When President Trump abruptly fired the head of the National Security Agency and U.S. Cyber Command on Thursday, it was the latest in a series of moves that have torn away at the country’s cyberdefenses just as they are confronting the most sophisticated and sustained attacks in the nation’s history.
The commander, General Timothy D. Haugh, had sat atop the enormous infrastructure of American cyberdefenses until his removal, apparently under pressure from the far-right Trump loyalist Laura Loomer. He had been among the American officials most deeply involved in pushing back on Russia, dating to his work countering Moscow’s interference in the 2016 election.
His dismissal came after weeks in which the Trump administration swept away nearly all of the government’s election-related cyberdefenses beyond the secure N.S.A. command centers at Fort Meade, Md. At the same time, the administration has shrunk much of the nation’s complex early-warning system for cyberattacks, a web through which tech firms work with the F.B.I. and intelligence agencies to protect the power grid, pipelines and telecommunications networks.
Cybersecurity experts, election officials and lawmakers — mostly Democrats but a few Republicans — have begun to raise alarms that the United States is knocking down a system that, while still full of holes, has taken a decade to build. It has pushed out some of its most experienced cyberdefenders and fired younger talent brought in to design defenses against a wave of ransomware, Chinese intrusions and vulnerabilities created by artificial intelligence.
“At a time when the United States is facing unprecedented cyberthreats — as the Salt Typhoon cyberattack from China has so clearly underscored — how does firing him make Americans any safer?” Senator Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee, said on Thursday night after General Haugh’s ouster.
Mr. Warner was referring to an operation in which Chinese intelligence bored so deeply into American telecommunications networks that it had access to the Justice Department’s system for lawful interception of calls or text messages and could listen in on some conversations, including Mr. Trump’s during his campaign last year.
Mr. Trump’s embattled national security adviser, Michael Waltz, has not yet announced a new cyberstrategy, but he has argued that the country needs to go on offense more.
“We’ve been playing a lot of defense, and we keep trying to play better and better defense,” Mr. Waltz told Breitbart before the inauguration. “If you’re putting cyber time bombs in our ports and grid,” he added, the United States must show that “we can do it to you, too.”
But many cyberexperts worry that the intense focus on offensive operations — which have been part of American strategy going back to the U.S.-Israeli cyberattack on Iran’s nuclear program 15 years ago — is risky. America’s huge vulnerabilities, made evident in recent years as China placed malware in its rival’s utility grids and the telecom system, illustrate how easy a target the United States is for retaliation.
As a top cyberofficial in the Defense Department during the Biden administration used to point out, “we live in the glassiest house.”
‘Somebody lowered the drawbridge’
In his first term, Mr. Trump and his top aides fortified cyberdefenses: He signed legislation creating the Cybersecurity and Infrastructure Security Agency, and the White House started publicly naming countries that were attacking the United States.
As the 2018 elections approached, U.S. Cyber Command conducted counterstrikes on Russian hackers and intelligence agencies. General Haugh was deeply involved in that effort as a leader of the “Russia Small Group,” a joint operation between the N.S.A., the nation’s premier cyberespionage agency — with 32,000 employees, it is nearly 50 percent larger than the C.I.A. — and Cyber Command, its military cousin.
But Mr. Trump has moved in the opposite direction in his second term. For four years, he nurtured deep resentments about CISA, which had declared that the 2020 election was one of the best run in history, undercutting his false claims that he had been cheated of victory. Weeks after taking office this year, he began a campaign of dismantlement.
Federal programs that monitored foreign influence and disinformation have been eliminated. Key elements of the warning systems intended to flag possible intrusions into voting software have also been degraded; the effects may not be known until the next major election. And contractors who worked with local election officials to perform cybersecurity testing, usually with federal funding, have found the deals canceled.
In early March, CISA — which is nested inside the Department of Homeland Security — cut more than $10 million in funding to two critical cybersecurity intelligence-sharing programs that helped detect and deter cyberattacks and that alerted state and local governments about them. One program was dedicated to election security, and the other to broader government assets, including electrical grids.
In some counties around the nation, these two programs were the only ways that local governments stayed on top of mounting attacks.
“It’s like somebody lowered the drawbridge, and there’s no guards,” said Adrian Fontes, the Democratic secretary of state in Arizona, who has written letters of protest to the White House, the Department of Homeland Security and his congressional delegation. “This is incredibly bad.”
CISA’s election-security program had helped identify not only cyberattacks but also risks to key infrastructure like voter databases. The program shared information between election officials and federal agencies to prevent attacks.
In Arizona, the program helped Mr. Fontes and other officials learn on election night in November that 15 bomb threats they had received were a hoax originating in Russia, a realization that allowed voting to go largely uninterrupted in the battleground state.
In Colorado, the program helped Jena Griswold, the Democratic secretary of state, alert her counterparts across the country, as well as CISA, about an orchestrated break-in by a local election official in 2021.
CISA’s leadership has maintained that election officials will have “access to the same CISA support,” which includes “cyber and physical security services and incident response.”
Cuts and canceled contracts
Similar but less severe cuts have hit the country’s broader cybersecurity defenses, at a moment when ransomware attacks are becoming more sophisticated and efforts to deter state-sponsored attacks have largely failed.
The innovative Cyber Safety Review Board — based on the National Transportation Safety Board, which investigates transportation accidents — was created by the Biden administration to extract critical lessons from major breaches. It was dismantled soon after Mr. Trump took office, even as it was in the midst of examining Salt Typhoon and trying to figure out how China’s intelligence agencies pierced deep into the American telecommunications system.
Because the first line of defense is often in the private sector — Microsoft was the first to find Salt Typhoon — the impact of this retrenchment may take months or years to understand.
Jason Healey, a cyberexpert at Columbia University with long experience in government, said that the cuts “to secure elections or fight misinformation are least likely to get reinstated.” But he predicted that new leaders of Mr. Trump’s cyberdefense programs were “likely to rebuild others once they realize, like every team before them, they need outside advisers and mechanisms to better coordinate and share information across government and with companies in critical infrastructure.”
In a reflection of the administration’s effort to bring cybersecurity more within the government, CISA canceled contracts in March that affected more than a hundred cybersecurity experts with a range of specialties. Some, for example, led “Red Teams” that hunted for vulnerabilities that needed to be sealed off to intruders, a practice known as penetration testing. And there are reports of more looming cuts at the agency, though the timing remains unclear, and the agency declined to comment.
Administration officials argue that the nation’s cyberdefenses remain robust, and they have defended the cuts as eliminating duplicative work. “CISA has taken action to terminate contracts where the agency has been able to find efficiencies and eliminate duplication of effort,” the agency said in a statement this month. It added, “CISA’s Red Teams continue their work without interruption.”
But Mr. Waltz is betting that by going on offense, he can deter attacks on the United States. Yet history suggests that the strategies that worked in the nuclear arena often do not translate smoothly to cyber operations. Over the past 15 years American cyberwarriors have not only crippled Iran’s nuclear program but also gotten inside Russian power plants and North Korea’s missile program. But the effects have proved fleeting. Russian, Iranian and North Korean cyberattacks on the United States have grown more sophisticated, and so has North Korea’s missile arsenal.
Fears about future voting security
Around the country, election officials in both parties are worried.
Al Schmidt, the Republican secretary of state in Pennsylvania, sent a letter last month to Kristi Noem, who as the homeland security secretary oversees CISA, listing four instances last year when federal cybersecurity programs currently being targeted helped his state hold fair elections.
In August, for example, CISA helped ward off an attempted cyberattack on Pennsylvania voters using text messages disguised as reminders to register to vote. And in September, CISA warned that envelopes containing white powder were being sent to Pennsylvania election offices.
“Put simply, withdrawing CISA’s support for local election officials will make elections less secure,” Mr. Schmidt wrote.
His letter brought up another point: Many election officials can no longer seek outside funding to pay for the cybersecurity programs that the federal government is now cutting.
Pennsylvania and 27 other states have passed laws banning private donations to help fund elections infrastructure. The measures, known as Zuckerbucks bans, stem from conservative groups’ false claims that the billionaire Mark Zuckerberg helped Democrats steal the 2020 election with his large donations to election offices.
In Weber County, Utah, a heavily conservative area, Ricky Hatch, the county clerk, said that, while he was a Republican himself, he worried about the end of federal help.
“I understand and applaud the efforts of the current administration, however clumsy they might be, to take a hard look at places where they can save money,” said Mr. Hatch, who helped start CISA’s election-security program. But the funding for election security, he added, “is crucial money that is well spent to help secure the infrastructure of our nation’s election systems.”
“I’m pretty concerned that that money is going to move away from that sphere,” he said.
Ms. Griswold, the Colorado secretary of state, noted that before long, America would find itself in election season again.
“The bigger picture is that the loss of partners at the federal level could have this huge impact, and we do not have the pleasure of waiting around for the Trump administration to figure out what they’re doing,” she said. “Elections start very soon.”
