Eroding Foundations: The Precarious State of US Cyber Leadership
US cybersecurity leadership is dangerously eroding as strategic policy gives way to the President's political grievances. These vindictive actions have dismantled expertise and created clear weaknesses which America's adversaries are sure to capitalise on.
Recent developments in the United States paint a concerning picture of a nation whose leadership in the domain of cybersecurity has been effectively eroded by the short-sighted and vindictive agenda of their newly elected President.
As with his ill-advised imposition of tariffs in trade or the impulsive calls to annex Greenland (for what, we're still not sure), a series of actions within the cyber realm suggests a shift away from strategic, expert-driven policy towards decisions potentially swayed by political expediency and personal grievances.
This erosion of stable leadership and expertise will have significant implications for the global cyber threat landscape, creating vulnerabilities that nation-state and cyber criminal adversaries alike will undoubtedly seek to exploit.
Let's see where things have unraveled.
Deprioritisation of the Russia Threat
One of the first indications of the Trump Administration's "alternative" approach to Cyber Security was in the alleged instruction to US cyber agencies to stand down on operations targeting Russian entities.
Reports surfaced suggesting that analysts at CISA were verbally told not to follow or report on Russian threats, and that Russia-related projects were being "nixed". While CISA publicly refuted these claims, stating that there had been no change in their posture against all cyber threats, including Russia - the proximity in timing between these allegations and a reported pause in offensive cyber operations against Russia by US Cyber Command raised serious questions.
Senator Chuck Schumer criticized the Trump administration for potentially giving Russia a "free pass" amidst ongoing cyber operations and ransomware attacks against US infrastructure.
The US' softening of its stance on Russian cyber activities - whether due to a desire for improved relations or a shift in focus towards other perceived threats - it is being interpreted as a weakening of resolve against a known adversary with a history of malicious cyber activity.
Dismantling Oversight & Accountability Mechanisms
The next questionable (to say the least) decision by this Administration was the dismantling of the Cyber Safety Review Board (CSRB), which was at the time in the middle of investigating the wide-ranging breach of U.S. and global telcos by the Chinese-linked group Salt Typhoon.
Senator Ron Wyden criticized the move as a "massive gift to the Chinese spies who targeted top political figures" and suggested it looked like "payback for Microsoft's million dollar gift to Donald Trump's inaugural committee".
This is a massive gift to the Chinese spies who targeted top political figures. Killing the board that pressured Microsoft to up its cybersecurity looks for all the world like payback for Microsoft's million dollar gift to Donald Trump's inaugural committee.
— Senator Ron Wyden (@wyden.senate.gov) 2025-01-21T22:32:09.965Z
Despite initially being met with scepticism when it was first announced, the CSRB had since proved its value in providing independent and objective review of key Cyber Security incidents.
Anyone in the industry at the time will remember its scathing report on a "cascade of security failures" at Microsoft which enabled the China-aligned Storm-0558 Threat Group to compromise the systems and emails of multiple senior US leaders and Government Departments. The report led to significant commitments by Microsoft leadership to improve their security practices and culture, demonstrating the CSRB's ability to affect change.
The abrupt termination of the CSRB, before the completion of its report on a significant nation-state attack, brings into question the administration's commitment to independent oversight and understanding of the need to learn from past incidents.
Firing Skilled Cyber Defenders in Tense Times
The arbitrary staff cuts of skilled analysts in key cyber agencies like CISA and the NSA represent another critical point of failure. Reports indicate potential cuts of nearly 40 percent of CISA's workforce, and the Trump administration has been engaged in mass firings of probationary federal employees.
Former NSA cybersecurity director Rob Joyce warned Congress that these cuts would be "devastating" for US cybersecurity operations, particularly in countering threats from China. The elimination of threat-hunting teams and the fragmentation of personnel responding to critical infrastructure threats weakens the US' cyber defenses at a time when they are under constant attack.
The potential loss of experienced cybersecurity talent to the private sector due to uncertainty further exacerbates this issue.
"Firing cyber personnel at CISA harms national security on a daily basis — this goes well beyond disruption and is actually causing destabilization" -US Navy Rear Admiral Mark Montgomery.
Personal Insecurities Trump Global Cyber Security
The firing of the Director of NSA and Cyber Command, General Timothy Haugh, and the Deputy Director without clear and justifiable cause injects further instability into the US cyber leadership structure.
This decision, occurring shortly after the dismissal of other senior defense officials, has sparked concerns about political interference in traditionally nonpartisan intelligence roles. It's been widely reported that far-right conspiracy theorist Laura Loomer met with President Trump prior to the announcement being made, and advocated for the removal of Haugh who she saw as "disloyal" to the President.
Loomer later ranted on Twitter that Haugh was "HAND PICKED by General Milley" (a Trump critic) and Wendy Noble - the Deputy Director of NSA who was fired alongside Haugh - was an "Obama loving protege" and a "Trump hater".
Senator Mark Warner expressed deep concern, questioning how firing a "nonpartisan, experienced leader" amidst unprecedented cyber threats - while failing to hold his team accountable for leaking sensitive military information in the Signalgate scandal - makes Americans safer.
Loyalty Over Integrity
Finally, the recent revocation of security clearances for all employees of security company SentinelOne as part of a vindictive attack on former CISA head Chris Krebs underscores a deeply concerning trend.
The White House memorandum accuses Krebs of being a "bad-faith actor who weaponized and abused" his authority at CISA by censoring speech and promoting a partisan agenda related to the 2020 election and COVID-19. As a punitive measure against Krebs, who now works at cyber security vendor SentinelOne, the administration has suspended the security clearances of both him and his current colleagues pending a review.
This action, described as "unprecedented and punitive", demonstrates a willingness to use government authority to target individuals and entities based on perceived disloyalty, regardless of the potential impact on national security.
SentinelOne, a cybersecurity company that partners with the US government, could see its ability to collaborate and secure government systems hampered by this sweeping revocation.
The US, once a perceived leader in global cybersecurity, appears to struggling - and failing - to grapple with internal instability, resulting in a shift in priorities that have diminished its capacity and reliability in addressing the escalating cyber threat landscape.
Reduced engagement against adversaries like Russia could embolden their malicious activities.
The sidelining of independent review boards hinders the ability to learn and adapt.
Staff cuts weaken the front lines of cyber defense.
Politically motivated leadership changes erode trust and expertise.
And the weaponization of security clearances against private sector entities can stifle collaboration and innovation.
In a world where cyberattacks transcend borders and can cripple critical infrastructure, a strong and dependable leadership - which has historically been embodied by the US - is paramount. The recent trajectory, however, suggests a concerning vulnerability: that strategic imperatives can - and are - being overshadowed by political agendas and personal vendettas.
The age of US leadership in cybersecurity is over - at least for the term of this administration. Time will tell if the damage caused (and yet to come) can be reversed by future administrations, but for now - as in the realms of Defence and Commerce - the world will have to redefine how it operates in the Cyber sphere without the US to rally around.
