Trump weakens US cyber defences at a moment of rising danger

WASHINGTON - When US President Donald Trump abruptly fired the head of the National Security Agency (NSA) and US Cyber Command on April 3, it was the latest in a series of moves that have torn away at the country’s cyber defences just as they are confronting the most sophisticated and sustained attacks in the nation’s history.

The commander, General Timothy D. Haugh

, had sat atop the enormous infrastructure of American cyber defences until his removal, apparently under pressure from the far-right Trump loyalist Laura Loomer.

He had been among the US officials most deeply involved in pushing back on Russia, dating to his work countering Moscow’s interference in the 2016 election.

His dismissal came after weeks in which the Trump administration swept away nearly all of the government’s election-related cyber defences beyond the secure NSA command centres at Fort Meade, Maryland.

At the same time, the administration has shrunk much of the nation’s complex early-warning system for cyber attacks, a web through which tech firms work with the Federal Bureau of Investigation and intelligence agencies to protect the power grid, pipelines and telecommunications networks.

Cyber-security experts, election officials and lawmakers – mostly Democrats but a few Republicans – have begun to raise alarms that the US is knocking down a system that, while still full of holes, has taken a decade to build.

It has pushed out some of its most experienced cyber defenders and fired younger talent brought in to design defences against a wave of ransomware, Chinese intrusions and vulnerabilities created by artificial intelligence.

“At a time when the United States is facing unprecedented cyberthreats – as the Salt Typhoon cyber attack from China has so clearly underscored – how does firing him make Americans any safer?” Senator Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee, said on the night of April 3 after Gen Haugh’s ouster.

Mr Warner was referring to an operation in which Chinese intelligence bored so deeply into US telecommunications networks that it had access to the Justice Department’s system for lawful interception of calls or text messages and could listen in on some conversations, including Mr Trump’s during his campaign in 2024.

Mr Trump’s embattled national security adviser, Mr Michael Waltz, has not yet announced a new cyber strategy, but he has argued that the country needs to go on offence more.

“We’ve been playing a lot of defence, and we keep trying to play better and better defence,” Mr Waltz told Breitbart before the inauguration.

“If you’re putting cyber time bombs in our ports and grid,” he added, the US must show that “we can do it to you, too”.

But many cyber experts worry that the intense focus on offensive operations – which have been part of American strategy going back to the US-Israeli cyber attack on Iran’s nuclear programme 15 years ago – is risky.

America’s huge vulnerabilities, made evident in recent years as China placed malware in its rival’s utility grids and the telecom system, illustrate how easy a target the US is for retaliation.

As a top cyber official in the Defence Department during the Biden administration used to point out, “we live in the glassiest house”.

Somebody lowered the drawbridge

In his first term, Mr Trump and his top aides fortified cyber defences.

He signed legislation creating the Cybersecurity and Infrastructure Security Agency (Cisa), and the White House started publicly naming countries that were attacking the United States.

As the 2018 elections approached, US Cyber Command conducted counterstrikes on Russian hackers and intelligence agencies.

Gen Haugh was deeply involved in that effort as a leader of the Russia Small Group, a joint operation between the NSA, the nation’s premier cyber espionage agency – with 32,000 employees, it is nearly 50 per cent larger than the CIA – and Cyber Command, its military cousin.

But Mr Trump has moved in the opposite direction in his second term.

For four years, he nurtured deep resentments about Cisa, which had declared that the 2020 election was one of the best run in history, undercutting his false claims that he had been cheated of victory.

Weeks after taking office in 2025, he began a campaign of dismantlement.

Federal programmes that monitored foreign influence and disinformation have been eliminated.

Key elements of the warning systems intended to flag possible intrusions into voting software have also been degraded; the effects may not be known until the next major election.

And contractors who worked with local election officials to perform cyber-security testing, usually with federal funding, have found the deals cancelled.

In early March, Cisa – which is nested inside the Department of Homeland Security – cut more than US$10 million (S$13.5 million) in funding to two critical cybersecurity intelligence-sharing programmes that helped detect and deter cyberattacks and that alerted state and local governments about them.

One programme was dedicated to election security, and the other to broader government assets, including electrical grids.

In some counties around the nation, these two programmes were the only ways that local governments stayed on top of mounting attacks.

“It’s like somebody lowered the drawbridge, and there’s no guards,” said Mr Adrian Fontes, the Democratic secretary of state in Arizona, who has written letters of protest to the White House, the Department of Homeland Security and his congressional delegation.

“This is incredibly bad.”

Cisa’s election-security programme had helped identify not only cyber attacks but also risks to key infrastructure such as voter databases.

The programme shared information between election officials and federal agencies to prevent attacks.

In Arizona, the programme helped Mr Fontes and other officials learn on election night in November 2024 that 15 bomb threats they had received were a hoax originating in Russia, a realisation that allowed voting to go largely uninterrupted in the battleground state.

In Colorado, the programme helped Ms Jena Griswold, the Democratic secretary of state, alert her counterparts across the country, as well as Cisa, about an orchestrated break-in by a local election official in 2021.

Cisa’s leadership has maintained that election officials will have “access to the same Cisa support”, which includes “cyber and physical security services and incident response”.

Cuts and cancelled contracts

Similar but less severe cuts have hit the country’s broader cyber-security defences, at a moment when ransomware attacks are becoming more sophisticated and efforts to deter state-sponsored attacks have largely failed.

The innovative Cyber Safety Review Board – based on the National Transportation Safety Board, which investigates transportation accidents – was created by the Biden administration to extract critical lessons from major breaches.

It was dismantled soon after Mr Trump took office, even as it was in the midst of examining Salt Typhoon and trying to figure out how China’s intelligence agencies pierced deep into the American telecommunications system.

Because the first line of defence is often in the private sector – Microsoft was the first to find Salt Typhoon – the impact of this retrenchment may take months or years to understand.

Mr Jason Healey, a cyber expert at Columbia University with long experience in government, said that the cuts “to secure elections or fight misinformation are least likely to get reinstated”.

But he predicted that new leaders of Mr Trump’s cyber-defence programmes were “likely to rebuild others once they realise, like every team before them, they need outside advisers and mechanisms to better coordinate and share information across government and with companies in critical infrastructure”.

In a reflection of the administration’s effort to bring cyber security more within the government, Cisa cancelled contracts in March that affected more than 100 cyber-security experts with a range of specialities.

Some, for example, led “red teams” that hunted for vulnerabilities that needed to be sealed off to intruders, a practice known as penetration testing.

And there are reports of more looming cuts at the agency, though the timing remains unclear, and the agency declined to comment.

Administration officials argue that the nation’s cyber defences remain robust, and they have defended the cuts as eliminating duplicative work.

“Cisa has taken action to terminate contracts where the agency has been able to find efficiencies and eliminate duplication of effort,” the agency said in a statement in April.

It added, “Cisa’s red teams continue their work without interruption.”

But Mr Waltz is betting that by going on offence, he can deter attacks on the US.

Yet history suggests that the strategies that worked in the nuclear arena often do not translate smoothly to cyber operations.

Over the past 15 years, US cyber warriors have not only crippled Iran’s nuclear programme but also got inside Russian power plants and North Korea’s missile programme.

But the effects have proved fleeting.

Russian, Iranian and North Korean cyber attacks on the US have grown more sophisticated, and so has North Korea’s missile arsenal.

Fears about future voting security

Around the country, election officials in both parties are worried.

Mr Al Schmidt, the Republican secretary of state in Pennsylvania, sent a letter in March to Ms Kristi Noem, who, as the homeland security secretary, oversees Cisa, listing four instances in 2024 when federal cyber-security programmes being targeted helped his state hold fair elections.

In August 2024, for example, Cisa helped ward off an attempted cyber attack on Pennsylvania voters using text messages disguised as reminders to register to vote.

And in September 2024, Cisa warned that envelopes containing white powder were being sent to Pennsylvania election offices.

“Put simply, withdrawing Cisa’s support for local election officials will make elections less secure,” Mr Schmidt wrote.

His letter brought up another point – many election officials can no longer seek outside funding to pay for the cyber-security programmes that the federal government is now cutting.

Pennsylvania and 27 other states have passed laws banning private donations to help fund elections infrastructure.

The measures, known as Zuckerbucks bans, stem from conservative groups’ false claims that the billionaire Mark Zuckerberg helped Democrats steal the 2020 election with his large donations to election offices.

In Weber County, Utah, a heavily conservative area, Mr Ricky Hatch, the county clerk, said that, while he was a Republican himself, he worried about the end of federal help.

“I understand and applaud the efforts of the current administration, however clumsy they might be, to take a hard look at places where they can save money,” said Mr Hatch, who helped start Cisa’s election-security programme.

But the funding for election security, he added, “is crucial money that is well spent to help secure the infrastructure of our nation’s election systems”.

“I’m pretty concerned that that money is going to move away from that sphere,” he said.

Ms Griswold noted that before long, America would find itself in election season again.

“The bigger picture is that the loss of partners at the federal level could have this huge impact, and we do not have the pleasure of waiting around for the Trump administration to figure out what they’re doing,” she said.

“Elections start very soon.” NYTIMES