Trump weakens US cyberdefenses at a moment of rising danger

By David E. Sanger and Nick Corasaniti

When President Donald Trump abruptly fired the head of the National Security Agency and U.S. Cyber Command last Thursday, it was the latest in a series of moves that have torn away at the country’s cyberdefenses just as they are confronting the most sophisticated and sustained attacks in the nation’s history.

The commander, Gen. Timothy D. Haugh, had sat atop the enormous infrastructure of American cyberdefenses until his removal, apparently under pressure from the far-right Trump loyalist Laura Loomer. He had been among the U.S. officials most deeply involved in pushing back on Russia, dating to his work countering Moscow’s interference in the 2016 election.

His dismissal came after weeks in which the Trump administration swept away nearly all of the government’s election-related cyberdefenses beyond the secure NSA command centers at Fort Meade, Maryland. At the same time, the administration has shrunk much of the nation’s complex early-warning system for cyberattacks, a web through which tech firms work with the FBI and intelligence agencies to protect the power grid, pipelines and telecommunications networks.

Cybersecurity experts, election officials and lawmakers — mostly Democrats but a few Republicans — have begun to raise alarms that the United States is knocking down a system that, while still full of holes, has taken a decade to build. It has pushed out some of its most experienced cyberdefenders and fired younger talent brought in to design defenses against a wave of ransomware, Chinese intrusions and vulnerabilities created by artificial intelligence.

“At a time when the United States is facing unprecedented cyberthreats — as the Salt Typhoon cyberattack from China has so clearly underscored — how does firing him make Americans any safer?” Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee, said on Thursday night after Haugh’s ouster.

Warner was referring to an operation in which Chinese intelligence bored so deeply into U.S. telecommunications networks that it had access to the Justice Department’s system for lawful interception of calls or text messages and could listen in on some conversations, including Trump’s during his campaign last year.

Trump’s embattled national security adviser, Michael Waltz, has not yet announced a new cyberstrategy, but he has argued that the country needs to go on offense more.

“We’ve been playing a lot of defense, and we keep trying to play better and better defense,” Waltz told Breitbart before the inauguration. “If you’re putting cyber time bombs in our ports and grid,” he added, the United States must show that “we can do it to you, too.”

‘Somebody lowered the drawbridge’

In his first term, Trump and his top aides fortified cyberdefenses: He signed legislation creating the Cybersecurity and Infrastructure Security Agency, and the White House started publicly naming countries that were attacking the United States.

As the 2018 elections approached, U.S. Cyber Command conducted counterstrikes on Russian hackers and intelligence agencies. Haugh was deeply involved in that effort as a leader of the “Russia Small Group,” a joint operation between the NSA, the nation’s premier cyberespionage agency — with 32,000 employees, it is nearly 50% larger than the CIA — and Cyber Command, its military cousin.

But Trump has moved in the opposite direction in his second term. For four years, he nurtured deep resentments about CISA, which had declared that the 2020 election was one of the best run in history, undercutting his false claims that he had been cheated of victory. Weeks after taking office this year, he began a campaign of dismantlement.

Federal programs that monitored foreign influence and disinformation have been eliminated. Key elements of the warning systems intended to flag possible intrusions into voting software have also been degraded; the effects may not be known until the next major election. And contractors who worked with local election officials to perform cybersecurity testing, usually with federal funding, have found the deals canceled.

In early March, CISA — which is nested inside the Department of Homeland Security — cut more than $10 million in funding to two critical cybersecurity intelligence-sharing programs that helped detect and deter cyberattacks and that alerted state and local governments about them. One program was dedicated to election security, and the other to broader government assets, including electrical grids.

In some counties around the nation, these two programs were the only ways that local governments stayed on top of mounting attacks.

“It’s like somebody lowered the drawbridge, and there’s no guards,” said Adrian Fontes, the Democratic secretary of state in Arizona, who has written letters of protest to the White House, the Department of Homeland Security and his congressional delegation. “This is incredibly bad.”

CISA’s election-security program had helped identify not only cyberattacks but also risks to key infrastructure like voter databases. The program shared information between election officials and federal agencies to prevent attacks.

In Arizona, the program helped Fontes and other officials learn on election night in November that 15 bomb threats they had received were a hoax originating in Russia, a realization that allowed voting to go largely uninterrupted in the battleground state.

In Colorado, the program helped Jena Griswold, the Democratic secretary of state, alert her counterparts across the country, as well as CISA, about an orchestrated break-in by a local election official in 2021.

CISA’s leadership has maintained that election officials will have “access to the same CISA support,” which includes “cyber and physical security services and incident response.”

Cuts and canceled contracts

Similar but less severe cuts have hit the country’s broader cybersecurity defenses, at a moment when ransomware attacks are becoming more sophisticated and efforts to deter state-sponsored attacks have largely failed.

The innovative Cyber Safety Review Board — based on the National Transportation Safety Board, which investigates transportation accidents — was created by the Biden administration to extract critical lessons from major breaches. It was dismantled soon after Trump took office, even as it was in the midst of examining Salt Typhoon and trying to figure out how China’s intelligence agencies pierced deep into the American telecommunications system.

Because the first line of defense is often in the private sector — Microsoft was the first to find Salt Typhoon — the impact of this retrenchment may take months or years to understand.

Jason Healey, a cyberexpert at Columbia University with long experience in government, said that the cuts “to secure elections or fight misinformation are least likely to get reinstated.” But he predicted that new leaders of Trump’s cyberdefense programs were “likely to rebuild others once they realize, like every team before them, they need outside advisers and mechanisms to better coordinate and share information across government and with companies in critical infrastructure.”

In a reflection of the administration’s effort to bring cybersecurity more within the government, CISA canceled contracts in March that affected more than 100 cybersecurity experts with a range of specialties. Some, for example, led “Red Teams” that hunted for vulnerabilities that needed to be sealed off to intruders, a practice known as penetration testing. And there are reports of more looming cuts at the agency, though the timing remains unclear, and the agency declined to comment.

Administration officials argue that the nation’s cyberdefenses remain robust, and they have defended the cuts as eliminating duplicative work. “CISA has taken action to terminate contracts where the agency has been able to find efficiencies and eliminate duplication of effort,” the agency said in a statement this month. It added, “CISA’s Red Teams continue their work without interruption.”

Fears about future voting security

Around the country, election officials in both parties are worried.

Al Schmidt, the Republican secretary of state in Pennsylvania, sent a letter last month to Kristi Noem, who as the homeland security secretary oversees CISA, listing four instances last year when federal cybersecurity programs being targeted helped his state hold fair elections.

In August, for example, CISA helped ward off an attempted cyberattack on Pennsylvania voters using text messages disguised as reminders to register to vote. And in September, CISA warned that envelopes containing white powder were being sent to Pennsylvania election offices.

“Put simply, withdrawing CISA’s support for local election officials will make elections less secure,” Schmidt wrote.

His letter brought up another point: Many election officials can no longer seek outside funding to pay for the cybersecurity programs that the federal government is now cutting.

Pennsylvania and 27 other states have passed laws banning private donations to help fund elections infrastructure. The measures, known as Zuckerbucks bans, stem from conservative groups’ false claims that the billionaire Mark Zuckerberg helped Democrats steal the 2020 election with his large donations to election offices.