At the 2025 RSA Conference in San Francisco, Secretary of Homeland Security Kristi Noem delivered a blistering keynote that reignited a fierce national debate over the future of cybersecurity governance in the United States. Her address was not just a critique of the Cybersecurity and Infrastructure Security Agency (CISA), it also was a declaration of intent to radically reshape federal cybersecurity priorities under the Trump administration.
Noem accused CISA of drifting from its original charter of protecting critical infrastructure and federal networks by expanding its mission into the controversial realm of combatting misinformation. Calling CISA the “Ministry of Truth,” Noem argued that CISA’s counter-disinformation efforts during prior election cycles represented a dangerous and improper extension of federal authority.
In her remarks, Noem laid the foundation for a sweeping overhaul of CISA – now under way – and across the whole of the Department of Homeland Security (DHS). In her vision, CISA is being stripped back to its “core functions” of cyber threat response, support for local infrastructure security, and federal system hardening.
“I know the press has covered the role of homeland security and what we have done in CISA thus far with some of the reforms and efficiencies as a bad thing. I would encourage you to say just wait until you see what we’re able to do. There are reforms going on that are going to be much more responsive,” Noem stated.
As part of CISA’s redirection, the Trump administration has begun reducing CISA’s workforce, with reports indicating that up to 1,300 positions spanning both federal staff and contractors being eliminated. These cuts come amid an escalating threat environment in which nation-state actors like China and Russia are aggressively targeting U.S. infrastructure and other sensitive sectors.
Meanwhile, the administration has also put forth a proposed reorganization of the Department of State that could gut its Bureau of Cybersecurity and Digital Policy. Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, told the House Committee on Foreign Affairs Subcommittee on Europe Tuesday that the reorganization “appears to put its cybersecurity efforts at risk and contradict guidance to integrate cybersecurity and digital economy efforts.”
The contradiction of the Trump administration’s cyber agenda across the board is becoming increasingly difficult to ignore. While Noem frames the changes as a refocusing of priorities and a push for efficiency, security experts and former officials warn that the retrenchment will dangerously weaken national resilience against cyber-attacks.
Former CISA director Chris Krebs, who led the agency through its high-profile efforts to secure the 2020 election, has voiced grave concerns that scaling down CISA during a time of growing foreign aggression amounts to unilateral digital disarmament. Other cybersecurity leaders echo his concerns, describing the cuts as destabilizing and shortsighted.
At the center of this storm is the Chinese state-sponsored Salt Typhoon espionage campaign that has compromised U.S. telecommunications systems, including those of Verizon and AT&T. The Federal Bureau of Investigation has issued warnings and national security experts have testified before Congress that China’s ability to infiltrate and remain undetected in such systems presents a dire threat.
Salt Typhoon is not an isolated case; it follows on the heels of Volt Typhoon and other long-term Chinese campaigns which have successfully embedded within critical infrastructure networks including water systems, energy grids, and emergency communications.
Noem acknowledged these threats, saying, “One of the things that alarmed me the first time I was briefed on those situations before I was sworn in was that we don’t necessarily know how it happened, and we don’t know how to prevent it in the future. My goal is to make sure that we do have more of those answers.”
Her solution, though, critics say, is to roll back CISA’s resources and to narrow its scope. Critics point out that defending against nation-state cyberattacks requires a full-spectrum approach that includes public-private collaboration, threat information sharing, technical support for under-resourced sectors, and the kind of real-time coordination that a diminished CISA may no longer be able to deliver.
The Secure by Design initiative launched under CISA in 2023 aimed to encourage software developers to embed security into products from inception, was another target of Noem’s RSA remarks. Noem though dismissed it as a well-meaning but toothless campaign and little more than a social media slogan lacking enforcement power or measurable impact.
In May 2024, CISA introduced a Secure by Design Pledge which encouraged software companies to commit to vulnerability reduction and built-in safeguards. Noem, However, made it clear that under the Trump administration voluntary frameworks will be replaced with procurement mandates. The federal government, she said, will wield its purchasing power to demand secure-by-default systems and refuse to pay for security features as retrofitted add-ons.
Two senior officials central to Secure by Design, Bob Lord and Lauren Zabierek, have resigned, deepening concerns that the administration’s abrupt policy shifts at CISA are driving away key cybersecurity talent. The departures of Lord and Zabierek were announced just as the agency faced another crisis, the potential loss of the Common Vulnerabilities and Exposures and Common Weakness Enumeration programs.
These cornerstone initiatives managed by MITRE and funded through CISA were nearly shuttered due to a funding lapse. A last-minute 11-month extension narrowly saved them from being taken offline in mid-April. While the extension offers temporary relief, the episode exposed the fragility of critical cybersecurity infrastructure under current Trump administration budgetary priorities.
These changes came on the heels of a broader realignment at the highest levels of U.S. cyber policy. The recent dismissal of U.S. Air Force Gen. Timothy Haugh as both commander of U.S. Cyber Command and director of the National Security Agency underscores the volatility at the top of America’s cyber defense apparatus. DHS officials have offered few details about the moves, and CISA has declined to comment on reports of further layoffs. But cybersecurity analysts like Mark Montgomery of the Foundation for Defense of Democracies warn that these personnel changes, when combined with deep cuts, amount to a dismantling of the nation’s cyber shield.
Despite this, Noem remains defiant, arguing that streamlining CISA and removing non-core functions will allow the agency to become more responsive, agile, and effective. Her critics, including members of Congress, counter that the administration is gutting the very capabilities it claims to be strengthening. And bipartisan frustration is building. Congressional leaders like Republican Rep. Andrew Garbarino and Democrat Rep. Eric Swalwell have publicly rebuked the administration’s moves, warning that additional cuts in federal cybersecurity efforts will irreparably degrade America’s capacity to detect and respond to hostile cyber attacks.
Particularly under threat is CISA’s election security work, including its partnership with the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), which was instrumental in defending election infrastructure in the wake of 2016 and 2020 interference campaigns. Federal funding forEI-ISAC has been eliminated as part of CISA’s restructuring and downsizing.
The Center for Internet Security’s website prominently notes that “due to the termination of funding by the Department of Homeland Security, the [Center] no longer supports the EI-ISAC.” Similarly, the National Association of Counties announced that “on March 11, CISA announced a $10 million cut in funding for the Multi-State Information Sharing and Analysis Center which provides critical local assistance for cybersecurity threat detection and analysis resources and support.”
The Voting Rights lab said “the Trump administration’s decision to end $10 million in federal funding for state-level election security has sent shockwaves through our nation’s election infrastructure. State and local election officials are now bracing for a catastrophic loss of resources and services that have been essential in the face of foreign interference, mis/disinformation, cybersecurity breaches, and other vulnerabilities that have tested U.S. elections in recent years.”
The State and Local Cybersecurity Grant Program, a CISA initiative designed to fortify cyber defenses in under-resourced jurisdictions, also faces an uncertain future. While sometimes criticized for administrative complexity, the program is essential for helping municipalities, school districts, and utilities access free services such as vulnerability scanning and web application testing. However, given the gutting of CISA and other DHS cybersecurity programs in recent weeks, many state leaders fear cyber grants may be next.
The Government Accountability Office weighed in on Tuesday saying that “as of August 1, 2024, DHS provided about $172 million in grants to 33 states and territories,” and that the grants “are funding 839 state and local cybersecurity projects that align with core cybersecurity functions as defined by the National Institute of Standards and Technology.” Of that funding, $42 million represents projects related to identity.
Congressional advocates for cybersecurity funding argue that CISA’s role must not only be preserved, but that it needs to be expanded. Under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, CISA is required to manage an influx of tens of thousands of incident reports annually. Without adequate staffing and resources, this mission will become untenable. In their view, weakening CISA while adversaries grow bolder is a gamble the country cannot afford.
During recent congressional hearings on Salt Typhoon, cybersecurity experts chillingly forecast that unless dramatic improvements are made, another attack is inevitable. Former AT&T chief security officer Ed Amoroso called on Congress to take urgent legislative action to fund infrastructure protection and cyber workforce development. Others pointed out that attackers will increasingly exploit endpoint vulnerabilities, encrypted platforms, and unsecured personal communications to breach even the most hardened systems.
The picture that emerges is one of deep tension between political priorities and operational cybersecurity needs. The Trump administration’s emphasis on reducing what it views as bureaucratic overreach may resonate with its base, but in practice, these actions have triggered a series of cascading risks. They threaten the continuity of essential programs, drive out experienced professionals, and erode the partnerships between federal agencies and the private sector that are crucial to securing the digital ecosystem.
As Congress deliberates future funding levels for CISA and evaluates the strategic direction of DHS and government-wide cybersecurity policy, the stakes couldn’t be higher. With adversaries like China expanding their presence in America’s digital infrastructure, the ability of the U.S. to mount a cohesive defense depends not on rhetorical clarity or ideological purity, but on sustained investment, institutional competence, and cross-sector collaboration. What remains to be seen is whether the government can recalibrate in time to avert the next crisis, or whether it will be forced to respond after the fact.
Article Topics
biometrics | CISA | cybersecurity | DHS | digital identity | identity access management (IAM) | U.S. Government