Trump budget cuts, agency gutting, leave U.S. more exposed to hacking
Nearly a year into the second Trump administration, public sector leaders and cybersecurity experts say budget cuts and the hollowing out of federal agencies are weakening critical government communication lines that help companies prepare for and respond to cyberattacks, even as AI threats escalate.
Latest cyber security assessmentBased on goals put forward by the bipartisan U.S. Cyberspace Solarium Commission, the United States was found to be shifting toward 82 goals in its progress toward building a strong cyber defense. “We are surprised and disappointed,” Ret said. Admiral Mark Montgomery, general manager of cybersolarium.org. Goals include things like reducing complex regulations on critical infrastructure companies, increasing the cyber capacity of the FBI and intelligence agencies, and improving K-12 cybersecurity education.
Montgomery said the primary reasons for the shift in cyber readiness were cuts at the Cybersecurity and Infrastructure Agency as well as earlier DOGE efforts that spanned the State Department, the National Science Foundation, the National Institute of Standards and Technology and the U.S. Department of Commerce.
Meanwhile, the law that allowed companies to share cybersecurity-related information without antitrust or liability concerns expired on September 30.
Assessment by the Cyberspace Solarium Commission, now part of the Foundation for Defense of Democracies. Trump administration’s public commitments The White House outlined cyber defense improvements in a June executive order, framing its approach as “continuing selected efforts to strengthen the nation’s cybersecurity.”
“Under the leadership of President Trump [Department of Homeland Security ] Secretary [Kristi] “CISA is steadfastly fulfilling its core mission by demonstrating daily operational cooperation, accelerating intelligence sharing, and strengthening our cybersecurity and critical infrastructure defenses across the country,” Noem wrote in an emailed statement.
“I agree that, in contrast to the administration’s self-assessment, we have a more pessimistic view of the government’s cybersecurity efforts over the past eight months,” Montgomery said.
A less proactive federal government when it comes to cybersecurity is concerning based on the recent increase in nation-state-related attacks. on thursday, Congressional Budget Office targeted According to the Washington Post, it was the result of a hack carried out by a foreign nation-state actor.
Some cybersecurity actions have also been stalled in Congress. For example, the Trump administration’s nominee to head CISA, Sean Plankey, has yet to be confirmed since the summer hearings.
The result, national security experts say, is that the federal government is less active than it should be in cybersecurity efforts across the country.
“We are shifting primary coordination responsibility for cybersecurity to states and industry, while freeing up the resources to help them do it. Cybersecurity Information Sharing Act protections expired in October, while federal grant funding for state and local cybersecurity and critical partnerships has been cut,” Carole House, former Special Counsel to the National Security Council and CEO of Penumbra Strategies, wrote in a message. “We are kicking the stairs and delegating coordination (to industry),” he added.
Experts are also concerned about a rule devoid of enforcement mechanisms that would make big tech companies responsible for developing safer software for businesses and consumers. The result, experts say, is that Americans and the U.S. economy are less safe from cyberattacks than they were a year ago.
Military organizations do not need to fill this gap either. “I am very concerned that senior leadership at Cyber Command and (the National Security Agency) have been idle for eight months. This represents inertia and lack of direction,” U.S. Representative Don said. Bacon, a Republican from Nebraska’s second district who is not running for re-election, said in an emailed statement. “Furthermore, this Administration is significantly reducing the budget and staff of CISA, which is on the front lines defending our private sector and infrastructure against cyberattacks.”
‘Death as a result of thousands of paper cuts’
Montgomery cited the 2023 discovery of Volt Typhoon, a cyberattacker from the People’s Republic of China that infiltrated critical infrastructure companies operating in telecommunications, water, transportation and energy, as an example of what’s happening as the federal government retreats. Volt Typhoon could be “operational readiness of the battlefield,” Montgomery said. CISA has issued recommendations for patches and steps private companies should take when discovered. However, not all of the leaks were detected; and in the meantime there are probably new attacks. But mechanisms for sharing this information have been frustrated by administration cutbacks and political gridlock in Washington, D.C.
“The only way to detect this is with government assistance,” Montgomery said. “There are narrative markers that can be shared.”
In the spring, cybersecurity experts began referring to this as “death by a thousand paper cuts.”
Because critical infrastructure in the United States is owned and managed by companies large and small across the enterprise, the cybersecurity defense system that has evolved over the last several administrations has been complex and relied on public-private partnerships. The weakening of the public sector’s support for cyber security puts more responsibility on companies.
Among many other cuts, the Trump administration disbanded an organization called CIPACThis enabled information sharing between the federal government and owners of critical infrastructure segments, from water systems to financial companies, power grid operators, and hospitals. Since it has been disbanded, many industrial councils, including the council that brings together companies in the defense industry base to share information, do not operate as they used to. Montgomery said he believes the companies are exchanging information, but not in such a free or coordinated manner.
Cross-sector reactions have been haphazard. For example, E-ISACA cybersecurity information sharing council for the electricity industry operates, but others are also involved. electoral infrastructure councilfunds have been cancelled.
Abnormal AI CEO Evan Reiser said via email that he agreed with public sector leaders’ concerns, adding, “The biggest setback is not technology, but coordination.” “Signals remain trapped in silos between organizations and vendors. Without real-time sharing of high-quality telemetry, advocates fight blindly,” he said.
Artificial intelligence makes retreating in cyber defense more dangerous
Meanwhile, the threat is changing and growing exponentially due to artificial intelligence, said Kaitlin Betancourt, a partner at law firm Goodwin who focuses on cybersecurity law and compliance and artificial intelligence strategy and governance. “I think the cybersecurity risks we face now have increased sharply. Any cutting of resources would be in the exact opposite direction of where we need to be,” he said.
Cybercriminals are incorporating AI into all of their operations, from victim profiling to automated service delivery to creating fake identities. In one case in late summer, prolific artificial intelligence company Anthropic said Criminals used the Claude chatbot to attack 17 different organizations with psychologically targeted, industry-specific extortion threats ranging from $75,000 to $500,000. The company said it was able to stop the attack.
Most cyber attacks come from legacy systems such as email and spreadsheets used by people who fall victim to increasingly sophisticated traps. The Biden administration has implemented a new measure requiring large software companies to prove to CISA that they have secure software. Those who fail will be referred to the attorney general for enforcement.
In June, Trump issued an executive order amending Obama and Biden’s executive orders on cybersecurity. Trump’s order preserved verification requirements; This means that software companies must report and demonstrate that they develop their software securely. But the order also removed language encouraging the national cyber director to refer unapproved submissions to the attorney general for appropriate action. Ministry of Justice in February We filed an enforcement action. Against a software company regarding compliance with cybersecurity standards.
“Trump’s order continues to emphasize software supply chain cybersecurity. It preserves much of the Biden administration’s framework but scales back prescriptive directives and enforcement mechanisms, particularly those related to secure software development ‘approvals,'” Betancourt and colleagues wrote. wrote.
Cybercriminals often aim to steal data or shut down systems through extortion schemes. In some cases these are just the culprits; In other cases, criminals are affiliated with nation-states such as China, North Korea, or Iran whose mission is to harm the United States or fund their own operations. In February, for example, hackers sponsored by North Korea stole approximately $1.5 billion worth of Ethereum from the official decentralized Binance cryptocurrency exchange. Authorities suspect the money will be laundered and used for North Korea’s missile program.
In other cases, attackers, especially those linked to geopolitical enemies, may be damaging the U.S. economy without triggering a conventional war. And of course, in the cat-and-mouse game, the United States can conduct its own instructions and cyberattacks on other countries’ systems. Trump administration officials have made public statements about strengthening offensive capabilities, but it is unclear how this will happen. Meanwhile, experts say both offense and defense are necessary; the latter rely heavily on the private sector to spend responsibly to maintain their systems.
“I think we can get out of this,” Montgomery said. “But you can’t keep cutting.”
