With ‘Liberation Day’ tariffs crashing the economy and endless bellicose rhetoric, there are few areas where the Trump administration has not disrupted business-as-usual, at home or abroad.
Cybersecurity is one particular arena facing turbulence. Last month, Pete Hegseth, the US secretary of defence, was reported to have ordered a pause on offensive cyber operations against Russia. However, this has since been denied by the Pentagon.
Meanwhile, Elon Musk’s department of government efficiency (DOGE) has turned its attention to the US cybersecurity and infrastructure security agency (CISA), threatening to axe nearly half of its staff – something critics on the other side of the political aisle have described as “schizophrenic”. Tim Haugh, the head of US Cyber Command and chief of the US’s signals intelligence agency, the NSA, and his deputy were dismissed in early April.
US President Donald Trump has also taken action against cybersecurity vendors, ordering the cancellation of Sentinelone’s security clearances earlier this month. The cybersecurity company appointed former CISA director Chris Krebs as chief intelligence and public policy officer shortly after he was fired by Trump for contradicting his false claims of voter fraud in the 2020 US election.
This politicisation of cybersecurity may have long-term repercussions, both in the US and globally, for cross-border information sharing and combating emerging threats, according to Laura Houston, a partner at legal firm, Slaughter and May.
“Three months into Trump’s term, it’s increasingly clear that cybersecurity is not one of the administration’s major priorities,” she says. “The administration isn’t denying the threat and has extended the long-running national emergency declaration concerning cyber risk. But there’s still no Senate-confirmed cybersecurity leaders in the Pentagon, the head of US Cyber Command has just been fired and CISA’s workforce is being significantly reduced.”
DOGE bites at CISA
CISA is the component of the department for homeland security responsible for public sector cyber safety. As well as overseeing cyber and infrastructure protection across government, the agency also evaluates ongoing cyber threats and coordinates proactive responses against hackers, both criminal and nation state-led.
In a memorandum last week, the Trump administration characterised the agency as leading “government censorship against Americans” under former CISA leader, Chris Krebs. It alleged that CISA censored “election information” and called Krebs a “significant bad-faith actor who weaponised and abused his government authority”.
It’s increasingly clear that cybersecurity is not one of the administration’s major priorities
At the same time, CISA is facing significant cuts – with insiders stating that 1,300 employees will be removed from the payroll along with a further 40% of all contractors. The full details of the cuts have not yet been announced.
“If there’s a reduction in capacity it can have real impacts,” says Brandon Wales, the former acting director of CISA, who now works at Sentinelone. “CISA is a large organisation and depending on where the cuts actually fall, the effect they will have on cyber operations is a little unclear.”
But if the numbers are anything close to those in the press, he says, the cuts could hamper CISA’s ability to support other federal agencies undergoing cyber incidents, as well as state and local governments and the private sector.
“I’d be concerned about their capacity to serve as the critical hub for information-sharing,” Wales adds. “A lot of information on threats and best practices is critical for the way in which we collectively defend the country.”
However, Wales describes the nomination of Sean Plankey, a former director for cyber policy in the first Trump administration, as a positive move, due to his real-world experience.
Wales adds that despite the “policy turmoil”, collaboration between international law enforcement organisations, such as the FBI, Europol, the Secret Service and Interpol, will survive any cuts. “That work is continuing and that’s important because you want those relationships to be deeply institutionalised, so that no matter what else is happening, the important collaboration will continue,” he says.
Cyber diplomacy norms shifting
But others farther from the US halls of power take a dimmer view. According to Matthew Hodgson, the CEO and cofounder of privacy company Element, the gutting of CISA will “obviously compromise the US’s ability to defend itself”.
“We can’t depend on the US securing services, for whatever reason, particularly when it’s become abundantly clear that they’re under very targeted attack,” he says. “Concerns were raised last year about [Russian advanced persistent threat group] Cosy Bear and other attacks on critical infrastructure. It really shifts the onus to individual countries to protect their own infrastructure and services, rather than delegating out to US tech companies.”
It’s obvious that the days of the US leading the free world are gone
The knock-on impact, he believes, will push the rest of the world to ensure their own security, rather than depending on US tech services. Already, European nations are working to stand up their own digitally sovereign tech stacks.
While the US department of defence denies reports it has ceased offensive cyber operations against Russia, the news nonetheless rattled some figures in the European cybersecurity sphere.
Tom Vazdar, a cybersecurity professor at the Open Institute of Technology, says that if the reports were accurate, they could signal a significant policy shift, where old alliances disintegrate and new ones are created. He suggests the cyber diplomacy at play with Russia could usher in a reformulation of such alliances, redirecting the US’s offensive capabilities towards China.
But a US withdrawal from engagement with Russia would “really reduce critical intelligence sharing,” says Vazdar, who has also served a security advisor to Europol.
“NATO and European nations fear increased cyber aggression from Russia. This could prompt Europe to independently develop more robust offensive cyber capabilities,” he says. “It’s obvious that the days of the US leading the free world are gone.”
By repeatedly failing to condemn Russian cyber aggression, Vazdar says, the US has “undermined all international norms against cyber attacks” while simultaneously “diluting deterrent strategies” – something he believes adversaries like China, Iran and North Korea may notice. “They may interpret the shift in US policy as a green light for increased cyber activity,” he says.
International cooperation has proved essential for taking down key figures in notorious ransomware gangs such as Conti, Lockbit and Phobos. If the US weakens its threat detection, intelligence sharing and international coordination, other countries will also become more vulnerable to such threats. “If you don’t have active personnel working 24/7 on monitoring what adversaries are doing, then it’s going to be really tough to rebuild everything from scratch,” Vazdar says.
While Trump’s attention has been focused on domestic cybersecurity cuts, any major recalibration of US cyber priorities pose risks for the rest of the world too.
With ‘Liberation Day’ tariffs crashing the economy and endless bellicose rhetoric, there are few areas where the Trump administration has not disrupted business-as-usual, at home or abroad.
Cybersecurity is one particular arena facing turbulence. Last month, Pete Hegseth, the US secretary of defence, was reported to have ordered a pause on offensive cyber operations against Russia. However, this has since been denied by the Pentagon.
Meanwhile, Elon Musk’s department of government efficiency (DOGE) has turned its attention to the US cybersecurity and infrastructure security agency (CISA), threatening to axe nearly half of its staff – something critics on the other side of the political aisle have described as “schizophrenic”. Tim Haugh, the head of US Cyber Command and chief of the US’s signals intelligence agency, the NSA, and his deputy were dismissed in early April.
