The Departure Of Jen Easterly: What’s Next For CISA Under Trump

Jen Easterly’s imminent departure as director of the Cybersecurity and Infrastructure Security Agency marks the end of a transformative era in U.S. cybersecurity. Easterly, who has led the agency since 2021, will step down on January 20, 2025, coinciding with the inauguration of President-Elect Donald Trump. Her exit raises critical questions about CISA’s future, its mission, and its leadership under the incoming administration.

What Is CISA And Why Was It Created?

CISA, established in 2018 during Trump’s first presidency, was created to protect America’s critical infrastructure from cyber and physical threats. Its roots trace back to 2007, when the National Protection and Programs Directorate was formed as part of the Department of Homeland Security. The NPPD’s mission focused on reducing threats to the nation’s critical physical and cyber infrastructure, serving as the foundation for what would become CISA. In 2018, President Trump elevated the NPPD’s mission by signing the Cybersecurity and Infrastructure Security Agency Act, officially establishing CISA as its successor. Since then, CISA has played a pivotal role in helping government agencies and private organizations address cybersecurity challenges. Christopher Krebs, the agency’s first director, helped shape its early priorities.

As part of the Department of Homeland Security, CISA’s initial mission focused on safeguarding essential systems such as energy grids, water supplies, and communications networks. Through partnerships with public and private sectors, it provided tools, threat analysis, and mitigation strategies to fortify the nation’s defenses.

The agency’s work on election security began, in 2017, before its official creation, when election infrastructure was designated as critical infrastructure in response to alleged Russian attempts to influence the 2016 elections. Under President Joe Biden, CISA’s mission continued to evolve. Upon taking office in 2021, Easterly was tasked by Congress to assess the agency’s work on disinformation. She narrowed its scope to two core areas:

1. Collaborating with federal partners to provide information about the activities of foreign adversaries targeting elections.

2. Providing accurate information to the public about election security, including countering rumors and amplifying the voices of election officials.

While the disinformation work was streamlined, Easterly expanded CISA’s cyber and physical security support for election officials, culminating in robust efforts to ensure the security of the 2024 elections.

Jen Easterly’s Legacy

Easterly, a West Point graduate and former NSA leader, was appointed by Biden in 2021. Her tenure brought a fresh approach to CISA, enhancing its influence and capabilities. Easterly spearheaded key initiatives that shaped the agency’s evolving mission, including expanding cyber and physical security support for election officials. In preparation for the 2024 elections, she worked to ensure safe and secure voting processes by strengthening partnerships and delivering timely threat updates. She also refocused CISA’s disinformation efforts to actionable activities directly tied to election security, while reinforcing the agency’s core mission of protecting critical infrastructure. Her balanced approach aimed to address concerns from all sides about the integrity of voting systems.

Easterly’s leadership in election security was complemented by several groundbreaking initiatives, including:

• Shields Up Campaign: A nationwide call to action for organizations to bolster defenses against ransomware and state-sponsored cyber threats.

• Known Exploited Vulnerabilities Catalog: A pioneering repository to prioritize fixing vulnerabilities actively exploited by cybercriminals.

• Secure By Design: A forward-looking initiative encouraging technology companies to build security into their products from the outset.

• Joint Cyber Defense Collaborative: A public-private partnership fostering real-time collaboration to address emerging cyber risks.

Easterly also made workforce diversity a key focus, setting an ambitious goal for women to comprise 50% of the cybersecurity workforce by 2030. Her leadership extended beyond domestic initiatives; she played a vital role in aiding Ukraine’s defense against cyberattacks attributed to Russian actors, reinforcing her commitment to global cybersecurity.

Despite these achievements, some of her initiatives—such as monitoring misinformation and expanding election-related oversight—drew criticism. Detractors viewed these efforts as overreach or duplication of responsibilities traditionally handled by other federal agencies. Nevertheless, Easterly’s tenure leaves a legacy of strengthened cyber-resilience in the face of evolving cybersecurity challenges.

The Trump Administration’s Vision For CISA

With Trump returning to the presidency, his administration is expected to recalibrate CISA’s mission, prioritizing a narrower focus. Proposals from Republican policymakers such as Senator Rand Paul and conservative think tanks advocate returning CISA to its original mandate: protecting critical infrastructure and coordinating cyber defense for federal and critical civilian infrastructure networks.

Key changes under consideration include transferring non-core functions—such as school security and emergency communications—to other departments. Eliminating CISA’s counter-misinformation initiatives, viewed by some critics as infringing on free speech, is also a possibility. Supporters of this approach argue it would streamline CISA’s operations, reduce redundancy, and refocus resources on its core cybersecurity mission.

Who Will Succeed Jen Easterly?

The appointment of Easterly’s successor will be a critical decision for the Trump administration. The ideal candidate is likely to come from the business world, combining cybersecurity expertise with an understanding of cost efficiency and deregulation. Key attributes for the next CISA director may include:

• Experience In Industry Leadership: Expertise in managing cybersecurity within critical infrastructure sectors or large corporations.

• Public-Private Collaboration: Proven ability to foster partnerships to strengthen national infrastructure against evolving threats.

• Alignment With The America First Mandate: A leader who can align with the administration’s policy priorities while avoiding internal conflicts, such as those seen between Trump and former CISA Director Christopher Krebs.

The new director will need to balance preserving CISA’s advancements in cybersecurity while implementing structural and functional reforms.

The Stakes For America’s Cybersecurity

The stakes for CISA—and the nation—could not be higher. Cyberattacks continue to grow in sophistication and frequency, targeting critical infrastructure with the potential to disrupt lives, economies, and national security. As the Trump administration recalibrates CISA’s mission, it must ensure the agency remains robust and agile without duplicating efforts or overextending its scope.

Whether CISA continues its broader mission under Biden, reverts to a narrower focus from Trump’s first administration, or forges an entirely new path, the decisions made in the coming months will have lasting implications for America’s cybersecurity resilience. The nation—and the world, from allies to adversaries, constituents to cybercriminals—will be watching closely.

This article was originally published in Forbes by Emil Sayegh on November 21, 2024: https://www.forbes.com/sites/emilsayegh/2024/11/21/the-departure-of-jen-easterly-whats-next-for-cisa-under-trump/