BOTTOM LINE UP FRONT – As the U.S. faces unprecedented threats from cyberattacks, experts are warning about the impact of cuts to the nation’s cyber defenses while the U.S. still doesn't have a confirmed Assistant Secretary of Defense for Cyber, a confirmed CISA Director or a confirmed National Cyber Director - though nominees have been announced.
Meanwhile, the White House has proposed nearly $500 million in cuts to the Cybersecurity and Infrastructure Security Agency (CISA), and is reportedly finalizing plans to remove some 1,300 people from the CISA payroll.
"There've been reductions certainly in the disinformation and misinformation operations programs at the State Department, FBI, and CISA," former Executive Director of the Cyberspace Solarium Commission Mark Montgomery told The Cipher Brief. "And what people don't know is, are we at the bottom? Are we at the floor of these changes – which I hope we are – and if so, then what's the rebuild? So, in the cybersecurity realm, there's angst followed by potential for opportunity. But right now, we're in that angst phase of the 12-step program."
"I think we've gotten the ball teed up," Former DHS Assistant Secretary for Cyber, Infrastructure, Risk and Resilience Matt Hayden told The Cipher Brief. "It hasn't been hit like a home run yet because they haven't shown their cards for what the exact strategy will be for groups like CISA."
Administration officials are pushing back on criticism over the fact that they haven't yet made clear what their strategy is in the midst of significant cuts. In a keynote speech at a cybersecurity conference in San Francisco, Homeland Security Secretary Kristi Noem defended the administration’s plans and said that CISA would be restructured to focus more closely on threats to U.S. critical infrastructure – particularly from China – with less of a focus on disinformation campaigns traced to Russia and China.
“We’re going to make sure that we need to put CISA back to focusing on its core mission,” Noem said, while acknowledging concerns about workforce cuts saying, “I would encourage you to just wait till you see what we're able to do. There are reforms going on that are going to be much more responsive. Instead of just talking about cybersecurity, we're going to do it.”
The Cipher Brief spoke with a range of cybersecurity experts to dig in on where they see exposure to threats - particularly those emanating from China - and where they see hope.
THE CONTEXT
- The White House is calling for $491 million in cuts to the Cybersecurity and Infrastructure Security Agency (CISA) in its “skinny budget” government spending proposal. It is also reportedly finalizing plans to reduce CISA's workforce by some 1,300 employees.
- Roughly 130 workers at CISA were laid off in mid-February as part of wider cuts at the Department of Homeland Security (DHS).
- On January 20, the DHS terminated the Cyber Safety Review Board as part of efforts to eliminate a “misuse of resources.” The group was established in 2022 to analyze major cyber incidents and provide recommendations to strengthen public and private defenses.
- Homeland Security Secretary Kristi Noem says the administration is continuing to prioritize building cyber resilience in critical infrastructure and countering threats from China and that CISA is being refocused to put it “back on mission” and better tackle these issues, rather than acting as what she called the “Ministry of Truth,” referring to CISA efforts to prevent disinformation.
- Former CISA Director Jen Easterly cited election security efforts as an important component of U.S. critical infrastructure.
- Alexei Bulazel, senior director for cyber on the White House’s National Security Council, says he wants to “destigmatize” offensive cyber operations, calling them “one arrow in the quiver” as part of U.S. defense and deterrence against cyberattacks.
THE EXPERTS
"Let's remember: China and Russia aren't burdened by things like elections, so they don't have this kind of transition. They are progressing full speed. And let's be clear that in the time that we've magically grown our offensive cyber force - about 3% over the last decade - they've grown theirs by 1,000%. And quantity isn't everything, but [China] is getting better and more aggressive, and their tools are getting better. We can't have these perturbations – or at least we can't have extended perturbations.
I will say I am excited about one or two things. Katie Sutton as the Assistant Secretary of Defense for Cyber is a great pick. Sean Cairncross as the National Cyber Director is a great pick, a really interesting great pick. And Sean Plankey, if he goes to CISA [as director], he's been nominated, will be a great pick. So three of those four jobs that I mentioned could fill with really what I consider top-notch leaders, the best they could have hoped for in an incoming administration. So there is opportunity and hope, but boy, we need to get these executed and in play.
Meanwhile, what I would love to see is some acknowledgement, somebody who can figure out how to make the American people care as much about cyber as they do about physical threats. And I'll give you one example here. If I told you that Volt Typhoon was a thousand penetrations of critical infrastructure like trains and rail and aviation and ports and electrical power grids with malware or access that they can get to later on, the American people kind of shrug. But if we told them, Hey, the same Chinese perpetrators put 1,000 backpacks with 20 pounds of Semtex [explosives] in each one and had a little patch that said, courtesy of the PLA with a middle finger on it, we might be at war, right?
The same effect, the same intent, the same operational preparation of the battlefield. One is cyber, one's physical, and the American people can't figure it out. I don't know yet how to make that happen."
Experts talking about investments in cyber and critical technologies and their impact on national security at The Cipher Brief’s NatSecEDGE conference June 5-6 in Austin. Join us and bring your expertise to the mission.
"Candidly, if you look at NSA, CISA, and the FBI, they're usually our trifecta when it comes to domestic cyber – either defense or sometimes offensive operations. They're looking at how those three groups are structured. They're looking at their leadership's ideas around reorganization. They're looking to Congress and the budget to make sure that they're properly resourced.
But what they were doing this week [at RSA] was saying, we're making sure that the threats against the homeland, the threats against critical infrastructure, always have a watcher, always have a defensive element and an operational element that is working. And so they wanted everyone to know that the guard isn't down, albeit that there is a large understanding out there that reorganization is a requirement. It feels like the specifics are still being worked out, just because we're not in the room to see their plans. But the incoming nominees just shared: we're going to be on the Hill working our nominations, we're going to be engaged with these agencies at every level. That includes making sure [they are] properly resourced and budgeted. We heard from Secretary Noem that it's back to basics. Well, what she was saying is we're doing what CISA is supposed to be doing from a core mission perspective. The good news for those that watch CISA is that its making sure critical infrastructure is defensible, and resilient. And those are mission areas that everyone really counts on CISA to succeed with.
We're looking at a new way to talk about the [cyberdefense] workforce. It still feels like it's being forged. What I'm seeing is, instead of saying we need more cyber professionals, hard stop, what we're saying is we need people inside the operations of these sectors to have a cyber understanding as well. So if we're talking about the healthcare sector, for example, we don't just say we need cyber people to flood the healthcare sector. We say we need the people who really know the healthcare sector best to also have a cyber understanding. And that's a good pivot, I think, to scale that workforce. You're always going to need pure cyber players to help with that real engineering, but you're also going to need the people who truly understand the operations and use cases to marry those together in an effective way. And so making that background be a little bit more consistent across these areas, especially where they're what we consider in the cyber world as have-nots – like health care – is going to be a big play."
Join experts with deep experience in government and the private sector as they tackle the biggest cyber challenges of our time by signing up for the Cyber Initiatives Group's Sunday Cyber Read Ahead today.
"The global situation broadly is deteriorating. Russia, China, Iran, North Korea, continue to advance their [cyber] capabilities in their own organizations.
In my view, the United States is organizationally, capability-wise and from a coordination perspective, falling behind. And we are watching with concern the tumult amongst security and defense officials in Washington because fundamentally, we can either succeed together or we can fail separately. And New York wants to work together with the U.S. government, with the Trump administration, to advance our shared goal of a strong, secure, prosperous United States. And that unfortunately seems to be moving in the wrong direction with some of these moves.
We work very closely with CISA, with the FBI, with the EPA on water cybersecurity, with the Department of Energy on power. Those are important. And the sooner that those leaders are confirmed by the Senate and in place permanently, the more rapidly that we build our capabilities instead of cutting them, we think the better off that we will all be.
(Kristi Noem’s April 29 speech) is not the first time the Trump administration has indicated their focus on cybersecurity, both on the security of critical infrastructure more generally and the importance of deterrence. Those are good things that we support. But our adversaries are not waiting. Our adversaries are not standing by. Our adversaries are conducting ransomware attacks against our businesses, our schools, our hospitals each and every day. The Chinese in particular are continuing to wantonly steal intellectual property. And so unfortunately, we're not in a situation where we can wait. I think time is of the essence.
You had the deferred resignations, you had the voluntary separation agreements that have been sent out by DOGE and by others, which did not exempt CISA. So we have seen the reports that a lot of people, including senior leaders and key personnel, are taking voluntary separation agreements, which does concern us because those are some of the people who are hardest to retain. I think the overall lack of stability and the tumult at those places is itself bad for business.
[But] I am optimistic. The (DHS) secretary is at RSA, the special assistant to the president Alexei Bulazel is also at RSA. There is hope. However, we are rapidly finding ourselves in a situation in which we will not be fighting a cyber battle in a time and place of our choosing. We'll be fighting it at a time and a place of our adversaries’ choosing, and that's never the place you want to be in."
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief