Main image of article Cyber, CISA and New Trump Administration: What Tech Pros Need to Know

Over the past four years, President Joe Biden’s administration has made cybersecurity a top priority within the federal government. This includes focusing on threats from nation-state actors, countering ransomware, developing artificial intelligence guidelines, and pushing private companies and agencies to develop and deploy more secure code.

The Biden White House has also sought to make hiring tech professionals for thousands of open cybersecurity positions a bigger priority for private companies and federal agencies.

With President-elect Donald Trump set to return to the White House in January 2025, the new administration will likely take a different view of the nation’s cybersecurity policies and how agencies respond to threats. 

At the same time, the incoming Trump administration will continue facing ongoing threats to the nation’s critical infrastructure from cybercriminal groups and nation-state actors. In the past few weeks, for instance, the FBI and U.S. Cybersecurity and Infrastructure Security Agency confirmed an investigation into a group affiliated with the Chinese government (called Salt Typhoon by some researchers) that targeted several American telecommunications providers.

Cybersecurity experts and insiders believe that the incoming Trump administration will make changes to CISA, which is part of the U.S. Department of Homeland Security. These will specifically align the agency with the White House’s cybersecurity and national security goals.

“CISA is one of the agencies where the Trump Administration is pretty clear what it wants to do,” John Bambenek, president of cybersecurity consulting firm Bambenek Consulting, recently told Dice. “It wants to end any role in countering disinformation and misinformation and have the agency focus solely on protecting the civilian government networks, public-private partnerships and information sharing on emerging threats, and coordinating protection of the nation’s critical infrastructure. I imagine much of this will be executed quickly.”

CISA: A Brief History Across Two Administrations

President-elect Trump’s history with CISA is complex and sometimes contentious.

During his first term as president, Trump signed the Cybersecurity and Infrastructure Security Agency Act, which officially created CISA as its own agency within the Department of Homeland Security. 

Christopher Krebs was appointed CISA’s first director and immediately began setting the tone for the agency, especially around building out a more robust cyber defense for the U.S. homeland.

While originally designed to protect against physical and cyber vulnerabilities within the nation’s critical infrastructure—such as transportation, water treatment, food and agriculture, and nuclear sectors—CISA’s mission expanded and included examining disinformation and misinformation from overseas actors related to U.S. elections. After losing his election bid in 2020 to Biden, Trump fired Krebs, who’d called that election the safest in the nation’s history.

As Biden took office in January 2021, he nominated Jen Easterly, who served as an officer in the U.S. Army and worked at the National Security Agency, to oversee CISA. Following her confirmation, Easterly further expanded the agency’s scope and created programs such as the Shields Up campaign, which called on public and private organizations to bolster cyber defenses, and Secure By Design, which encouraged software companies and developers to use secure code to build applications.

During her time at CISA, Easterly appeared center-stage in the Biden administration's efforts to hire more tech and security professionals, including those without traditional four-year degrees.

Easterly is expected to leave CISA when Trump is sworn in on Jan. 20, 2025. Cyber experts praised her time running the agency as well as her reputation as an industry leader.

“Director Easterly did an incredible job in the middle of an extremely turbulent period in U.S. cybersecurity history. Her willingness to get out front-and-center and her instincts for ‘marketing the problem’ have been a core part of driving and improving cybersecurity awareness across a huge variety of domains, ranging from critical infrastructure and the threat posed by nation-states to consumer cybersecurity education,” Casey Ellis, founder and advisor at Bugcrowd, told Dice. “She has consistently been a huge champion of the good-faith hacker community as a part of the solution to cyber resilience. Most importantly, her internal and external leadership has been inspiring to many, especially women working to make their mark in a traditionally male-dominated field.”

While Easterly and other CISA leadership are expected to leave, Ellis believes programs such as Secure By Design are likely to remain in place.

“Cyber defense is a constantly evolving game of cat-and-mouse, and these initiatives have had a material and measurable impact, as well as going a long way to clarify and, perhaps more importantly, mark out the North Star in a range otherwise complicated and ambiguous cybersecurity domains,” Ellis added.

CISA Changes

While Trump’s transition team has not named a new CISA director, South Dakota Gov.  Kristi Noem has been tapped to lead the Department of Homeland Security. Ellis noted that her appointment shows that the incoming administration wants to focus most on border security and other priorities, although cybersecurity will remain a concern.

“It’s too early to tell, especially with all of the leadership shifts happening at the moment, but I expect that once the cutover takes place the Trump administration will review the core initiatives, potentially add or make a few cuts, and the department will otherwise be left to get back to work,” Ellis noted.

Others noted that with Trump looking to cut regulations, and advisors such as Elon Musk exploring ways to reduce spending at government agencies, departments that oversee the nation’s cybersecurity policies could see the scope of their missions change over the next four years. This would include CISA as well as enforcement agencies such as the Securities and Exchange Commission.

“The Trump Administration will be cutting down on regulation or actions that are believed to exceed agency authority, so likely regulatory enforcement on cybersecurity breaches will likely go down,” Bambenek noted. “On the other hand, with the incoming administration’s focus on China and what will likely be a trade war, there will be increased activity to counter nation-state activity.”

While CISA’s new leadership is likely to move away from issues such as disinformation, some cyber experts suspect that the agency will focus most on its original core mission of protecting critical infrastructure from physical and cyber threats.

“I expect that the Trump administration will continue to prioritize cybersecurity, particularly in terms of strengthening the defense of critical infrastructure and securing the national supply chain,” Elad Luz, head of research at Oasis Security, told Dice. “With the transition to the new administration, we anticipate that CISA will continue to play a vital and expanded role in protecting critical infrastructure, securing the national supply chain, and mitigating emerging cyber threats. The agency’s ongoing efforts will remain essential to ensuring the resilience of critical systems and defending against nation-state actors and other sophisticated adversaries.”