CISA at a Crossroads
The US cybersecurity policy and Infrastructure Security Agency (CISA), once lauded as a hallmark of Donald Trump’s first term in 2018, faces political turbulence as his administration returns to power. Created to safeguard US infrastructure from cyber threats and promote collaboration between public and private sectors, CISA’s apolitical mandate has become deeply entwined with political controversies.
The agency’s credibility hit after the 2020 election when its then-director, Chris Krebs, was dismissed for countering Trump’s election fraud claims. Krebs later became a prominent political commentator and represented a polarizing chapter for CISA. His successor, Jen Easterly, sought to distance the agency from politics, emphasizing its cybersecurity mission. Despite her efforts, Easterly and CISA faced conservative scrutiny, with allegations of partisan bias.
As Trump prepares to take office, Easterly has announced her resignation, effective Inauguration Day 2025. Meanwhile, CISA continues its mission, releasing an updated draft for the National Cyber Incident Response Plan, aiming to enhance coordination between federal agencies and private enterprises during major cyber events. However, its future role remains uncertain as conservative leaders push to curtail its authority, particularly in areas like misinformation and election security.
US Cybersecurity Policy Shifting Cybersecurity Priorities Under Trump
The incoming administration signals a shift in the federal government’s approach to cybersecurity, leaning toward deregulation and an increased reliance on public-private partnerships. Trump’s distaste for regulatory oversight and his administration’s emphasis on economic growth are expected to reshape cybersecurity policies. Experts predict a reduced role for federal enforcement of security regulations and an expanded focus on offensive cyber strategies, particularly against adversaries like China, Russia, and Iran.
Casey Ellis, founder of Bugcrowd, foresees opportunities for the private sector to engage in defend-forward and disruption operations. He also anticipates structural changes within agencies like the National Security Agency (NSA) and Cyber Command. John Bambenek, a cybersecurity expert, echoes these sentiments, suggesting the Trump administration will likely lessen regulatory burdens on companies, including diminished accountability for chief information security officers (CISOs).
This hands-off approach may also impact antitrust actions against large tech firms, paving the way for further consolidation in the tech and cybersecurity industries. While deregulation could spur innovation and investment, it raises concerns about whether the federal government will maintain adequate oversight in the face of escalating cyber threats.
Balancing Deregulation and Security
As the US cybersecurity policy navigates an evolving cybersecurity landscape marked by rising cyberattacks, artificial intelligence developments, and global cyber-military conflicts, experts emphasize the importance of sustained federal involvement. Roselle Safran, a former cybersecurity leader in the Obama administration, advocates for consistent resources to bolster national cybersecurity efforts.
CISA’s future under Trump remains a topic of debate. Critics argue that reducing its role could undermine progress made since its inception, while proponents see deregulation as a chance to enhance innovation and public-private collaboration. Jason Soroko of Sectigo highlights CISA’s achievements, such as the Known Exploited Vulnerabilities program and proactive initiatives like Secure by Design, which have strengthened industry resilience.
Despite these successes, CISA faces mounting challenges, including skepticism from key conservatives like Senator Rand Paul, who has pledged to impose strict limits on the agency. As the Trump administration embarks on its second term, cybersecurity stakeholders express cautious optimism, urging a balance between deregulation and the need for robust defenses.
The path forward hinges on depoliticizing cybersecurity discussions, ensuring that national security remains a priority amidst shifting political and economic dynamics. While the Trump administration’s approach promises opportunities for innovation, it also raises questions about how the US will address its growing cyber vulnerabilities.
