The Trump administration has effectively closed the division of the Cybersecurity and Infrastructure Security Agency that coordinates critical infrastructure cybersecurity improvements with states and local governments, private businesses and foreign countries.
Sweeping layoffs in mid-October eliminated almost all 95 employees in CISA’s Stakeholder Engagement Division (SED), four people familiar with the matter told Cybersecurity Dive. After the cuts take effect in early December, they will leave three of the division’s four units without any staff: Council Management, which convenes meetings between government agencies and the operators of U.S. critical infrastructure; Strategic Relations, which partners with and supports small businesses, academic institutions, nonprofit groups and state and local governments; and International Affairs, which coordinates meetings and information sharing with other countries and helps train their cyber experts.
Once the layoffs take effect, the four people said, SED will essentially consist solely of its small Sector Management unit, which oversees CISA’s work as a Sector Risk Management Agency (SRMA) for eight of the 16 critical infrastructure sectors, including chemical facilities, communications and information technology.
“These reductions continue a pattern of weakening the US government’s ability to carry out its cybersecurity responsibilities and hindering its ability to interact with the private sector,” said Michael Daniel, who served as President Barack Obama’s cybersecurity adviser and now leads the Cyber Threat Alliance, an industry information-sharing group. Daniel said the downsizing “runs the risk of leaving CISA blind to certain threats and trends and will also limit CISA’s ability to influence the private sector and communicate its priorities.”
While CISA will continue working with infrastructure operators on cyber and physical security, the SED cuts could strain those relationships by eliminating longstanding collaboration mechanisms that business leaders have praised as highly valuable. The layoffs are also likely to further isolate CISA from its academic and international partners, potentially depriving the U.S. government of valuable expertise.
The cuts “create a dangerous void,” said Errol Weiss, chief security officer for the Health Information Sharing and Analysis Center. “The health sector is one of the most targeted and vulnerable, and this is exactly the wrong time to be pulling back federal support.”
A natural gas industry executive, who requested anonymity to speak candidly, said their group was concerned that the layoffs could “have negative impacts to our national security,” adding that “a fully functional and staffed CISA is essential to ensuring the continued operation of the key programs and initiatives that pipeline operators rely on to secure their systems.”
CISA declined to answer questions about the layoffs. Marci McCarthy, CISA’s director of public affairs, said the cuts were “part of the ongoing realignment to get the agency back on mission” and said CISA “remains dedicated to safeguarding the nation’s critical infrastructure.”
Pulling back from critical sectors
The loss of staffers in the Council Management office could significantly impede CISA’s relationships with critical infrastructure organizations in healthcare, energy, water, finance and other sectors. Those employees oversaw groups that brought together government and industry organizations responsible for protecting various infrastructure sectors, as well as committees that advised CISA leadership on emerging trends. These councils and committees provided venues for government and industry leaders to discuss joint security projects and sensitive threats and emerging trends, allowing both sides to benefit from the other’s expertise and resources.
“The analysis, reports, guidance, training, and scenario-based drills developed with our partners help the entire community do their part to raise the security baseline of critical infrastructure’s assets, systems, and networks,” CISA said on its SED web page.
One of the groups, the National Security Telecommunications Advisory Committee (NSTAC), convened corporate executives and federal leaders for what officials in previous administrations described as uniquely productive conversations about how to improve collective cybersecurity resilience. The NSTAC also produced reports on everything from supply chain security to malicious actors’ abuse of U.S. computer infrastructure.
The layoffs of CISA staff supporting the NSTAC are “unfortunate” because telecommunications companies considered the group “a trusted venue” for important discussions, said a U.S. official who requested anonymity to speak freely.
The Trump administration had already frozen the work of these groups by eliminating a key partnership framework in March, but the new SED layoffs indicate that the administration is committed to severing those relationships with critical infrastructure organizations.
“Losing the specialized personnel who manage those deep relationships means we lose institutional knowledge, trust built over years, and the agility needed to respond to sophisticated nation-state and criminal threats,” said Weiss, the Health-ISAC executive.
CISA does not appear to have warned some of its closest critical infrastructure partners about the layoffs.
A security executive in the oil and natural gas subsector did not know about the cuts until Cybersecurity Dive contacted them. “I’m still trying to fathom this,” said the executive, who requested anonymity given the sensitive nature of the situation.
Weiss also hadn’t heard from CISA about the layoffs, which he said “inevitably increase the cyber risk” for already-struggling hospitals, clinics and other providers.
International cyber programs halted
Meanwhile, the elimination of the International Affairs team could dramatically weaken the U.S. government’s foreign cybersecurity partnerships. SED staffers were overseeing projects to train other governments’ personnel and improve their new technological capabilities, in some cases helping foreign partners build systems that were more resilient to cyberattacks, according to a person familiar with the matter.
Many of those projects emerged from diplomatic agreements signed by U.S. presidents and foreign heads of state, making them high-profile examples of the U.S.’s security commitments to its international allies. Now, all of that work has stopped.
“The loss of CISA’s international partnership office will undoubtedly make strategic cybersecurity partnerships and agreements with other nations more challenging, with no one really focused on facilitating those engagements anymore,” said the U.S. official.
Even before the layoffs, the government shutdown forced SED to completely sever communications with its international partners, baffling foreign officials who had to read about CISA’s retrenchment in the press, according to a person familiar with the matter.
Megan Stifel, chief strategy officer for the Institute for Security and Technology and a former international cyber policy staffer at the National Security Council, said the cuts would make it harder for the U.S. to enlist foreign help countering threats. “We can’t claim to be leaders internationally without a full bench of experts to help reduce risk across the government and our critical infrastructure.”
CISA as a whole isn’t completely cutting its international ties, however, and it is likely that the agency’s Joint Cyber Defense Collaborative will continue tactical coordination with foreign partners during cyber emergencies such as major hacking campaigns. But that would still represent a significant rollback of CISA’s global ambitions, which the agency once saw as an important part of establishing its legitimacy and value at home and abroad.
“We were very invested [in] the international team, adding personnel to support the mission,” said a second person familiar with the matter, who said the recent layoffs were “not in the best interests of the nation or the world.”
Cyber resilience outreach thwarted
The third SED subdivision to face major cuts, Strategic Relations, has a lower-profile mission but one that likely will be missed nonetheless. It partners with universities and businesses to advance CISA’s nationwide cyber-resilience goals, including through public-messaging campaigns like the agency’s promotion of the ongoing Cybersecurity Awareness Month. It also operates a sensitive homeland-security information-sharing platform, although that platform will continue to exist, according to an email sent to some CISA staffers and seen by Cybersecurity Dive.
The SED layoffs mirror an effort in President Donald Trump’s CISA budget proposal to drastically shrink the division’s responsibilities. The administration said the restructuring “shifts CISA’s mission space to solely support the SRMA efforts and aligns with CISA’s priorities to strengthen critical infrastructure security while optimizing operational effectiveness.” The White House’s summary of its CISA cuts specifically mentioned eliminating “external engagement offices such as international affairs.”
As one of three CISA divisions not explicitly authorized by Congress in the 2018 statute that created the agency, SED found itself in Trump officials’ crosshairs from the beginning of the administration. Many SED employees took the administration’s buyouts, and by the time the latest round of layoffs began, the division had lost nearly all of its 177 staffers.
Prior to the layoffs CISA had begun to transfer SED’s functions to the Infrastructure Security Division, but a person familiar with the matter said it would be impossible to “pass down all of the information on our international agreements and relationships” before the international office closes.
Critical infrastructure leaders bemoaned the potential consequences of the SED layoffs.
“Diminishing the capacity for critical infrastructure collaboration and global partnership ultimately leaves our entire nation — especially resource-constrained sectors like healthcare — more exposed,” Weiss said.
Source link
