The federal government’s ability to counter cyberespionage, destructive hacks and organized criminal scams is declining under the Trump administration just as artificial intelligence supercharges those threats, according to interviews with current and former officials as well as outside cybersecurity experts.
“New leadership is needed to protect our nation from increasing cyberthreats,” the Cybersecurity Coalition, a trade group for security companies and tech giants including Microsoft, Google and Cisco wrote in a letter to the White House last week. The group cited the surging use of AI by attackers and asked for more engagement with the private sector.
The business group was echoing alarms expressed by career experts and members of both parties in Congress over a retreat that includes a one-third cut in staff at the Cybersecurity and Infrastructure Security Agency. The layoffs were driven both by President Donald Trump’s anger over the agency’s past warnings about foreign propaganda and by the White House’s general push to slash government payrolls.
“While adversaries are accelerating with AI, the federal cyber posture has been scaled back,” said Chris Krebs, founding CISA director during Trump’s first term before being fired for saying the 2020 election had not been hacked. “The strategy is unclear, headcount is down, and capacity is gutted. Like it or not, we’re not as strong today as we need to be.”
The Trump administration denied any diminution of its cyberdefenses.
“CISA is steadfastly fulfilling its core mission by demonstrating daily operational collaboration, accelerating intelligence sharing, and strengthening our defense of cybersecurity and critical infrastructure across the nation,” said Marci McCarthy, the agency’s public affairs director, who declined to make an official available for interviews.
In the latest example of a new order of threats, AI company Anthropic said this month that Chinese government-backed hackers abused its Claude coding tool to create autonomous agents that ran most of an advanced and successful espionage campaign against large tech companies, financial institutions, chemical manufacturing companies, and government agencies.
With little human oversight, the company said, the AI agents found rich target datasets and unpatched vulnerabilities in the software protecting them. China denied any involvement in the alleged hack. The relevant U.S. agencies did not comment on Anthropic’s report, but it prompted the House Homeland Security Committee Wednesday to summon the company’s CEO to testify.
AI makes it easier for spies to find new vulnerabilities by empowering computer programs to analyze vast amounts of code seeking logic flaws or other lapses. The speed in executing commands also lets ordinary criminals try hacking more people at once. And there are few government guidelines as companies roll out riskier features such as AI browsers, which have access to much more personal and corporate data and can be hijacked by outsiders.
Recent attacks have tricked AI programs on victims’ computers into performing tasks on behalf of the attacker, including finding passwords and logins for cryptocurrency accounts.
Meanwhile, an internal November memo from CISA’s acting director, reported last week by trade publication Cybersecurity Dive, said the agency was “hampered by an approximately 40 percent vacancy rate across key mission areas” and planned more hiring. Beyond those deliberately cut, others said in interviews they left for better-paying opportunities in the private sector or in frustration over a lack of leadership and strategy. McCarthy, the CISA spokeswoman, declined to comment on the memo.
While the government shutdown exacerbated the shortfall in cyberdefense capabilities, more than a dozen people said in interviews the reopening would not reverse the reductions that have developed since President Donald Trump retook office Jan. 20. All of the current officials spoke on the condition of anonymity for fear of retribution.
Cybersecurity experts in and out of the administration cite a number of setbacks.
Congress has not confirmed a new director for CISA, which is part of the Department of Homeland Security, or for the National Security Agency, the Defense Department entity responsible for signals intelligence. The White House hasn’t settled on a nominee for the NSA chief. In CISA’s case, Democratic Sen. Ron Wyden of Oregon put a hold in April on a broadly supported nominee until the agency publishes a 2022 report on phone company security.
That leaves priorities and strategy in limbo at the two main cyberdefense agencies, the people said.
In addition, the Federal Communications Commission voted this month to drop telecommunications security standards that had been mandated after the discovery that a Chinese government team known as Salt Typhoon had hacked the big phone companies.
“Rolling back these rules leave some of the nation’s most valuable networks unsecured,” said Anne Neuberger, the deputy national security adviser for cyber and emerging technology under President Joe Biden and before that the leader of the National Security Agency’s cybersecurity directorate. “China’s hacking of multiple telecoms in the U.S., in some cases hacks that spanned several years without being detected, highlighted that the cybersecurity of many telecoms was inadequate to defend against the threat.”
The FCC last month called those rules “unlawful and ineffective” and said it was taking an “agile and collaborative approach to protecting the nation from cyberattacks” under which telcos have individually agreed to put better safeguards in place.
A senior administration official denied that U.S. defenses have weakened, speaking on the condition of anonymity to follow press-office guidelines. He said that White House progress in some areas must remain classified secrets and that the cuts at CISA were warranted by previously excessive agency ambitions and mission drift. A White House official with broad oversight but limited power, National Cyber Director Sean Cairncross, told a conference last week the administration is focused on imposing costs on adversaries and will release a strategy document soon.
Other current and former officials said federal attention has wandered.
“This administration does not take cybersecurity particularly seriously,” said a former counterintelligence official. “You haven’t seen anyone talking about Salt or Volt Typhoon [the Chinese-backed hackers of telcos and utilities] for months, even though it remains a problem.”
To be sure, even during the shutdown, CISA continued to warn companies of ongoing attacks and direct agencies to take defensive actions within days in urgent cases.
And a task force on federal acquisition security issued its first order in September, banning Swiss security and backup software provider Acronis, founded by a Russian expatriate, from intelligence contracts and subcontracts — an action the Biden administration had contemplated but not implemented for years.
“This change has no impact on Acronis’ ability to serve nongovernment customers in the U.S. or clients across the other 150 countries in which we operate,” the company wrote in a statement.
The Commerce Department leads a separate interagency process that can ban foreign products even from private transactions on national security grounds. But multiple decisions to take such actions have been stalled at the highest levels of the department during trade talks with China, people close to the process told The Post. Some of them said the potential bans were in abeyance because leaders wanted them as bargaining chips with China. “You can’t have security achieved through this transactional nature,” one of them said.
Among those on hold is a proposed ban on low-priced, top-selling home and office internet routers from TP-Link Systems, which spun off from a Chinese company. On Oct. 30, the same day The Post published an article on that proposal, the Republican chairs of five House committees askedCommerce Secretary Howard Lutnick for an update on his handling of TP-Link and 18 other companies that government agencies have alleged have ties to China. The Commerce Department declined to comment.
TP-Link said it is now an American company and that it would make more sense to have security requirements for all gear instead of banning some based on where parts originated. “To assume that every product using Chinese parts or labor is automatically an eavesdropping device for the CCP [Chinese Communist Party] is an oversimplification at best, and in most cases, plain wrong,” TP-Link security contractor Matt Wyckhouse said Thursday.
A comprehensive analysis of how the administration has been handling threats in cyberspace was issued last month by leaders of the Cyberspace Solarium Commission, who provide an annual report on progress implementing each of the Commission’s original 82 recommendations.
This year, Commission co-chair Sen. Angus King (I-Maine) and executive director Mark Montgomery concluded for the first time that the country’s defenses had gotten weaker.
“Our nation’s ability to protect itself and its allies from cyberthreats is stalling and, in several areas, slipping,” the men wrote. “Technology is evolving faster than federal efforts to secure it. Meanwhile, cuts to cyber diplomacy and science programs and the absence of stable leadership at key agencies like the Cybersecurity and Infrastructure Agency, the State Department, and the Department of Commerce have further eroded momentum.”
Montgomery said in an interview that he was especially concerned about the depletionof the federal cybersecurity workforce — both the sheer volume and the fact that job reductions were hitting young staffers still on probation and the most senior people, who were eligible for buyouts. In October, the most recent of many rounds of layoffs hit a CISA team with a mission to contact likely hacking targets and walk them through available protections.
“It wasn’t just too much, it was the wrong target set,” Montgomery, a retired rear admiral and former White House official, said of the impact since the inauguration. “They’re creating problems for next year and years to follow.”
Another group of former officials also argued in papers this month that the threats are outpacing the U.S. response. “Despite its power, the U.S. remains vulnerable to cyberattacks due to the vast, rapidly growing complexity of cyberspace and decades of internal bureaucratic battles,” concluded the group, known as the Project on Technology and National Security.
“Time is not on the side of defense,” wrote former DHS deputy secretary Jane Lute. “With the rapid acceleration of artificial intelligence in all its manifestations, cyber attackers now have a vastly more powerful set of tools for mischief and crime, not only in cyberspace, but in every conceivable domain.”
The post The U.S. has been cutting cyber defenses as AI boosts attacks appeared first on Washington Post.
