Lauryn Williams is deputy director and senior fellow in the Strategic Technologies Program at the Center for Strategic and International Studies.
America is experiencing a five-alarm cybersecurity fire. Cyberattacks were up an astonishing 85 percent from September to October during the government shutdown, according to the cybersecurity firm The Media Trust, reaching into the hundreds of millions of sophisticated, targeted attacks aimed at federal workers at many agencies. In recent weeks, the Cybersecurity and Infrastructure Security Agency issued an emergency notification after a “nation-state affiliated cyber threat actor” compromised devices and software widely used in government.
Clearly, cybercriminals and nation-states sought to exploit the longest shutdown in American history. But the crisis only exposed the broader vulnerability of U.S. government agencies, as well as local government and private operators of critical infrastructure providing vital services such as water, electricity and telecommunications. Addressing these short- and long-term vulnerabilities demands urgent action from the Trump administration.
How did the United States arrive here? The civilian bureaucracy is experiencing unprecedented upheaval this year, and the workforce performing key cybersecurity missions protecting the nation’s critical infrastructure has been sharply reduced. More than 200,000 workers have left the federal civil service since January. By year’s end, Trump officials want that number to be 300,000. At CISA, which is the nation’s civil cyberdefense agency, 65 percent of staff were furloughed during the shutdown, which was on top of the many whose jobs were cut previously. The number of cyber defenders at CISA could be further depleted, as more job cuts are planned.
Further, industry cyberthreat information sharing is hindered by the lapse of a key law — the Cyber Information Sharing Act — that had protected companies from liability when providing intelligence to the government. Critical forums for communication with local government and industry about critical infrastructure have also been paused indefinitely. Meanwhile, the administration’s national cyber-policy priorities are still in development.
Other cyber-challenges have built up across administrations. China has long posed the most significant cyber-risk to the United States. It has invested in its “typhoons strategy” — a years-long effort to access data and preposition its hackers within U.S. critical infrastructure for possible weaponization in a potential conflict. In September, major outlets reported that the China-linked Salt Typhoon group may have stolen data from every American, including from the phones of Donald Trump and JD Vance when they were candidates. During its term, the Biden administration used a collection of soft tools — including indictments, sanctions and public attribution — but these failed to deter China’s campaign in cyberspace.
As the shutdown crisis ends, long-term cyber vulnerabilities will remain. As nation-state cyber actors like China up the ante, who will defend American’s sensitive data and critical infrastructure? And what should policymakers do to counter the well-resourced threats that are sure to come?
First, the Trump administration should reconsider any further staff cuts for agencies responsible for U.S. cyberdefense, including CISA. Coming out of the shutdown, administration officials have a big opportunity to reset and evaluate whether additional cuts or duty transfers within agencies will bolster or weaken America’s resilience to increasing cyberthreats.
Second, the administration can leverage its strong private-sector relationships to convene groups — including federal and local government and infrastructure operators in critical sectors — to share threat information and jointly recommend actions to the federal government. CISA managed sector-specific infrastructure advisory groups until they were terminated in March. Failure to regularly bring together government and industry to discuss common cyberthreats leaves both groups more vulnerable.
Third, the White House must take charge of providing a coordinated response to the long game China is playing in cyberspace.
The Pentagon appears to be refocusing its future National Defense Strategy on the “pacing threat” posed by China, and the next White House National Cybersecurity Strategy should likewise center China’s efforts to access America’s data and critical infrastructure. Beyond that, the White House should pursue bigger opportunities, including policy summits, to bring federal agency, local government and industry leaders together in one room to share threat information and discuss ways to secure our data and infrastructure.
Cyberthreats don’t ease up for a government shutdown — or any other time — so America’s cyber defenders can’t either. The White House must act decisively to rally federal agencies, local governments and industry into a united front. Only through coordinated, collaborative action can the United States build the robust cyber defenses it needs.
The post The cyberattacks are coming. Will anyone be there to stop them? appeared first on Washington Post.
