2025 will be a decisive year for cybersecurity in the United States and the free world. In an era where critical infrastructure—ranging from hospitals and financial institutions to energy grids and election systems—relies heavily on digital networks, cybersecurity is no longer an optional defense mechanism; it is an essential safeguard of national security.

Yet, over the last decade, the inadequacies of the nation’s cybersecurity posture have become increasingly apparent, posing risks that are untenable for both the country and the global economy. The sheer volume of cyberattacks and their related financial damage cannot be sustained much longer unless the United States radically transforms its approach to cybersecurity.

The Current State of Cybersecurity

At the federal government level, cybersecurity efforts remain fragmented. The Cybersecurity and Infrastructure Security Agency (CISA) was established nearly seven years ago to centralize cybersecurity oversight. However, critics argue that it has yet to fully realize its potential. Debates persist about CISA’s evolving role—particularly its politicization under former President Donald Trump—and what it might look like in future administrations.

Created in 2018, CISA is tasked with protecting critical infrastructure and coordinating cybersecurity initiatives across federal, state, local, and private-sector entities. As new threats continue to emerge—from sophisticated ransomware syndicates to state-sponsored advanced persistent threats (APTs)—CISA’s responsibilities have expanded, shaping not just the agency’s trajectory but also the broader landscape of cybersecurity in America.

Interagency Challenges

Despite its central role, CISA often contends with competing priorities and overlapping jurisdictions within other federal agencies. Departments such as HHS, DOE, EPA, and TSA each maintain cybersecurity teams that establish or enforce industry standards, resulting in additional layers of compliance

without necessarily improving overall security. This fragmented approach has become increasingly unsustainable for both private organizations and the federal government, leaving gaps that adversaries can exploit.

Adding to this complexity, entities like the National Vulnerability Database (NVD) and the National Institute of Standards and Technology (NIST) face ongoing backlogs in evaluating newly disclosed vulnerabilities. This delay forces the government to rely on ad hoc collaborations with third-party researchers and vendors to manage an endless stream of threats.

Collaboration with FBI and Secret Service

In addition to CISA’s coordination efforts, the Federal Bureau of Investigation (FBI) and the U.S. Secret Service play crucial investigative roles. Both agencies frequently partner with CISA to probe cyber-related crimes, share threat intelligence, and support incident response efforts. The FBI focuses on identifying and disrupting cybercriminal networks, while the Secret Service traditionally concentrates on financial and high-tech crimes, including sophisticated fraud schemes.

However, collaborating with the FBI and Secret Service can also pose challenges for industry. Companies hit by ransomware or data breaches often find themselves communicating with multiple agencies—ranging from local law enforcement to federal investigators—while simultaneously providing technical details to CISA. This environment can create confusion and unclear directives, particularly when organizations are under pressure to restore operations and protect sensitive data. Establishing clearer protocols and streamlined lines of communication between CISA, the FBI, and the Secret Service remains vital for both swift incident containment and overall resilience.

A Brief History of CISA Leadership

Since its founding, CISA has been guided by key leaders whose decisions have significantly influenced national cybersecurity policy. Two notable directors—Christopher Krebs and Jen Easterly—brought distinct leadership styles and confronted different controversies.

Chris Krebs (2018–2020)

Chris Krebs served as CISA’s inaugural Director after its formal establishment in November 2018. Appointed by President Donald Trump, Krebs was responsible for federal network protection and election infrastructure security. Under his guidance, CISA played a prominent role in addressing misinformation and disinformation, particularly during the 2020 presidential election. One high-profile initiative was the “Rumor Control” webpage, aimed at debunking false claims about electoral processes. Critics argue this put both Krebs and CISA under heightened scrutiny regarding the agency’s role in policing misinformation.

As the 2020 election approached, Krebs’s tenure became increasingly politicized. In an effort to affirm election integrity, CISA released statements disputing allegations of widespread voter fraud. Most prominently, it collaborated with federal and state officials to declare the 2020 election “the most secure in American history.” This stance contradicted certain narratives within the Trump administration and led to Krebs’s dismissal in November 2020—widely seen as a direct response to CISA’s unwavering position on election security and disinformation. During this period, CISA also struggled to establish strong private-public partnerships, limiting its ability to fully execute its mandate.

Jen Easterly (2021–January 2025)

Jen Easterly succeeded Krebs in July 2021 after being nominated by President Joe Biden. A former Army intelligence officer and senior NSA official, Easterly brought a wealth of cybersecurity expertise. Early in her tenure, she emphasized public-private partnerships, transparent communication, and proactive measures to tackle emerging cyber threats.

Easterly continued and expanded CISA’s efforts to combat misinformation and disinformation, again centering on election security. By collaborating with social media platforms, state election officials, and other partners, CISA aimed to counter false narratives that could undermine public trust. However, Elon Musk’s takeover of Twitter and subsequent document releases—known as the “Twitter Files”—along with disclosures by Meta, fueled criticism suggesting that CISA’s involvement in monitoring online content had become overly politicized, potentially impinging on free speech.

While some commended these initiatives, others contended they placed CISA at the center of partisan debates. Easterly stepped down on January 19, consistent with the departure of political appointees during a transition of power. With DHS Secretary Kristi Noem and President Trump now leading the administration, the future of CISA and its leadership remains in flux.

The Ongoing Politicization of CISA

From Krebs’s contentious departure to Easterly’s public-facing strategies, concerns over CISA’s neutrality persist. Advocates assert that CISA is adapting to modern security threats, many of which involve disinformation intended to destabilize critical infrastructure. Skeptics, however, fear that by focusing on election security policies, CISA has been drawn into partisan strife.

Central to these criticisms is CISA’s process for defining disinformation and choosing how to mitigate it. Labeling or removing misleading information can be seen by some as government overreach, while neglecting false narratives poses serious threats to election security and national stability—issues squarely under CISA’s purview.

Whoever ascends to the directorship will need to depoliticize the agency while still capitalizing on Easterly’s industry relationships. Public trust and effective collaboration with private entities remain key to bolstering U.S. cyber resilience. If confidence in CISA erodes further, its mission to protect national infrastructure could be compromised.

The Cyber Challenge in the Department of Defense

Outside of CISA’s civilian-oriented mission, the Department of Defense (DoD) faces its own organizational challenges in cybersecurity. A central concern involves the “dual-hat” arrangement, wherein one individual oversees both the National Security Agency (NSA) and U.S. Cyber Command (USCYBERCOM). Critics assert that this setup conflates intelligence-gathering with military operations, undermining accountability.

• Trump Administration (2025): Upon returning to power, the Trump administration signaled that it intends to officially separate the NSA from USCYBERCOM. While details remain sparse, early statements suggest the goal is to clarify lines of authority between intelligence gathering and warfighting, reducing potential conflicts of interest. Supporters within the administration believe a standalone Cyber Command would foster more targeted offensive capabilities, while a solely intelligence-focused NSA could better protect classified data and surveillance processes.

  Critics warn that any abrupt structural shift might disrupt existing operations and lead to bureaucratic challenges. Serving in both top roles since 2018, Nakasone highlights the advantages of unified leadership, stressing that NSA intelligence directly supports USCYBERCOM operations. During congressional testimony, he cautioned that splitting the roles might hinder responsiveness and create bureaucratic hurdles.

• Former Secretary of Defense Mark Esper: In 2020, Esper contemplated separating the agencies but ultimately did not pursue the change, citing concerns over readiness, budgetary implications, and inter-agency cooperation.

• Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI): As co-chairs of the Cyberspace Solarium Commission, both have signaled openness to a future split, provided robust oversight and strategic workforce planning are in place.

• Critics of the Dual-Hat Arrangement: Some lawmakers and defense analysts argue that intelligence and warfighting missions should be distinct to avoid conflicts of interest. They worry a single commander may prioritize offensive operations at the expense of intelligence collection—or vice versa.

Unifying Cyber Operations vs. Splitting Agencies

Others have proposed consolidating cyber units from all military branches into a single, specialized cyber force—resembling the U.S. Space Force model. Proponents claim such a structure would:

• Streamline decision-making and resource allocation.

• Minimize overlapping mandates and redundant training.

• Establish clearer lines of command and control.

Detractors counter that each service faces unique threat environments and operational challenges, making a single cyber force overly broad. Budget constraints and agency politics further complicate any major reorganization.

Regardless of how these debates unfold, the DoD’s decisions will significantly influence America’s overall cybersecurity posture—an ecosystem in which CISA also plays a pivotal role.

Leave a comment

Looking Ahead

CISA’s effectiveness in coming years hinges on its ability to adapt to evolving threats, coordinate with other federal agencies, and earn public trust. Its deepening involvement in misinformation oversight has thrust the agency into vital political and social discussions, making its mission even more complex.

Moving forward, policymakers and cybersecurity experts must address:

• Centralized vs. Decentralized Cybersecurity: Streamlining efforts across multiple federal agencies to avoid duplication.

• Balancing Security with Civil Liberties: Clarifying how CISA can counter disinformation without undermining free speech.

• Public-Private Partnerships: Expanding collaboration between government and industry to enhance threat intelligence and expedite incident responses.

• Organizational Reforms at DoD: Weighing the pros and cons of a NSA–USCYBERCOM split or the creation of a unified cyber force.

James’s Game Plan

Below is a strategic outline for how the incoming Trump administration—or any administration—could reinforce U.S. cybersecurity:

1. Adopt an Offensive Cyber Strategy: Following National Security Advisor Mike Walz’s recommendations, prioritize stronger offensive cyber capabilities as a deterrent against adversaries.

2. Depoliticize CISA: The next director should focus on establishing consistent cybersecurity standards, aiding small and medium-sized businesses (SMBs), and coordinating national incident response while avoiding partisan disputes.

3. Form a Dedicated Cyber Service: Resembling the U.S. Space Force, consolidate cyber units across all military branches into a specialized cyber command to train and develop a robust cyber workforce.

4. Integrate Cybersecurity into Business Strategy: Encourage private enterprises to take geopolitical threats into account, incorporating cybersecurity deeper into governance and strategic planning.

5. Pass Key Legislation: Accelerate the passage of Federal Data Breach Notification and Federal Data Privacy bills to strengthen legal frameworks around cybersecurity.

Cybersecurity professionals also play a critical part by bridging the gap between technology and business leadership, accurately gauging risk, and fostering alliances within and beyond organizational boundaries. Ultimately, protecting the nation’s digital infrastructure requires a well-coordinated approach, decisive leadership, and the ability to adapt quickly in an ever-shifting threat landscape. As the federal agency charged with safeguarding critical infrastructure and mitigating disinformation, CISA’s role is paramount—regardless of who holds the presidency.