Analysis Slashing staff at the US govt’s Cybersecurity and Infrastructure Security Agency, aka CISA, and scrapping vital programs, isn’t exactly boosting national security, say infosec and national security officials watching America’s digital defenses unravel in real time.

As CISA braces for the ax to potentially fall on nearly 40 percent of its employees, with CBS reporting over the weekend that as many as 1,300 of its 3,300-strong workforce may get the boot, lawmakers and cyber experts worry these latest cuts will exacerbate digital threats to US networks, which are already under daily fire from nation-state spies and cybercrime gangs.

One of the ways we will see this weakening of critical organizations’ defenses play out is in the elimination of threat-intelligence sharing efforts between the government and private sector.

Firing cyber personnel at CISA harms national security on a daily basis — this goes well beyond disruption and is actually causing destabilization

“Firing cyber personnel at CISA harms national security on a daily basis — this goes well beyond disruption and is actually causing destabilization,” retired US Navy Rear Admiral Mark Montgomery told The Register.

A CISA spokesperson declined to comment.

“Secretary Noem has conducted a series of actions that are gutting CISA — the nation’s civilian cyber defense agency — and weakening public-private collaboration efforts,” Montgomery added, referring to Homeland Security Secretary Kristi Noem.

“Most disturbingly, she is doing this with little to no coordination with the private sector and state and local agencies.”

Homeland Security oversees CISA, and during her confirmation hearing to lead the dept in January, Noem indicated she wanted to make cuts to America’s top cybersecurity agency, and that CISA had no business countering online disinformation, especially as it related to US elections.

Even before Noem was sworn into office, the Trump administration terminated all memberships on advisory committees within Homeland Security, including those focused on cyber threats and information sharing, such as the Homeland Security Science and Technology Advisory Committee, the Data Privacy and Integrity Advisory Committee, and the Secret Service’s Cyber Investigations Advisory Board.

The hits keep on coming

“Each of these boards provides unique perspectives on threats to US cybersecurity and technology development,” Montgomery said. “They serve as vehicles for the government to gain insights and advice from private industry.”

In March, CISA fired around 130 employees, including red teamers and pen-testers, only to rehire probationary staffers weeks later under a court order and promptly stuck them on paid administrative leave. So, not just election security watchers were caught in the blast radius.

That same month, CISA cut $10 million in funding — nearly half the total budget — for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which provides free and low-cost threat detection and response services to state and local governments.

The cuts weaken US cyber defenses by downsizing threat-hunting teams and fragmenting personnel

“The cuts weaken US cyber defenses by downsizing threat-hunting teams and fragmenting personnel who respond to critical infrastructure threats,” Lance Hunter, professor of international relations at Augusta University, told The Register.

“Public-private partnerships play an important role in cybersecurity,” Hunter said. “Thus, cuts to entities such as the MS-ISAC make it more difficult to develop a well-rounded cybersecurity strategy, as they may lead to a potential reduction in cyber intelligence sharing. The cuts also weaken the ability of state and local governments to respond to foreign cyber threats.”

Plus, the upcoming CISA personnel cuts follow last week’s firing of General Timothy Haugh as commander of US Cyber Command and director of the National Security Agency.

None of these moves bode well for network defenders tasked with fending off Russian and Chinese attackers — nor for America’s ability to mitigate these threats in cyberspace.

Under former CISA director Jen Easterly, the agency championed efforts such as the Joint Cyber Defense Collaborative (JCDC) public-private collab for sharing cyber-threat data and security skills. The agency also administers several information-sharing programs that help state and local governments protect themselves from digital risks.

It is essentially the only clearinghouse for threat intelligence across government and the private sector, and any diminishment of that capability will harm us

During a congressional hearing last week on China’s Salt Typhoon and other state-sponsored threats, Matt Blaze, the McDevitt Chair of Computer Science and Law at Georgetown University, told lawmakers that CISA has been understaffed “from the beginning.”

“But it is essentially the only clearinghouse for threat intelligence across government and the private sector, and any diminishment of that capability will harm us,” Blaze said.

Also during the hearing, Rep Stephen Lynch, a Massachusetts Democrat, railed against the earlier CISA firings, calling the agency’s cybersecurity employees “some of the very best,” and warning that the private sector stood to gain top federal talent.

Meanwhile, California Rep Eric Swalwell, the ranking Democrat on the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, last week called the cuts “schizophrenic,” and indicated he plans to push legislation this year to codify JCDC into law.

JCDC, however, isn’t the only public-private collaboration at risk.

“Homeland Security also suspended the Critical Infrastructure Partnership Advisory Council, which is essential for bridging the divide between the government and private companies,” Montgomery said.

“It provides legal protection and serves as the convening body under which the Sector Coordinating Councils, consisting of critical infrastructure owners, operators, and their associations, meet with the federal government to share threat information, engage in cyber response simulations, and flesh out industry-wide cyber challenges.”

These Sector Coordinating Councils are no longer operational, and there’s no word as to when — or if — they will be reactivated. 

While not every Sector Coordinating Council was “running perfectly,” Montgomery admitted, “some were highly successful anchor points of public-private collaboration. Their absence leaves industry without a critical lifeline to the federal government and its intelligence-gathering resources, severely limiting the public and private sectors’ collaborative ability to combat threats in cyberspace.” ®

PS: An operative of federal cost-trimming DOGE boss Elon Musk who is now at the Dept of Justice, years ago bragged online of compromising systems and pirating software, it was alleged this month.