Homeland Security Secretary Kristi Noem promised to prioritize a “comprehensive, whole-of-government approach to cybersecurity.”
But over the last nine months, a key cybersecurity agency under Noem’s command has had its staffing slashed by more than a third, axed funding for election security programs and scaled back its support to state and local governments to protect against cyber threats.
“There’s a real disconnect between the public messaging about cybersecurity and the reality on the ground,” said an employee of the Cybersecurity and Infrastructure Security Agency, which is housed under DHS. This person, like others interviewed for this article, was granted anonymity for fear of retribution.
Lawmakers and those within the cyber community who work closely with CISA to defend the nation’s critical infrastructure from hackers say the Trump administration’s cutbacks have weakened our cyber defenses, particularly as adversaries such as China and Russia have intensified their assaults on U.S. networks.
“The administration keeps undermining CISA, which serves at the forefront to defend our infrastructure and private sector from cyberattacks,” said Rep. Don Bacon (R-Neb.), chair of the House Armed Services Committee’s cyber subcommittee and a frequent critic of the Trump administration’s policies. “Our vulnerability to our adversaries’ cyberattacks grows and we have handicapped ourselves in defending against these attacks.”
The Department of Homeland Security argues that such fears are misguided. It insists that engagement with the private sector has continued, and that it still provides resources directly to state and local governments to tackle cyber threats. The agency also argues that recent changes to CISA are needed to course-correct after supposed excesses under the Biden administration.
“Under the leadership of President Donald Trump and Secretary Noem, CISA has refocused on its core mission: serving as the national coordinator for securing and protecting the nation’s critical infrastructure,” the department said in a statement. “CISA is now delivering timely, actionable cyber threat intelligence, supporting federal, state and local partners, and defending against both nation-state and criminal cyber threats. Any notion that DHS is unprepared to handle national threats because of these changes is unfounded.”
But the cyber environment has dramatically shifted under the Trump administration. CISA, which was established in law by Trump in 2018, has fallen out of favor with the president in recent years over its efforts to debunk his claims that the 2020 election was rigged. GOP leaders have also accused the agency of censoring conservative voices.
According to DHS-compiled data, CISA was down to about 2,500 staff by the end of May — reportedly a loss of nearly 1,000 employees — following a widespread overhaul of the federal government by the Department of Government Efficiency. Teams that focused on providing digital and physical support to U.S. elections were among those impacted by the mass exodus of staff.
Only around 900 of CISA’s remaining employees have been deemed essential during the ongoing government shutdown, while other staffers have been furloughed or laid off. Some CISA staffers were given the option to either move to other DHS agencies, such as Immigration and Customs Enforcement — a priority for the Trump administration — or to leave entirely.
Much of CISA’s stakeholder engagement team — focused on working with state, local and international partners to detect cyber threats — has been laid off or reassigned to other agencies under DHS. At the same time, many CISA employees around the country who provide security support to state and local governments have departed the agency, and CISA has discontinued funding for the Multi-State Information Sharing and Analysis Center, a core cyber threat sharing service used by many of these state leaders.
Noem’s shifting agenda
Some of the frustration around CISA’s stunted cyber operations comes from Noem’s seeming abandonment of early pledges to take a “proactive approach” to protecting the nation’s digital landscape.
As the former governor of South Dakota, Noem invested heavily in programs to recruit new talent into the cyber workforce. South Dakota Gov. Larry Rhoden (R), who served as lieutenant governor of the state alongside Noem before taking over the role in January, described her in a statement as “a forward-thinking leader, especially in the area of cybersecurity.”
During her nomination hearing in January before the Senate Homeland Security Committee, Noem spotlighted the threat of cyberattacks as something that “demands our utmost attention,” and called for a “bigger, faster and smarter” response.
“Our critical infrastructure, from energy grids to financial systems, is under constant attack by foreign adversaries and criminal actors,” she wrote in her opening statement. “As Secretary, I will prioritize a comprehensive, whole-of-government approach to cybersecurity.”
Noem has continued to publicly advocate for fortifying the nation’s cybersecurity while simultaneously greenlighting widespread cuts to CISA. In her first major remarks on cyber as DHS secretary in April, Noem told industry insiders at RSAC — one of the nation’s largest cybersecurity conferences — that she was “committed to cybersecurity” and considered it to be “a national security imperative.” She also encouraged her critics to “just wait” for the Trump administration’s plans on cyber before passing judgment.
“Just wait ‘til you see what we do — there are reforms going on that are going to be much more responsive. Instead of just talking about cybersecurity, we’re going to do it. You’re going to have a seat at the table that’ll be much bigger,” Noem said in her keynote.
But her ambiguous plans for reshaping the nation’s cyber defenses have not yet materialized into a coherent strategy. She has criticized CISA for veering “off-mission” and called for more collaboration between the government and private companies in responding to cyberattacks, though it’s unclear how that will play out in practice. She has also squashed the agency’s work countering election-related disinformation and gutted funding for state and local election security efforts.
‘Our adversaries are salivating’
Some in the cyber community worry that picking apart CISA’s authority and waffling on a clear plan of action could impede the nation’s ability to defend against potentially devastating cyberattacks.
“In retrospect, Secretary Noem’s RSAC speech seems like an utter work of fiction, if not deliberate disinformation,” said a former cyber official. “Clearly, cyber is not a priority for DHS or Noem — making us sitting ducks that are far more vulnerable to cyberattacks. Our adversaries are salivating.”
Complicating matters further is the expiration of the 2015 Cybersecurity Information Sharing Act, a key law that incentivizes private companies to share cyber threat intelligence with the federal government. Noem advocated for Congress to reauthorize the law during her RSAC speech, but it lapsed on Sept. 30.
CISA’s State and Local Cybersecurity Grant Program also lapsed last month. It was established in 2022 and funneled around $1 billion to state and local governments to strengthen cybersecurity efforts.
One state cyber leader said the cuts at CISA and to other state resources have left state and local governments “in the crosshairs” of cyberattacks.
“We’re part of the U.S. government, we’re part of the target set for bad actors,” the state cyber leader said. “We need all of the resources available to mount an effective defense.”
These policy changes come as the country fights off relentless attacks from adversaries eager to exploit cracks in the U.S. cyber armor. China-linked hackers were previously discovered burrowing inside U.S. power and transportation networks, while other state-sponsored groups have spied on Americans through U.S. telecommunications networks. Hackers have also recently exploited widely used tech, including several Microsoft applications, to gain access to U.S. federal agency networks.
“The cyber threat environment continues to be highly complex and highly dynamic,” said former CISA Director Jen Easterly, who stepped down from the role in January at the start of the new administration. “I think the American people want and deserve a cyber defense agency that is non-political, non-partisan, well-led, well-resourced with the capability and capacity to help defend businesses large and small across the country, and the critical infrastructure they rely on every day.”
Some employees at CISA — the agency in charge of protecting U.S. networks and responding to major cyberattacks — say they are spread thin.
“While the remaining workforce is dedicated and mission-driven, the workload has increased substantially without a corresponding adjustment in expectations or support, and without any real acknowledgement of how unsustainable it has become,” said the CISA employee.
Priorities elsewhere
Part of the problem, cyber experts say, is that the Trump administration is focused on immigration and law enforcement efforts at DHS, which has shifted attention away from cyber and limited its available resources.
“The DHS priority is clearly immigration; they’ve shrunk the cyber portfolio,” said James Lewis, distinguished fellow with the Tech Policy Program at the Washington-based Center for European Policy Analysis think tank. “More of the burden is on local governments and industry, but things haven’t gelled in the face of undeterred opponents.”
A second former cyber official put it more bluntly: “Noem’s approach to cybersecurity is to cut, whether it’s CISA or FEMA or canceling cyber contracts, she seems to have one goal and that is to cut cyber capability at DHS.”
Key Democrats on Capitol Hill, long critical of Noem’s leadership at DHS, have called sweeping changes to CISA a serious threat to national security.
“When it comes to Kristi Noem and cybersecurity, we learned quite fast to ignore her words and look at her actions,” House Homeland Security Committee ranking member Bennie Thompson (D-Miss.) said. “Using the shutdown as an excuse to cut CISA’s workforce even further shows that not only is cybersecurity not a priority for Kristi Noem, she’s more than happy to weaponize CISA to further any political ends she wants.”
A spokesperson for DHS said that the agency would “sustain essential functions and provide timely guidance to minimize” disruptions associated with the ongoing government shutdown. The agency also said that it “aligns personnel to meet mission priorities” and that “[layoffs] at CISA are part of this realignment to keep the agency on mission.”
But broader questions about CISA’s ability to effectively monitor and respond to national cyber threats remain. The agency is currently without a Senate-confirmed leader, and a vote on Sean Plankey — Trump’s pick to lead CISA — has not yet been scheduled. And with only a fraction of its staff working during the government shutdown, some worry that the agency lacks the support it needs to secure the nation’s critical systems.
“Part of the question for DHS, and for Secretary Noem, is on cybersecurity — are you doing enough to keep the country safe?” said former DHS Deputy Secretary Jane Holl Lute, who served under the Obama administration.
