The Top Cybersecurity Agency in the US Is Bracing for Donald Trump

Donald Trump helped create the US government’s cybersecurity agency during his first term as president. Six years later, employees of that agency are afraid of what he’ll do with it once he retakes office.

Trump’s alliances with libertarian-minded billionaires like Elon Musk and his promises to cut government spending and corporate oversight have alarmed staffers at the Cybersecurity and Infrastructure Security Agency, the component of the Department of Homeland Security that defends US government computer systems from hackers and helps state and local governments, private companies, and nonprofit groups protect themselves.

CISA, which the Trump administration and Congress created in 2018 by reorganizing an existing DHS wing, became a target of right-wing vitriol after its Trump-appointed director rebuffed the president’s election conspiracy theories in 2020 (prompting Trump to fire him) and after it worked with tech companies to combat online misinformation during the 2022 election.

The incidents turned a once-obscure agency with bipartisan credibility into a conservative bogeyman. House Republicans have accused CISA of spying on and censoring Americans, and the GOP senator who will soon oversee the agency wants to eliminate it.

Now, with Trump returning to office vowing to purge disloyal civil servants and turn DHS into an immigration-crackdown machine, CISA employees are acutely worried about the fate of their still-fledgling agency, according to interviews with four current staffers and another US cyber official, all of whom requested anonymity to speak candidly about a sensitive subject.

“We believe it’s our responsibility to help those who don’t really have the ability to help themselves,” says one CISA employee. “We take our missions seriously, which is why we are all concerned, to a T, about if any decisions are going to affect our mission negatively.”

Scaling Back Corporate Accountability

CISA is bracing for change in several areas that were key to US president Joe Biden’s cybersecurity agenda.

Biden’s cyber strategy called for companies to take more responsibility for the security of their products and services, and CISA led that effort with its campaign encouraging companies to make their systems “secure by design” and “secure by default.” Agency officials pushed tech firms to make security features free and automatic and to pay closer attention to the quality of their code. Hundreds of companies have signed CISA’s secure-by-design pledge and vowed to take cybersecurity more seriously.

CISA employees and Biden administration officials expect the Trump team to kill Biden’s corporate responsibility initiatives. “They do not think it’s the role of the US government to make [the] private sector act in a certain way,” says a US cyber official.

A second CISA employee predicts that “compliance efforts like secure-by-design may not have the support that they currently benefit from.”

That retreat from corporate oversight will be a top priority of Musk and other tech billionaires who have flocked to Trump. “The tech influence here, assuming Elon Musk stays in Trump’s good graces, is going to be significant,” the cyber official says.

Without high-level White House backing, CISA’s secure-by-design campaign “becomes toothless,” says the first CISA employee. “Some companies will be less inclined to follow these [guidelines] if they don’t believe that the executive branch is going to support them.”

CISA employees are also watching uneasily to see if Trump officials pressure the cyber agency to water down its draft regulation requiring critical infrastructure operators to report cyber incidents. Congress mandated the rule in a 2022 spending bill, but groups representing infrastructure operators have complained that the draft requirements—which must be finalized by late 2025—are too onerous. Trump could force CISA to scale back the rules in order to appease the private sector.

Trump and his allies want to “get rid of anybody who can enforce the rules, because then the rules don’t matter,” the cyber official says. “In CISA’s instance, that’s going to be pretty significant.”

CISA is also bracing for changes to its election security mission. The agency has already dramatically scaled back conversations with social media companies about online misinformation following a right-wing backlash, but Trump’s team could force CISA to abandon even more of its election security work. CISA staffers worry that Trump will block the agency from participating in state and local election officials’ “Trusted Info” initiative, which encourages Americans to listen to their local election supervisors instead of provocative online claims.

“I think that work is probably dead,” says a third CISA employee.

South Dakota governor Kristi Noem, Trump’s pick to lead the Department of Homeland Security, embraced election conspiracies after Biden’s win in 2020. “Kristi Noem is a Trump loyalist who has backed him in election denial claims, and now she’s going to be in charge of the agency that oversees [CISA],” says the cyber official. “I have a lot of questions about what happens there.”

The third CISA employee expects to see the “persecution of those who have done election security work” once Trump takes office.

Weakening Authorities

Trump’s victory could also have serious consequences for other CISA missions.

Under Biden, CISA gained broader authority and new funding to monitor other agencies’ networks for suspicious activity, turning it into the centralized defender of federal networks that many experts always hoped it would become. That could change under Trump, especially if senior officials close to Trump bristle at CISA’s oversight.

“I can absolutely see the new administration coming in and saying, ‘Hey, you guys are not letting agencies do what they need to do. You have … too much power [to look] at how the agencies do things. We’re going to reduce your power,’” says the first CISA employee. “That will prevent us from doing the very necessary work that we need to do to protect the American people.”

One of CISA’s most formidable powers over other agencies could be watered down for an unexpected reason.

CISA can order the rest of the government to rapidly patch vulnerabilities and make other security improvements, and it has repeatedly used this authority in response to emerging digital crises. But while these directives only apply to federal agencies, some businesses treat them like unofficial government dictates and push their security teams to implement them.

If corporate leaders complain about these directives’ effects on their bottom lines, Trump’s team could force CISA to scale back its use of this authority.

The Trump administration could also try to cut costs at CISA by slashing the free services that it provides to state and local governments and critical infrastructure providers.

“My concern would be that some of those programs would just kind of fall to the wayside,” says the first CISA employee, who also fears that CISA’s “ability to express to the nation what we do and what services we offer” will “come under attack.”

Dimming the Stars

Trump’s influence on CISA could also undermine the agency’s long-running uphill battle to attract talented experts away from lucrative industry jobs and into public service.

Multiple CISA employees say they worry that Trump’s election will mean the end of what one called “star hires” like senior advisers Bob Lord and Jack Cable, the corporate cyber veteran and young security whiz, respectively, who lead CISA’s secure-by-design program.

“I can absolutely see guys like Bob Lord and Jack Cable—big, well-respected individuals in the security community—deciding that they want to take their stuff elsewhere if they don’t believe that the administration is serious about helping companies be more secure,” says the first CISA employee. Lord and Cable declined WIRED’s request to comment.

“This country has gotten so much more politicized over the past eight years to where it gets in the way of us doing our jobs,” the first CISA employee adds.

Trump’s promised changes to civil-service rules, which would expose more government workers to politically motivated firings, are also alarming CISA employees. “I worry about getting weaponized,” says the third CISA employee.

Political Tensions

When it comes to CISA’s fate, much will depend on whom Trump picks to lead the agency and how they navigate broader DHS politics.

The main contenders for CISA director—Karen Evans, a former Energy Department cyber official and White House IT official; Matt Hayden, who served as DHS’s assistant secretary for cyber policy during Trump’s first term; and Brian Harrell, who led CISA’s infrastructure protection wing under Trump—have cyber experience and bipartisan credibility. But if Trump passes over them, it’s not clear who will end up leading CISA.

“There’s not really a ton of star, right-leaning info security people out there who want to risk their credibility as a political appointee,” says the third CISA employee.

Even if CISA gets competent, well-liked senior officials, they will still be at the mercy of DHS leadership. Kristi Noem has touted her work on cybersecurity as South Dakota’s governor, including in an op-ed after her nomination that referenced CISA. But Noem was the only governor to reject money from a DHS cyber grant program for state and local governments in 2023, suggesting that she won’t support the program, which expires in late 2025.

A fourth CISA employee says they hope that once Noem and other Trump appointees “are briefed on the full extent of our nation’s cybersecurity problems, they will recognize the value of our work and its critical importance to national security.”

But even if Noem mostly leaves CISA to its own devices, her department’s leading role in Trump’s controversial immigration agenda—including promised mass deportations of undocumented immigrants—will likely inflame longstanding tensions between DHS and CISA.

“People within CISA don’t want to be considered part of DHS,” says the first CISA employee. “They believe that CISA should be its own realm.”

Amid a migration surge during Trump’s first term, DHS asked CISA employees to volunteer to help safeguard the US-Mexico border. “I do not believe that people [will] want to be considered part of DHS if that type of stuff is going to continue,” the first CISA employee says.

With DHS leaning harder than ever before into immigration crackdowns, CISA employees are longing for a separation—with even the conservative Project 2025’s unorthodox reorganization proposal sounding appealing to some.

“DHS is gonna be a real awful place the next four years,” says the third CISA employee. “Maybe we should move to Transportation.”

Quiet Concerns

While they wait for Trump to signal his approach to cybersecurity, CISA employees are quietly exchanging worries about what’s next for their workplace.

“There have been unspoken concerns about what’s going to happen once the administration changes,” says the first CISA employee. “Anything that we do is going to affect the American public in one way or another, so we need to know … what’s going to be coming down the pike.”

The mood inside the agency is “uncertain,” says the second CISA employee.

“CISA’s staff isn’t interested in getting politicized,” says the third CISA employee. “We just want to do good work for the American public that makes things more secure and resilient.”

CISA director Jen Easterly said in a statement that she “could not be prouder” of the agency’s achievements.

“CISA’s been able to accomplish its mission thanks to a talented and dedicated workforce, bipartisan support in Congress, and partnerships across government and industry,” Easterly said. “It’s important this work continues as the nation’s critical infrastructure faces an ever evolving and complex threat environment.”

For now, agency employees are distracting themselves by doubling down on that work.

“We kind of bury ourselves into the day to day, just trying to do as much as we can until we get the call that this position or this branch is going to be eliminated,” says the first CISA employee. “We don’t have any control over things right now, and I think that’s what makes things scary for a lot of us.”