Trump’s Slash & Burn 🔥 of Cybersecurity and Infrastructure Security Agency (CISA) Places Nation’s Infrastructure of Financial Systems, Computers, Networks, Electric Grid, Water Systems, Energy, Pipelines, Shipping at Risk

Further Reading

Cybersecurity and Infrastructure Security Agency

The Cybersecurity and Infrastructure Security Agency (CISA) defends critical infrastructure against threats.

Resources

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge / WIRED

By Eric Geller Security Mar 13, 2025 5:30 AM

Mass layoffs and weak leadership are severely impacting the Cybersecurity and Infrastructure Security Agency (CISA), undermining its ability to protect the U.S. from foreign adversaries and ransomware gangs.

“You’ve got a lot of people who … are looking over their shoulder as opposed to looking at the enemy right now,” says one CISA employee.

Suzanne Spaulding, who led CISA’s predecessor during the Obama administration:

  • “Our enemies are not slowig their continuous assaults on our systems. We need all hands on deck and focused, not traumatized and distracted.”

Talent Exodus

CISA’s mission has grown significantly since its creation in 2018. Established mainly to defend government networks, the agency increasingly embraced new roles supporting private companies and state governments, advocating for secure software, and cooperating with foreign partners. This helped CISA raise its profile and gain credibility. But now, following several rounds of layoffs and new restrictions from the Trump administration, the agency is struggling to sustain its momentum.

CISA has lost between 300 and 400 staffers, roughly 10% of its workforce, due to layoffs and the Office of Personnel Management’s deferred-resignation program. This has resulted in a critical skills shortage and increased workload for remaining employees.

Many of those people were hired through DHS’s Cybersecurity Talent Management System (CTMS), a program designed to recruit experts by competing with private-sector salaries. As a result, they were classified as probationary employees for three years, making them vulnerable to layoffs. These layoffs at CISA also hit longtime government workers who had become probationary by transferring into CTMS roles.

Partnership Problems

CISA’s external partnerships have been strained, with international travel frozen and communications with foreign partners requiring high-level approvals. Companies have expressed concerns about sharing information with CISA due to the Department of Government Efficiency’s (DOGE) actions.

Gutting Security Advocacy

CISA’s efforts to help the tech industry with open-source software security and artificial intelligence have been hindered by the loss of key employees and the freezing of related programs. The agency’s work on AI security has been severely limited.

CISA’s external partnerships—the cornerstone of its effort to understand and counter evolving threats—have been especially hard-hit.

International travel has been frozen, two employees say, with trips—and even online communications with foreign partners—requiring high-level approvals. That has hampered CISA’s collaboration with other cyber agencies, including those of “Five Eyes” allies Canada, Australia, New Zealand, and the UK, staffers say.

CISA employees can’t even communicate with people at other federal agencies the way they used to. Previously routine conversations between CISA staffers and high-level officials elsewhere now need special permissions, slowing down important work. “I can’t reach out to a CISO about an emergency situation without approval,” a fourth employee says.

Meanwhile, companies have expressed fears about sharing information with CISA and even using the agency’s free attack-monitoring services due to DOGE’s ransacking of agency computers, according to two employees. “There is advanced concern about all of our services that collect sensitive data,” the third employee says. “Partners [are] asking questions about what DOGE can get access to and expressing concern that their sensitive information is in their hands.”

“The wrecking of preestablished relationships will be something that will have long-lasting effects,” the fourth employee says.

CISA’s Joint Cyber Defense Collaborative, a high-profile hub of government-industry cooperation, is also struggling. The JCDC currently works with more than 300 private companies to exchange threat information, draft defensive playbooks, discuss geopolitical challenges, and publish advisories. The unit wants to add hundreds more partners, but it has “had difficulty scaling this,” the first employee says, and recent layoffs have only made things worse. Contractors might be able to help, but the JCDC’s “vendor support contracts run out in less than a year,” the employee says, and as processes across the government have been frozen or paused in recent weeks, CISA doesn’t know if it can pursue new agreements. The JCDC doesn’t have enough federal workers to pick up the slack, the fourth CISA employee says.

‘Nefarious’ Retribution

CISA staffers are still reeling from the agency’s suspension of its election security program and the layoffs of most people who worked on that mission. The election security initiative, through which CISA provided free services and guidance to state and local officials and worked with tech companies to track online misinformation, became a target of right-wing conspiracy theories in 2020, which marked it for death after Trump’s return to the White House.

The program—on hold pending CISA’s review of a recently completed internal assessment—was a tiny part of CISA’s budget and operations, but the campaign against it has alarmed agency employees. “This is definitely in the freak-out zone,” says the first employee, who adds that CISA staffers across the political spectrum support the agency’s efforts to track online misinformation campaigns. “All of us recognize that this is a common deception tactic of the enemy.”

The election security purge rippled across the agency, because some of the laid-off staffers had moved from elections to other assignments or were simultaneously working on both missions. Geoff Hale, who led the elections team between 2018 and 2024, was serving as the chief of partnerships at the JCDC when he was placed on administrative leave, setting off a scramble to replace him.

The removal of Hale and his colleagues “was the start to a decline in morale” at CISA, according to the second employee. Now, staffers are afraid to discuss certain topics in public forums: “No one’s going to talk about election security right now,” the first employee says.

“The fact that there’s retribution from the president … is kind of frightening,” this employee adds. “A very nefarious place to be.”

Abandoned and Demoralized

The layoffs, operational changes, and other disruptions at CISA have severely depleted morale and undermined the agency’s effectiveness. “Even simple tasks feel hard to accomplish because you don’t know if your teammates won’t be here tomorrow,” says the fourth employee.

The biggest source of stress and frustration is acting CISA director Bridget Bean, a former Trump appointee who, employees say, appears eager to please the president even if it means not defending her agency. Bean “just takes whatever comes down and implements [it] without thought of how it will affect CISA’s mission,” the fifth employee says. Employees describe her as a poor leader and ineffective communicator who has zealously enacted Trump’s agenda. In town-hall meetings with employees, Bean has said CISA must carefully review its its authorities and urged staffers to “assume noble intent” when dealing with Trump officials. While discussing Elon Musk’s mass-buyout program, she allegedly said, “I like to say ‘Fork in the Road’ because it’s kind of fun,.” according to the fourth employee. She was so eager to comply with Musk’s “What did you do last week?” email that she instructed staffers to respond to it before DHS had finalized its department-wide approach. DHS later told staff not to respond, and Bean had to walk back her directive.

“Bean feels like she’s against the workforce just to please the current administration,” the second employee says. The fourth employee describes her as “not authentic, tone-deaf, spineless, [and] devoid of leadership.”

McLaughlin, the DHS spokesperson, says CISA “is not interested in ad hominem attacks against its leadership,” which she says “has doubled down on openness and transparency with the workforce.”

The return-to-office mandate has also caused problems. With all employees on-site, there isn’t enough room in CISA’s offices for the contractors who support the agency’s staff. That has made it “very difficult” to collaborate on projects and hold technical discussions, according to the first employee. “There wasn’t much thought about [RTO’s] impact to operations,” says the fourth employee. According to a fifth employee, “executing some of our sensitive operations is now harder.” (“CISA has worked tirelessly to make the return to office as smooth as possible from space to technology,” McLaughlin says.)

Employees are dealing with other stressors, too. They have no idea who’s reading their Musk-mandated performance reports, how they’re being evaluated, or whether AI is analyzing them for future layoffs. And there’s a lot of new paperwork. “The amount of extra shit we have to do to comply with the ‘efficiency measures’ … [takes] a lot of time away from doing our job,” says the fifth employee.

Bracing for More

When Trump signed the bill creating CISA in November 2018, he said the agency’s workforce would be “on the front lines of our cyber defense” and “make us, I think, much more effective.” Six and a half years later, many CISA employees see Trump as the biggest thing holding them back.

“This administration has declared psychological warfare on this workforce,” the fourth employee says.

With CISA drawing up plans for even larger cuts, staffers know the chaos is far from over.

“A lot of people are scared,” says the first employee. “We’re waiting for that other shoe to drop. We don’t know what’s coming.”

Entire wings of CISA—like National Risk Management Center and the Stakeholder Engagement Division—could be on the chopping block. Even in offices that survive, some of the government’s most talented cyber experts—people who chose public service over huge sums of money and craved the lifestyle of CISA’s now-eliminated remote-work environment—are starting to see their employment calculus differently. Some of them will likely leave for stabler jobs, further jeopardizing CISA’s mission. “What is the organization going to be capable of doing in the future?” the first employee asks.

If Trump’s confrontational foreign-policy strategy escalates tensions with Russia, China, Iran, or North Korea, it’s likely those nations could step up their use of cyberattacks to exact revenge. In that environment, warns Nitin Natarajan, CISA’s deputy director during the Biden administration, weakening the agency could prove very dangerous.

“Cuts to CISA’s cyber mission,” Natarajan says, “will only negatively impact our ability to not only protect federal government networks, but those around the nation that Americans depend on every day.”

National Critical Functions Set / CISA

National Critical Functions: The functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

Download the National Critical Functions Set

CONNECT DISTRIBUTE MANAGE SUPPLY
• Operate Core Network
• Provide Cable Access Network Services
• Provide Internet Based Content, Information, and Communication Services
• Provide Internet Routing, Access, and Connection Services
• Provide Positioning, Navigation, and Timing Services
• Provide Radio Broadcast Access Network Services
• Provide Satellite Access Network Services
• Provide Wireless Access Network Services
• Provide Wireline Access Network Services		 • Distribute Electricity
• Maintain Supply Chains
• Transmit Electricity
• Transport Cargo and Passengers by Air
• Transport Cargo and Passengers by Rail
• Transport Cargo and Passengers by Road
• Transport Cargo and Passengers by Vessel
• Transport Materials by Pipeline• Transport Passengers by Mass Transit		 • Conduct Elections
• Develop and Maintain Public Works and Services
• Educate and Train
• Enforce Law
• Maintain Access to Medical Records
• Manage Hazardous Materials
• Manage Wastewater
• Operate Government
• Perform Cyber Incident Management Capabilities
• Prepare for and Manage Emergencies
• Preserve Constitutional Rights
• Protect Sensitive Information
• Provide and Maintain Infrastructure
• Provide Capital Markets and Investment Activities
• Provide Consumer and Commercial Banking Services
• Provide Funding and Liquidity Services
• Provide Identity Management and Associated Trust Support Services
• Provide Insurance Services
• Provide Medical Care
• Provide Payment, Clearing, and Settlement Services
• Provide Public Safety
• Provide Wholesale Funding
• Store Fuel and Maintain Reserves
• Support Community Health		 • Exploration and Extraction Of Fuels
• Fuel Refining and Processing Fuels
• Generate Electricity
• Manufacture Equipment
• Produce and Provide Agricultural Products and
• Services
• Produce and Provide Human and Animal Food Products and Services
• Produce Chemicals
• Provide Metals and Materials
• Provide Housing
• Provide Information Technology Products and Services
• Provide Material and Operational Support to Defense
• Research and Development
• Supply Water

Joint Cyber Defense Collaborative / CISA No one entity can secure cyberspace alone. In our globally interconnected world, our critical infrastructure and way of life face a wide array of serious risks with significant real-world consequences. The Cybersecurity and Infrastructure Security Agency established JCDC—the Joint Cyber Defense Collaborative—to unify cyber defenders from organizations worldwide. This team proactively gathers, analyzes, and shares actionable cyber risk information to enable synchronized, holistic cybersecurity planning, cyber defense, and response.

Artificial Intelligence / CISA
CISA has developed a Roadmap for Artificial Intelligence, which is a whole-of-agency plan aligned with national AI strategy, to address our efforts to: promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based threats, and deter the malicious use of AI capabilities to threaten the critical infrastructure Americans rely on every day.
CISA will implement the Roadmap through five lines of effort:
Line of Effort 1: Responsibly use AI to support our mission
CISA will use AI-enabled software tools to strengthen cyber defense and support its critical infrastructure mission. CISA’s adoption of AI will ensure responsible, ethical, and safe use—consistent with the Constitution and all applicable laws and policies, including those addressing federal procurement, privacy, civil rights, and civil liberties.
Line of Effort 2: Assure AI systems
CISA will assess and assist secure by design, AI-based software adoption across a diverse array of stakeholders, including federal civilian government agencies; private sector companies; and state, local, tribal, and territorial (SLTT) governments through the development of best practices and guidance for secure and resilient AI software development and implementation.
Line of Effort 3: Protect critical infrastructure from malicious use of AI
CISA will assess and recommend mitigation of AI threats facing our nation’s critical infrastructure in partnership with other government agencies and industry partners that develop, test, and evaluate AI tools.
Line of Effort 4: Collaborate and communicate on key AI efforts with the interagency, international partners, and the public
CISA will contribute to DHS-led and interagency processes on AI-enabled software. This LOE includes developing policy approaches for the U.S. government’s overall national strategy on AI and supporting a whole-of-DHS approach on AI-based-software policy issues. This LOE also includes coordinating with international partners to advance global AI security best practices and principles.
Line of Effort 5: Expand AI expertise in our workforce
CISA will continue to educate our workforce on AI software systems and techniques, and the agency will continue to actively recruit interns, fellows, and future employees with AI expertise. CISA will ensure that internal training reflects—and new recruits understand—the legal, ethical, and policy aspects of AI-based software systems in addition to the technical aspects.

Related Posts