America’s cybersecurity defenses are cracking

It was late June, and something strange was happening on Arizona’s online portal for political candidates. Pictures of the candidates were disappearing. In its place, pictures of the Iranian Ayatollah Ruhollah Khomeini appeared. The country would later believe it was an attack from an Iranian government group. When they first discovered the threat, they were in the dark, and they needed help.

The office of Arizona Secretary of State Adrian Fontes took measures to contain the threat, which it says did not affect voters’ personal information. But one thing he didn’t do was contact the federal agency that was among Fontes’ first contacts: the Cybersecurity and Infrastructure Security Agency (CISA).

CISA, headquartered at the Department of Homeland Security (DHS), is the U.S. central coordinator of cybersecurity information. The agency helps organizations that manage critical infrastructure from elections to sanitation prepare for cyber and physical threats, and helps streamline response to attacks when they arise.

But since the beginning of President Donald Trump’s term, CISA has faced mass staff cuts, reassignments to immigration-related work, and recent furloughs stemming from the ongoing government shutdown. The Trump administration has asked to cut CISA’s $3 billion budget by nearly half a million dollars and cut a third of its workforce. While some of this reflects actions at other government agencies, Republicans have a particular animosity toward CISA, thanks to its role in tracking misinformation about the 2020 election. Now, with the agency greatly diminished and under Trump’s control, the people who once worked and cooperated with it are losing confidence.

Normally, Fontes would have been in regular contact with CISA, even before the attack. The agency helped Arizonans create emergency preparedness workshops for Election Day threats. Its staff will physically inspect election-related buildings and make recommendations to make them safer. When polling places in Arizona received bomb threats during the 2024 election, Fontes says Edge In one interview, the state got information about the situation “immediately” from CISA and only had to delay one polling location by 20 minutes. “We were mostly set up with the help of people like CISA, and they were settling disputes between all the other federal organizations,” Fontes says. The same should have applied to the Iran-related hack.

But under Trump, Fontes says, many of the CISA employees his office regularly worked with have left, while Trump loyalists have taken key positions at the Department of Homeland Security. Its election integrity team is led by right-wing activist Heather Honey, who has promoted conspiracy theories about voting fraud. “How can I disclose security information of a highly sensitive nature, which could easily be exploited for political purposes, with an agency that has been destroyed and politicized?” Fontes says. “It would be foolish of me to do that.”

Fontes says that after discovering the attack on the candidate portal, his office contacted the National Guard and the Arizona Counterterrorism Information Center, which has connections to federal agencies — but ruled out CISA as much as possible. The decision confirms the extent of the trust that the agency has lost. It also reveals a troubling threat to US cyber defenses.

CISA’s value comes from its comprehensive view of cybersecurity. It can gather threat intelligence and make recommendations based on it, as well as helping less sophisticated players with training and preparation. The agency deals with much more than just elections. It focuses on critical infrastructure such as water and transit systems, which experts have warned for years may be vulnerable to cyberattacks. When Microsoft Exchange Online was compromised in 2023 by what the U.S. identified as Chinese-affiliated hackers, “CISA was a central point for information sharing” across federal agencies and looked for other vulnerable areas, according to a report detailing the response.

But this ability only holds if companies, state-level agencies, and other organizations feel that disclosing the information is safe and worthwhile. The more wary groups become about working with CISA, the more at risk everyone is.

It’s not just Fontes who is worried. Earlier this year, the Department of Homeland Security moved to dissolve a public-private partnership that gave facilities legal cover to share more sensitive security information with the government. The move has raised concerns about who at the federal level will push security information to state and local stakeholders, says Cynthia Lin, general manager of the Colorado Water and Sewer Utility. Between the CISA staff bust and the government shutdown, “it’s hard to find that new level of activity and engagement because there’s been so much unrest over the last six months,” Lin says.

Meanwhile, people who still contact the agency will find it difficult to reach them. Last month’s layoffs affected approximately 95 employees in the agency’s Stakeholder Engagement Division (SED), which coordinates discussions with infrastructure operators, non-profit organizations, academic institutions and international partners. Dive into cybersecurity I mentioned. Compounding the problems, a law incentivizing companies to share cyber threat information by providing legal protections has expired, and in the midst of the government shutdown, grants to state and local governments to bolster their cyber defenses have expired.

A three- to four-month “pause” in hiring is normal at the beginning of an administration, says retired Adm. Mark Montgomery, senior director of the Foundation for Defense of Democracies and the Center for Cyber ​​and Technology Innovation. “But instead, what we saw was a significant halt in progress in improving cybersecurity across the federal government and, in some cases, a rollback.” He says the cuts include “key areas that cannot afford to lose,” including joint cyber defense cooperation, which helps improve threat intelligence sharing between the public and private sectors.

The Trump administration has denied that CISA is having problems. Nick Andersen, CISA’s assistant executive director, said in September that despite “the overwhelming number of recent reports about CISA and the potential for deteriorating operational capabilities… nothing could be further from the truth.” Montgomery says the assessment “challenges the government’s 250-year history. We don’t do these kinds of cuts and everything is fine.”

CISA’s director of public affairs, Marcy McCarthy, says in a statement that during the Trump administration, the agency “continues to execute its mission amid a record Democratic-led government shutdown,” and is collaborating with federal agencies and private sector players to improve cybersecurity. “CISA will not operate as it did during the Biden administration, when it focused inappropriately on elections and oversight,” McCarthy says.

But a former CISA official, who declined to be named due to privacy concerns, warns that the Trump administration is “playing with fire” by cutting back on CISA services. Over the past few years, the United States has faced several major attacks, including the Microsoft Sharepoint hack and a major attack on American communications systems, which last year led officials to recommend that all Americans use encrypted communications. “It’s only a matter of time until something important happens,” they said. Edge.

For a facility like Lane’s, which employs 15 people, CISA continues to provide free weekly threat assessments to identify vulnerabilities in its defenses that it otherwise would not be able to afford. The result of a breach in their operational systems can be very tangible to the community: outages in water mains due to increased pressure on distribution systems, or the flow of sewage into nearby rivers.

For his part, Fontes has had to balance placing trust in CISA with the threat of losing the trust of his constituents. It has taken years of sustained efforts to build voter confidence in how the state runs elections, and now he worries that all it might take is a social truth post from Homeland Security Secretary Kristi Noem to light the fire. “I have to look at the data that we have and the information that we have as if someone in the administration is going to turn it around and use it against me and my administration because I’m a Democrat,” Fontes says.

Fontes says the state kept DHS informed of the candidate portal breach to the extent required by law (without providing details on exactly how). But he says his office has figured out how to keep the agency at arm’s length, what he refers to as “silent mode.” “We’ve found ways to comply with the law, but also not be vulnerable to the politicized environment that CISA now represents,” he says. “The new approach is to partner with those you can trust, in as limited a way as you need to get the job done.”

This may mean withholding some simple details that only a central power like CISA could understand. “The idea of ​​an open line of communication, where you can share all kinds of things, even things that aren’t essential because they might connect the dots with some other stuff — doesn’t exist anymore,” he says.