Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds’ role in cybersecurity.
Before it was subsumed by political commentary, the Cybersecurity and Infrastructure Security Agency (CISA) was a Trump accomplishment — signed into existence in 2018 during his first administration. But that was before accusations of dirty politics and free speech shenanigans turned CISA into a conservative pariah.
Now, CISA is facing an existential political clash with the incoming Trump administration, threatening to take much of the US federal government’s involvement in cybersecurity along with it. The result could potentially increase cyber-risk, but also open up business, investment, and innovation opportunities. A lot of things can be true at once.
CISA’s original mandate couldn’t have seemed more apolitical: coordinate defending US infrastructure against cyberattacks, and then help share critical information among US enterprises to increase the nation’s overall posture in the bargain. But then came the 2020 election, CISA’s efforts to combat what the agency deemed “misinformation,” and the subsequent conservative backlash.
Trump and the Politics of CISA
Chis Krebs, then the agency’s director, was very publicly fired just weeks after the 2020 election for rejecting claims of fraud from the Trump administration, and has remained a high-profile political player ever since. Krebs is a regular on the cable news circuit, and in July 2023, he confirmed to CNN that he was interviewed by special counsel Jack Smith in the investigation into Trump and the 2020 election. In the runup to the 2024 election, Krebs appeared on outlets including Face the Nation to once again push back on Trump campaign claims of election fraud.
His replacement, Jen Easterly, took a more low-key approach. Her accessibility, deep military ties, and cybersecurity expertise — sprinkled with a dash of aspirational cool-girl charm — made her a hit among the cyber rank-and-file. She also mostly stayed away from politics, leading the fledgling agency through a crucial four years. But that effort, however disciplined and well intentioned, hardly spared Easterly or CISA from widespread conservative ire. In January 2024, Easterly was even targeted at home in a swatting incident.
“I think Jen Easterly had a tremendous challenge solidifying the role of a very young agency, and one mired in allegations from Republican politicians,” cybersecurity expert Jake Williams tells Dark Reading. “Given those very real challenges, she did an outstanding job. I can only imagine what could have been with bipartisan support for CISA’s many missions.”
Following the 2024 election, Easterly said she will resign on Inauguration Day. But the agency is still at work, publishing a draft of an updated National Cyber Incident Response Plan for federal agencies and industry to work together during major cyber events, which is open for comments until January 2025.
That kind of coordination between CISA and the private sector was exactly what the agency was built to become under the Biden administration. It took a proactive role in developing cybersecurity standards, and offering cybersecurity grants to states to invest in their own cyber operations, led largely by the efforts of Easterly. During his administration, President Biden allocated billions to strengthen the US cybersecurity infrastructure, and signed a flurry of executive orders on everything from AI to zero trust in an effort to raise the country’s level of cyber preparedness.
Some of the agency’s notable accomplishments during the past four years included establishment of the joint cyber defense collaborative (JCDC) and the Known Exploited Vulnerabilities (KEV) program, according to Casey Ellis, Bugcrowd founder. Ellis also worked with CISA on the federal CEB vulnerability disclosure program, where CISA serves as a repository for researchers who discover flaws in government systems so they can be reported and mitigated more quickly.
Explore IT Tech News for the latest advancements in Information Technology & insightful updates from industry experts!
Source: https://www.darkreading.com/cybersecurity-operations/trump-20-portends-shift-cybersecurity-policies
