
Trump recently nominated a new director, Sean Plankey. A career Coast Guard officer with extensive interagency experience, he has the talent and expertise to make the Cybersecurity and Infrastructure Security Agency more efficient. Congress needs to confirm him fast, and Noem needs to stop gutting the agency in his absence.
Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, where Johanna “Jo” Yang is a research and editorial associate.
