Trump is setting us up for a cyber catastrophe

Trump’s neglect of cybersecurity is a “priceless gift” to adversaries like Russia and China.

America is careening towards a cyber catastrophe, and the captain of our ship is either asleep at the wheel or intentionally steering us in the direction of danger. Since taking office in January, Trump has not just neglected the issue of cyber security, but has actively gutted some of our nation’s most critical agencies and working groups, left vacancies in key leadership positions, and signaled to America — as well as to those wishing to do us harm — that securing and defending U.S. cyberspace is no longer a top priority. This comes just as threats from China, Russia, Iran, North Korea, and other state and non‑state actors are escalating at unprecedented rates, with a 30% spike last year in cyberattacks targeting critical infrastructure and a 70% surge in ransomware attacks — signs that attackers are not only targeting, but in many cases breaching the systems that keep the country running.

Typically, in situations like this, we would expect to see our elected leaders mounting a full-fledged response and working with key officials across government to strengthen our cyber-security and defense capabilities. Instead, we are seeing the very agencies that exist to protect against such threats come under attack themselves — not from foreign adversaries, but from the very people leading our own government.

Since March, the Cybersecurity and Infrastructure Security Agency (CISA) has lost 300–400 employees—about 10% of its workforce—thanks to layoffs and forced early retirements imposed by the Trump administration. To make matters worse, the cuts have not been evenly distributed, so some departments have experienced much greater losses than others. For example, an estimated 50% of the agency’s AI experts have been ousted in the past month. And the purge isn’t over yet. Just this week, two of the most senior officials at CISA announced that they’re leaving the organization.

The mass layoffs are leaving critical skills gaps and forcing remaining employees to take on “the work of two or more full-time [staffers],” one employee told Wired. The consequences of this sort of brain drain in such a crucial government sector could be “disastrous,” warned CISA’s outgoing director Jen Easterly.

In addition to the mass layoffs, morale at CISA has reportedly plummeted due to pressures and restrictions imposed by the new administration, including the acting head of CISA, Bridget Bean, who has shown little interest in the agency’s mission and appears to be primarily concerned with appeasing Trump and Elon Musk. Communication between CISA officials and other agencies has also reportedly been stymied, with special permission needed just to engage in routine conversations with other government officials.

Other employees described the current climate at CISA as the result of “nefarious retribution” and said the Trump administration has “declared psychological warfare on this workforce.”

“People are scared,” added another employee. No one knows what’s safe to talk about, and the staffers who still exist are fearful that their teams won’t be able to defend critical infrastructure in the absence of experienced colleagues and institutional memory.

Furthermore, partner organizations and companies that work with CISA have been pulling back, citing fears about sharing information with the agency due to DOGE’s unfettered access to government systems and data.

”The wrecking of preestablished relationships will be something that will have long-lasting effects,” one employee told Wired.

CISA isn’t the only cyber agency that has become a target of the Trump administration. Also this month, Trump summarily dismissed General Tim Haugh—the four‑star general overseeing both the National Security Agency (NSA) and U.S. Cyber Command—along with his deputy. Lawmakers from both parties decried the move as “politically motivated” and warned that it leaves America blind to Russian and Chinese cyber operations. As the Associated Press reported, the firing of General Haugh left the agency in turmoil, to the extent that no one knew who was actually in charge of the agency once he left. Without a confirmed leader, agencies and task forces are scrambling for clear guidance on priority threats and strategy — at a time when our adversaries are ramping up their attacks against the infrastructure that keeps our country going.

“…there are about 13 attempted attacks against U.S. critical infrastructure each second.”

Russian military hackers have repeatedly targeted U.S. critical infrastructure and have recently shown signs of increased threat activity, according to cybersecurity researchers. The same is true for China. Among other incidents, Russian hackers have posted evidence of themselves tampering with control panels of industrial systems in the oil, gas, and water sectors, which can lead to disruptions, downtime, or even physical threats to the environment. In February 2024, Chinese threat group Volt Typhoon was identified as the culprit in an attack on the critical infrastructure of multiple organizations in the U.S., including water and wastewater treatment facilities. Two months later, the Cyber Army of Russia posted a video on its Telegram channel claiming responsibility for an attack on Indiana’s Tipton West Wastewater Treatment Plant. A few months later, in September 2024, the City of Arkansas, Kansas, reported a cyber incident targeting its water treatment facility. A Russian hacking group later took credit for the attack in a video on its Telegram channel. The next month, American Water — a public utility provider that controls water and wastewater services for approximately 1,700 communities in 14 states, or about 14 million people — experienced an attack that appeared to mostly affect outward-facing systems, such as its company portal, though its water and wastewater services reportedly remained unaffected. And just last month, the Justice Department said in an announcement that the U.S. government had charged 12 Chinese “contract hackers” for allegedly working on behalf of the Chinese government to hack into the computer networks of several international targets including “U.S. federal and state government agencies, including the US Department of Treasury.”

Those incidents represent just a drop in the bucket when it comes to the total number of attempted cyber attacks against government networks and systems responsible for monitoring and delivering critical services including water, gas, and electricity. According to a report from the cybersecurity company KnowBe4, there are about 13 attempted attacks against U.S. critical infrastructure each second. Yes, you read that correctly. Thirteen attacks per second, each day of the year.

Besides mass layoffs and firings of top cyber officials, the Trump administration has also taken aim at election security efforts. Among other attempts to dismantle these efforts, the administration disbanded the FBI’s foreign‑influence task force and significantly cut CISA’s election security staff. On top of that, Trump’s Department of Justice (DOJ) also took steps to limit criminal prosecutions under the Foreign Agents Registration Act (FARA), which requires individuals in the U.S. who represent foreign government interests to disclose this activity and register with the federal government. The law is considered a key tool for combatting foreign influence in the U.S., and was one of the primary vehicles for bringing criminal charges during the investigation into the Trump team’s ties to Russia. For example, Paul Manfort, Trump’s former campaign manager, pleaded guilty in 2018 to violating FARA by failing to disclose that he was being paid for working on behalf of the Ukrainian government and its former President, Viktor Yanukovych. Perhaps it should not come as no surprise, then, that this was among the first targets of the second Trump administration, in what appears to be an act of politically-motivated retribution.

With no clear successor teams for the ones disbanded due to mass job cuts, and with fewer resources to both detect and take action against hostile foreign actors, state and local election officials fear that we’ll see renewed foreign interference and disinformation campaigns as we did in 2016 — but that we won’t have the expertise and robust systems to fight back.

“Our allies [are] concerned that any intelligence shared with U.S. cyber leaders may end up in the hands of DOGE, or even worse, Russia.”

The damage doesn’t end there, though. On the global stage, the Trump administration’s reckless and ill-advised approach to cyber policy is seriously impacting America’s reputation in the eyes of both our allies and our adversaries. Our allies and those who count on us to be reliable partners in cyber defense— like NATO’s Cyber Defense Group— worry that the U.S. can no longer coordinate joint incident responses or share threat intelligence reliably, and are also concerned that any intelligence shared with U.S. cyber leaders may end up in the hands of DOGE, or even worse, Russia. Meanwhile, by removing seasoned officials and neutering key cyber capabilities, the administration is weakening U.S. credibility and bolstering the confidence of our adversaries, who view opportunities like this as an invitation to act with impunity.

Trump “has given a priceless gift to China, Russia, Iran, and North Korea by purging competence from our national security leadership,” said Sen. Jack Reed (D-RI).

In addition to the broad national security implications, the Trump administration’s efforts to dismantle our cyber capabilities could result in major consequences in the everyday lives of average Americans. With weakened federal coordination on threat alerts, timely warnings about novel cyber threats like phishing campaigns will slow down, leading to spikes in cyber crimes such as identity theft and wire‑transfer fraud. According to the FBI’s annual Internet Crime Complaint Center report, internet scammers stole a record $16.6 billion from Americans through these schemes in 2024, and these figures are expected to keep rising sharply. Because of the spike in cyber crimes involving financial losses and irreparable reputational damage, cyber‑insurance carriers—facing mounting payouts to victims—are expected to further increase premiums in 2025, making coverage unaffordable for many small businesses and startups. So now, those individuals will find themselves confronting a significantly heightened risk of becoming a cybercrime victim, while at the same time being left out to dry with no one to help pick up the pieces after such an attack.

“…as the U.S. steps onto the cyber battlefield in the fight for our future, you can be sure that our defense and intelligence leaders will be hard at work, formulating war plans on unsecured networks that our adversaries have almost certainly breached by now.”

It’s also worth keeping in mind here that Russia’s war in Ukraine all started on the cyber battlefield. The Kremlin understands the power of cyber dominance and has invested heavily in its capabilities in that domain, recognizing that, although they may never be able to match American military forces on a physical battlefield, they can go toe to toe with us on the digital battlefield. Similarly, China has leveraged recent advances in technologies like artificial intelligence and brain-machine interfaces to greatly enhance the sophistication and effectiveness of its cognitive warfare arsenal, with the ultimate goal of shaping the reality of its adversaries through insidious attacks on targeted brain regions and processes.

The threats we face are very real and are becoming more sophisticated and consequential with each passing day. Not only is the Trump administration leaving us open to attack — they’re also setting us up to fall behind in a digital arm’s race that will ultimately determine the balance of global power for decades to come. But rest assured — as the U.S. steps onto the cyber battlefield in the fight for our future, you can be sure that our defense and intelligence leaders will be hard at work, formulating war plans on unsecured networks that our adversaries have almost certainly breached by now.

Comments

[Brenner]

It’s worse than that. He initiated the threat by giving the keys to the country’s administrative infrastructure to Musk and the DOGE incels.

[J. Doyle]

"....intentionally steering us in the direction of danger"...I totally agree this is intentional. Totally.