Under the leadership of the newly elected President of the United States, the nation’s cybersecurity landscape faces formidable challenges. The Cybersecurity and Infrastructure Security Agency (CISA), originally established during Donald Trump’s first presidential term, may find its existence imperiled by budget cuts and shifting priorities.
Amid a surge in cyberattacks, including the Salt Typhoon operation, and the escalating prevalence of ransomware, former CISA Director Jen Easterly emphasized the critical need to preserve the agency in an interview with WIRED.
Easterly, who had helmed CISA since 2021, stepped down from her role on the day of the new President’s inauguration. Her predecessor, Chris Krebs, was dismissed by Trump for refusing to challenge the integrity of the 2020 election results.
Despite her effective leadership, Easterly was not invited to remain with the agency, and rumors now circulate about potential program cuts or even the downsizing of CISA itself. Meanwhile, the threats continue to grow: recently, the Chinese group Salt Typhoon orchestrated an extensive cyber-espionage campaign targeting U.S. telecommunications networks, compromising call data and the locations of political figures.
Easterly noted that efforts to counteract Chinese espionage in affected networks are ongoing, but CISA’s early detection of Salt Typhoon’s activity significantly expedited incident response and recovery. However, the agency faces mounting financial and personnel challenges. The new administration has expressed intentions to downsize CISA while increasing its operational flexibility. Members of the Cybersecurity Advisory Council appointed by Easterly, who had been investigating incidents tied to Salt Typhoon, have already been dismissed.
During her tenure, Easterly worked to strengthen collaboration between federal, state, and private entities, laying the groundwork for a unified approach to cyber defense. Under her leadership, the agency investigated major cyberattacks, such as the SolarWinds operation, and initiated programs for early threat detection. However, she argued that CISA requires greater funding and support to contend with the ever-growing threat landscape.
Easterly prioritized the protection of critical infrastructure, from water supply systems to energy grids, emphasizing the indispensable role of the private sector in mitigating attacks, given that much of this infrastructure is privately owned. Nevertheless, she acknowledged that large-scale cyber conflicts, such as a potential cyberwar with China, could disrupt essential services, including water, energy, and telecommunications.
Beyond her professional contributions, Easterly is known for her informal communication style and distinctive personality. Passionate about puzzles, music, and magic, she dreams of opening a bar in New York City to host musical and magic performances. Her enthusiasm for problem-solving, exemplified by her love for Rubik’s Cubes, inspired CISA staff to tackle even the most complex challenges.
The future of CISA remains uncertain, yet its role in safeguarding national cybersecurity is undeniably vital. In the face of increasing threats and constrained resources, the agency will need to adapt, potentially becoming more agile and fostering deeper collaboration with the private sector.
However, without stable funding and strong political backing, CISA risks losing its efficacy, which could have severe consequences for the United States’ critical infrastructure. The agency’s success will hinge on its ability to balance operational flexibility with long-term strategy in a constantly evolving cyber threat landscape.
