EXCLUSIVE INTERVIEW – As the U.S. government considers restructuring and staff reductions to its cybersecurity departments, officials at the state level are watching closely – and hoping that the federal cuts and changes don’t damage their ability to deal with an unprecedented level of threats.
As The Cipher Brief reported earlier this week, the White House has proposed nearly $500 million in cuts to the Cybersecurity and Infrastructure Security Agency (CISA), and is reportedly finalizing plans to remove some 1,300 people from the CISA payroll. In the meantime, the U.S. still doesn’t have a confirmed Assistant Secretary of Defense for Cyber, a confirmed CISA Director or a confirmed National Cyber Director – although nominees have been announced.
“If you look at NSA, CISA, and the FBI, they’re usually our trifecta when it comes to domestic cyber – either defense or sometimes offensive operations,” Matt Hayden, a former Assistant Secretary for Cyber, Infrastructure, Risk and Resilience at the Department of Homeland Security, told The Cipher Brief. “They’re looking at how those three groups are structured. They’re looking at their leadership’s ideas around reorganization. They’re looking to Congress and the budget to make sure that they’re properly resourced.”
Last week, in a keynote speech at a cybersecurity conference in San Francisco, Homeland Security Secretary Kristi Noem sought to reassure experts in the field that CISA would be restructured to focus more closely on threats to U.S. critical infrastructure – particularly from China.
“We need to put CISA back to focusing on its core mission,” Noem said, while acknowledging the concerns about workforce cuts. “I would encourage you to just wait till you see what we’re able to do. There are reforms going on that are going to be much more responsive. Instead of just talking about cybersecurity, we’re going to do it.”
Those remarks came as welcome news to Colin Ahern, Chief Cyber Officer for the State of New York. Ahern says he hopes that he and other state-level cybersecurity officials will soon see that “core mission” focus take effect – as he fears the U.S. is “falling behind” in its overall cyber defense.
“Our adversaries are not waiting,” Ahern told The Cipher Brief. “Our adversaries are not standing by. Our adversaries are conducting ransomware attacks against our businesses, our schools, our hospitals each and every day. The Chinese in particular are continuing to wantonly steal intellectual property. And so unfortunately, we're not in a situation where we can wait. I think time is of the essence.”
Ahern spoke with Cipher Brief Managing Editor Tom Nagorski about the cyber risks from his perspective, what he hopes to see in terms of the federal response, and the gravity of the global threat -what he called the "democratization of the cyber criminal ecosystem."
Their conversation has been edited for length and clarity. You can watch the interview in full at our YouTube channel.
The Cipher Brief: There’s been a lot of talk recently about restructuring, reorganization and cuts to the federal institutions - and in terms of cyber, to CISA in particular. What are your thoughts on that, from the perspective of one of the most important states in the country?
Ahern: There's a couple of things that come to mind. Number one is there's certain things that only the federal government can do. Principal among those is to coordinate responses to major cyber incidents – NotPetya, in 2017; Midterm elections, in 2018; SolarWinds; Colonial Pipeline and on and on. The global situation broadly is deteriorating. Russia, China, Iran, North Korea, continue to advance their [cyber] capabilities in their own organizations.
In my view, the United States is organizationally, capability-wise and from a coordination perspective, falling behind. And I think we are watching with concern the tumult amongst security and defense officials in Washington because fundamentally, we can either succeed together or we can fail separately. And New York wants to work together with the U.S. government, with the Trump administration to advance our shared goal of a strong, secure, prosperous United States. And that unfortunately seems to be moving in the wrong direction with some of these moves.
You mentioned the cuts to CISA. Several members of our congressional delegation are on record questioning that, seeking documents about that, and seeking more insight about that. We share those concerns. We work very closely with CISA, with the FBI, with the EPA on water cybersecurity, with the Department of Energy on power. Those are important. And the sooner that those leaders are confirmed by the Senate and in place permanently, the more rapidly that we build our capabilities instead of cutting them, we think the better off that we will all be.
Experts talking about investments in cyber and critical technologies and their impact on national security at The Cipher Brief’s NatSecEDGE conference June 5-6 in Austin. Join us and bring your expertise to the mission.
The Cipher Brief: Kristi Noem, the DHS secretary, was at the RSA conference in San Francisco addressing some of these concerns. And she said basically, have patience, wait and see what we do, rather than what you read about in the paper. And she said our focus is going to be on critical infrastructure, China and so forth. Did you take any heart in the comments that she made?
Ahern: I did. And it's not the first time the Trump administration has indicated their focus on cybersecurity, both on the security of critical infrastructure more generally and the importance of deterrence. Those are good things that we support. But our adversaries are not waiting. Our adversaries are not standing by. Our adversaries are conducting ransomware attacks against our businesses, our schools, our hospitals each and every day. The Chinese in particular are continuing to wantonly steal intellectual property. And so unfortunately, we're not in a situation where we can wait. I think time is of the essence.
The Cipher Brief: And how about the cuts? There have been reports that something on the order of 1300 positions are going away, but they haven't happened yet. And we've had senior officials, most notably the NSA director and head of Cyber Command, General Timothy Haugh, who is no longer at his post. Is any of that already being felt where you are?
Ahern: You had the deferred resignations, you had the voluntary separation agreements that have been sent out by DOGE and by others, which did not exempt CISA. So we have seen the reports, some of them from you, some other publications, that a lot of people, including senior leaders and key personnel, are taking voluntary separation agreements, which does concern us because those are some of the people who are hardest to retain.
I think the overall lack of stability and the tumult at those places is itself bad for business. These are people, these are civil servants, these are professionals that want to serve. They want to serve a mission, they want to be on a mission, they want a mission that they can accomplish. And they want stability for their families financially. And so the lack of clarity is, I think, doubly harmful because it means that good people with options will leave and continue to leave until such a time that stability has returned to CISA, to the DOD, to the intelligence community. I think you'll see a continued exodus of key personnel, some of them obviously showing the door, but others walking through it for, I think, perfectly understandable personal reasons which are avoidable.
The Cipher Brief: And to what extent are you able, or is the governor [of New York Kathy Hochul] able to push back and try to influence any of this, or learn more about it?
Ahern: The governor has been, I think, really clear that we want to work with the Trump administration. We are working with the federal government on multiple topics. We share the goal of a safe, secure, and prosperous United States and New York in particular. And we'll continue to do that, but we won't be shy about calling out the Trump administration where we think that they're making errors. And I do think that there are going to be further opportunities for the governor and other key officials to highlight areas where we have differing views. And we certainly won't be shy to do that. So we'll do that both publicly and otherwise. I do also think that we're not the only ones doing that. Our congressional delegation, business leaders across the state, higher education, others are also doing that. And so I think that you'll see increasing voices being raised in the next several months, especially as geopolitical dynamics continue to frankly deteriorate in a way that concerns many people.
Join experts with deep experience in government and the private sector as they tackle the biggest cyber challenges of our time by signing up for the Cyber Initiatives Group’s Sunday Cyber Read Ahead today.
The Cipher Brief: We speak often at The Cipher Brief to people at the federal level or experts who have been at the federal level and are now on the outside. It's not often that we speak with people who have a job like you do, running all this from a state level, in a very important state at that. How does it look to you, in terms of the threat generally?
Ahern: We've really seen what I think of as convergence. Five, 10, 15 years ago, there were three distinct groups with three distinct capabilities going after three distinct targets. From sort of low end to high end: You had ideologically motivated individuals going after a variety of targets, political and ideological in nature; you had cyber criminals out for financial gain seeking to rapidly monetize with moderate sophistication; and you had advanced persistent threats — nation states, militaries, buying organizations, signals intelligence — going after other defense intelligence and military targets, very advanced tools, very good tradecraft.
Now we're seeing all of those things come together. We're seeing the democratization of the cyber criminal ecosystem. We're seeing nation states act like cyber criminals, North Koreans stealing billions in crypto being one example. We're seeing astroturfing by nation states. We're seeing false-flag operations by cyber criminals operating as individuals.We're seeing the explosion of ransomware as a service and cyber criminal ecosystem, meaning that these are large, sophisticated organizations with capabilities that really are like those that nation states possessed only a short time ago.
And unfortunately, at the same time that this threat environment has converged, we’re seeing — especially post-COVID with the vast increase in digital government, customer experience, remote work — people’s lives and economies are increasingly online. Think of your life in the numerous touch points with computers and cyber generally. There's never been either more threats, or a bigger threat surface. And so that means that we need to work together on this. And critical infrastructure is 85-90% owned by the private sector.
The Cipher Brief: With that daunting tapestry you just laid out and what you said before about the situation in Washington, how optimistic or not are you that this gets results, so at least the fight can go forward?
Ahern:I am optimistic. As you mentioned, the (DHS) secretary was out at RSA, and the special assistant to the president Alexei Bulazel was also out at RSA. There is hope. However, we are rapidly finding ourselves in a situation in which we will not be fighting a cyber battle in a time and place of our choosing. We'll be fighting it at a time and a place of our adversaries’ choosing, and that's never the place you want to be in. So while I think there's always cause for optimism; you would never want to count the United States out of anything. I think that time is not on our side, that's for sure.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief