How Trump 2.0 has shaped and shrunk the top U.S. cyber agency
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
A year into the second Trump administration, the Cybersecurity and Infrastructure Security Agency is smaller, leaner and at the center of a growing debate over what the nation's cyber mission should look like.
Why it matters: CISA is at the front lines of protecting U.S. government agencies and private companies from nation-state and cybercriminal digital threats, but it now has fewer people and resources to carry on that work.
The big picture: Buyouts, contract cuts and reduced threat-hunting capacity defined the nation's top cybersecurity agency last year.
- More than one-third of CISA's workforce was laid off or took voluntary buyouts or early retirements last year. Some personnel were reportedly reassigned at the end of the year to ICE, Customs and Border Protection, and other Department of Homeland Security offices focused on immigration.
- Political leadership has also been embroiled in controversy in recent months after acting director Madhu Gottumukkala reportedly failed a polygraph and attempted to oust the agency's chief information officer.
- CISA ended funding to outside election security programs and halted much of its work to support state and local election officials.
Between the lines: A former senior official, who requested anonymity to avoid retaliation, told Axios that the changes have dampened morale inside the agency and made it difficult for it to maintain strong private sector partnerships.
- "Most people I know and worked with have left, and for many, if not all of them, this was a very hard decision," the official said. "I don't know anyone who wanted to leave."
- A second former senior official, who requested anonymity for similar reasons, told Axios that "with hundreds of less people, we are undoubtedly doing less."
Driving the news: Gottumukkala testified repeatedly during a congressional hearing last week that the agency is going "back on mission."
- He told lawmakers the agency "supported more than 4,000 victims of cyber incidents" and "triaged over 30,000 incidents through our 24/7 operations center" last year.
- The agency has also retired 10 emergency directives and co-sealed 39 joint cybersecurity advisories with partner organizations in the last year.
- The White House renominated Sean Plankey this month to run the agency after the Senate didn't take up his bid.
- "CISA remains steadfast in its mission to safeguard the systems Americans rely on by strengthening federal network defenses, empowering businesses, and fortifying critical infrastructure nationwide," agency spokesperson Marci McCarthy said in a statement.
- McCarthy added that the agency will "deepen collaboration with trusted partners, prioritize highly skilled technical professionals, and direct resources for maximum impact" over the coming year.
The intrigue: Tensions are growing between the agency and lawmakers over what exactly it means to return the agency to its mission, which was the stated rationale for cutting certain staff and contracts.
- Part of the House-approved appropriations budget calls on the agency to restart its election security program and provide funding to the Elections Infrastructure Information Sharing and Analysis Center.
- The House's spending bill — which is likely to get held up this week as Senate Democrats push for policy changes at ICE — also provides "$20 million to fill critical vacancies," according to a bill summary.
What to watch: CISA won't be attending the RSAC Conference for the first time in years after the event named the agency's former leader, Jen Easterly, as its CEO.
- "CISA has reviewed and determined that we will not participate in the RSA Conference since we regularly review all stakeholder engagements, to ensure maximum impact and good stewardship of taxpayer dollars," McCarthy said in a statement.
Go deeper: CISA cuts risk exposing small businesses to cyber threats
