WASHINGTON – The nation’s cybersecurity agency has played a critical role in helping states shore up the defenses of their voting systems, but its election mission appears uncertain amid sustained criticism from Republicans and key figures in the Trump administration.
President Donald Trump has not named a new head of the U.S. Cybersecurity and Infrastructure Security Agency, and for the first time since it was formed, there are no plans for anyone in its leadership to address the main annual gathering of the nation's secretaries of state, which was being held this week in Washington.
Recommended Videos
On Thursday, a panel on cyberthreats included an update from an FBI official who said the threats remained consistent.
“I’m often asked what the FBI sees as the top cyberthreats facing the U.S., and really the FBI’s answer for the last several years has been the same: China, China, China, ransomware, Russia, Iran, North Korea,” Cynthia Kaiser, a deputy assistant director in the bureau's Cyber Division, told attendees at the National Association of Secretaries of State meeting.
Trump’s new homeland security secretary, Kristi Noem, said during her Senate hearing that CISA had strayed “far off mission.” She pledged to work with senators “should you wish to rein them in” with legislation.
The agency formed in 2018 during the first Trump administration is charged with protecting the nation’s critical infrastructure, from dams and nuclear power plants to banks and voting systems. It is under the Department of Homeland Security, but CISA is a separate agency with its own Senate-confirmed director.
The agency has received bipartisan praise from many state and local election officials, but Trump and his allies remain angry over its efforts to counter misinformation about the 2020 presidential election and the coronavirus pandemic. The agency’s first director, Chris Krebs, was fired by Trump after Krebs highlighted a statement issued by a group of election officials that called the 2020 election the "most secure in American history.”
That drew Trump’s ire as he was contesting his loss to Democrat Joe Biden. Republicans have claimed repeatedly since then that CISA had worked with social media companies to censor conservative viewpoints on issues related to elections and health.
Agency officials have disputed that: “CISA does not censor, has never censored,” the agency's then-director, Jen Easterly, said last fall in an interview with The Associated Press. Nevertheless, Republicans continue to blame the agency and insist changes are necessary.
“Joe Biden’s Cybersecurity and Infrastructure Security Agency (CISA) was more focused on undermining President Trump than they were protecting our own critical infrastructure,” Rep. Marjorie Taylor Greene, R-Ga., chair of the newly formed House subcommittee on Delivering on Government Efficiency, said in a social media post last week. “The thugs responsible for that kind of waste and abuse will be held accountable!”
During the 2020 election, agency officials worked with states to help them notify social media companies about misinformation spreading on their platforms, but they have said they never instructed or sought to coerce those companies to act. For the 2024 election, CISA and other federal agencies alerted the public to various foreign misinformation campaigns, including a fake video linked to Russia purporting to show the mishandling of ballots in Pennsylvania.
In recent months, Meta CEO Mark Zuckerberg has echoed the GOP claims and announced plans to dismantle the company’s fact-checking program.
One of the first actions Trump took after returning to the White House on Jan. 20 was a signing of an executive order “ending federal censorship” and instructing his attorney general to investigate federal actions under the previous administration and to propose "remedial actions." There is little information about what’s next and whether CISA’s mission could change under new leadership.
Project 2025, a conservative blueprint for a Republican administration, recommended that CISA be moved to the Transportation Department and focused solely on protecting government networks and coordinating the security of critical infrastructure.
It said the agency should only help states assess whether they have “good cyber hygiene in their hardware and software in preparation for an election — nothing more.” That's what the agency has been doing in recent years, by providing training and security reviews.
Voting systems were designated critical infrastructure after an effort by Russia in 2016 to interfere in that year’s presidential election, which included scanning state voter registration databases for vulnerabilities.
Some state election officials were initially resistant to the idea of federal assistance. But many now credit the agency and federal money with helping them improve security ahead of the 2020 and 2024 presidential elections.
Minnesota Secretary of State Steve Simon, a Democrat who is president of the secretaries of state association, said it was understandable that a new administration needed time to decide what role it wanted for the cybersecurity agency. But he hoped its work with the states would continue, both in improving election security and highlighting disinformation campaigns.
“We need to know if a foreign adversary is seeking to misdirect and mislead Americans on any subject, whether it’s elections or science or national security or foreign policy,” he said in a phone interview Thursday from Minnesota before he was scheduled to leave for Washington.