Critical Infrastructure Security
,
Government
,
Industry Specific
Could CISA’s Uncertain Future Embolden Nation-State Attackers?
As the future of the Cybersecurity and Infrastructure Security Agency becomes increasingly uncertain in the wake of a massive federal overhaul, experts warn that key U.S. infrastructure sectors, including energy, financial services and election infrastructure, are at a heightened risk of cyberattacks and cyberespionage.
See Also: Cisco Umbrella for Government: Helping Agencies Meet Their Enhanced Cybersecurity Mandates and TIC3.0 Standards
CISA faces existential threats from both the incoming President Donald Trump administration and newly empowered Republicans including Sen. Rand Paul, R-Ky., who is set to lead the Senate Homeland Security and Governmental Affairs Committee and recently stated he would “like to eliminate” CISA or, “at the very least, eliminate their ability to censor content online.”
But most analysts did not expect the new administration to move so quickly to remove career civil servants and senior leaders during its first weeks, throwing federal data security efforts into turmoil and sparking an outcry over billionaire Elon Musk’s access to sensitive data systems. So far, at least 17 CISA employees responsible for protecting elections from foreign influence operations and disinformation campaigns have been placed on leave pending review (see: DOGE’s Use of AI Raises Major Privacy Concerns, Legal Heat).
Experts told Information Security Media Group that the growing confusion over federal hiring and spending – particularly related to critical cybersecurity programs – has left the nation’s infrastructure vulnerable to a surge of emerging threats in an increasingly hostile cyber landscape.<.p>
“CISA’s uncertain future, amid recent administrative changes and potential reductions in its operational scope, poses challenges to the security posture of U.S. critical infrastructure sectors,” Michael McLaughlin, a former naval intelligence officer and senior counterintelligence advisor for U.S. Cyber Command, told ISMG. McLaughlin said several emerging threats require focused attention from the federal government, including advanced persistent threats from nation-state actors, sophisticated ransomware attacks on critical infrastructure and the misuse of emerging technologies like artificial intelligence and quantum computing by adversaries.
“The increasing interconnectivity of critical infrastructure systems raises the risk of cascading failures across sectors,” he said. “Addressing these risks requires enhanced threat intelligence sharing, comprehensive cyber preparedness exercises, and the establishment of strong public-private partnerships.”
Established in 2018 during Trump’s first term, CISA has been instrumental in coordinating national cybersecurity efforts and sharing threat intelligence between the public and private sectors, including a vast range of critical infrastructure owners and operators nationwide. Experts warn that without a centralized authority like CISA, the absence of unified cybersecurity standards across sectors could lead to fragmented defenses and slower incident response times, as adversaries might exploit regulatory gaps and inconsistencies.
The U.S.’ 17 critical infrastructure sectors – including energy, financial services, transportation and election infrastructure – are at risk of losing essential early warning systems and coordinated frameworks that enable operators to effectively address vulnerabilities, according to Greg Anderson, CEO of the open-source vulnerability management platform DefectDojo and a former penetration tester at the Pentagon.
“The potential elimination of CISA is deeply concerning,” Anderson told ISMG, saying the move “would significantly setback the cybersecurity of both the U.S. government and companies that rely on CISA for information on emerging threats and cyber attacks orchestrated by foreign adversaries.”
“The security community relies on standardizations to be able to quickly communicate about emerging threats and new vulnerabilities,” he added. “Losing CVEs, CISA, or any of the other government-backed standards would make their jobs much harder, possibly even threatening a total collapse of how known vulnerabilities are assessed, communicated and remediated today.”
CISA faced its first major controversy under Trump in 2018 when ex-director Chris Krebs described the 2020 election as “the most secure in American history,” defying the claims by Trump and his inner circle at the time that the election was rigged. The agency has also faced false accusations of facilitating conservative censorship on social media platforms, which officials have routinely described as “patently false.”
A former CISA official who previously spoke to ISMG on the condition of anonymity said the agency could halt its ongoing cybersecurity efforts under Trump to instead serve as a vehicle for highlighting supposed instances of nationwide election and voter fraud, while taking a more aggressive stance against adversaries like Beijing.
Experts have also warned that Trump’s return to the White House could embolden Russia to intensify its cyberattacks against critical infrastructure sectors in the U.S. and pro-NATO countries. Regional groups in the Middle East are ramping up DDoS attacks against Western infrastructure, and federal authorities have disclosed widespread prepositioning in critical infrastructure and enjoying “broad and full” access to at least nine American telecommunication systems as well as telecoms in dozens of other countries (see: How Global Threat Actors May Respond to a Second Trump Term).
CISA and the White House did not respond to multiple requests for comment.