Over the last month, the U.S. government has worked quickly to pause, disband and dismantle the U.S. effort to fight foreign meddling in elections, raising concern among federal lawmakers and election officials across the country who rely on the federal cybersecurity agency and its counterparts to warn them about attacks on election systems.
First came a flurry of notices forcing out Cybersecurity and Infrastructure Security Agency personnel who are tasked with stopping foreign interference in U.S. elections — at least a dozen have been put on leave or fired over the past month. Then, on Attorney General Pam Bondi’s first day in office on Feb. 5, she disbanded the FBI task force targeting foreign influence operations originating from places like Russia, China and Iran.
The focus on election security has been turned toward the past, rather than the future. In an internal memo earlier this month, CISA’s acting director announced an internal investigation to assess every position and program that touches election security – including election misinformation and disinformation — dating back to President Trump’s first term in office, with findings to be delivered in a final report on March 6.
The message, penned by Acting Director Bridget Bean and first reported by Wired, also revealed the defunding of a nationwide program to train state and local government officials and offer threat monitoring services through a center known as the “Elections Infrastructure Information Sharing and Analysis Center.”
“It is necessary to rescope the agency’s election security activities to ensure CISA is focused exclusively on executing its cyber and physical security mission,” Bean wrote in the message, echoing Department of Homeland Security Secretary Kristi Noem’s assertion during her confirmation hearing that the agency had strayed “far off mission.”
The memo landed in the mailboxes of CISA’s roughly 3,400 personnel on Valentine’s Day, hours before more than 130 probationary workers – roughly 4% of the nation’s cyberdefense agency — were summarily fired with form-letter terminations.
Top Democrats on the Senate and House committees overseeing election legislation expressed “grave concern” over the changes in a letter to CISA’s top leaders, noting the agency’s “establishing legislation clearly directs it to work on elections.”
Arizona Secretary of State Adrian Fontes likened the cuts to shutting down the National Oceanic and Atmospheric Administration ahead of hurricane season in a letter to President Trump. “This decision undermines Arizona’s election security at a time when our enemies around the world are using online tools to push their agendas and ideologies into our very homes,” he wrote.
The moves come months after CISA and the FBI aided states responding to a slew of Election Day bomb threats and white powder mailings. Officials debunked phony Russian-linked videos purporting to depict election workers destroying ballots during nationwide voting, and an FBI investigation outed a hack-and-leak operation that stole documents from Mr. Trump’s campaign, leading to the indictment of three Iranian cyber operatives.
While state and local governments run elections nationwide, federal agencies like CISA and the FBI coordinate with election offices to help safeguard against rising cyber and physical threats, while uncovering foreign influence campaigns designed to sow division among Americans and uproot voter confidence.
In a letter to the DHS secretary, Friday, nearly 40 chief election officials wrote to try to persuade Noem to maintain cybersecurity and physical security services provided to states. “Information technology systems related to election administration have long been targeted by sophisticated cyber threat actors including nation-state and cybercriminal groups,” leaders of the National Association of Secretaries of State wrote. “CISA’s prioritized services help election entities defend against these national security threats.”
DHS Assistant Secretary Tricia McLaughlin said in a statement that “CISA needs to refocus on its mission” and is “undertaking an evaluation of how it has executed its election security mission with a particular focus on any work related to mis-, dis-, and malinformation.”
The new administration has not yet nominated a new CISA director, with the agency’s highest-ranking political appointee, Karen Evans, now serving as a senior adviser.
Earlier this month, Mr. Trump attempted to fire the chair of the Federal Election Commission, a move that coincides with the adjudication of campaign finance complaints from the 2024 election, including those against tech billionaire and presidential ally Elon Musk.
Mr. Trump and some conservatives on Capitol Hill have accused CISA of policing speech by coordinating with social media companies to identify online misinformation and disinformation ahead of the 2020 election. They accused the agency of “censorship,” which CISA officials have repeatedly denied. Last year, the U.S. Supreme Court threw out a lawsuit over the government’s work, but the blowback prompted CISA to curb those conversations with tech platforms in 2021, according to three former U.S. officials.
“That is not our role, that’s not what we do,” former CISA Director Jen Easterly told reporters, last year, ahead of the 2024 election. “We’re looking to work with our partners on overall threats to election infrastructure.”
CISA’s ongoing internal probe appears to follow a Jan. 20-related directive instructing the attorney general and agency leaders to investigate Biden administration activities that are “inconsistent” with Trump’s vow to end “online censorship.”
“I’m concerned and alarmed at what looks like a retreat from the anti-disinformation mission,” Simon said. “If a foreign adversary is spinning up a false narrative about our election system that could impact physical security, all it takes is one person who believes this disinformation to act out in a violent or threatening, harassing or intimidating way. All it takes is one.”
