Trump’s CISA Raid: Pulling Cybersecurity Experts Off Critical Infrastructure Defense To Process Deportation Paperwork

from the seems-bad dept

Last week we covered how Trump’s immigration theater was pulling federal agents off child sex crimes, drug interdiction, and terrorism investigations to chase landscapers and line cooks instead. Turns out that was just the tip of the iceberg. Now we’re learning the administration is also pulling hundreds of cybersecurity professionals away from defending America’s critical infrastructure so they can help process deportation paperwork.

The latest reporting from Nextgov reveals the scope of this bureaucratic insanity:

Employees across various units of the Department of Homeland Security have been marked for reassignments to agencies focused on Trump-era border security and deportation work, and could be dismissed if they don’t comply, according to multiple people familiar with the matter and a copy of one notice viewed by Nextgov/FCW.

In recent weeks, hundreds of DHS employees have been directed to transfer to agencies like Immigration and Customs Enforcement, the Federal Protective Service and Customs and Border Protection — the main units overseeing much of President Donald Trump’s immigration and deportation efforts. 

The people being reassigned include staff from the Cybersecurity and Infrastructure Security Agency (CISA), the very federal agency, created during the first Trump administration, responsible for coordinating cybersecurity across federal agencies and helping protect America’s critical infrastructure from cyberattacks. This includes issuing emergency directives when vulnerabilities are discovered, coordinating incident response when breaches occur, and working with private sector operators of power grids, water systems, and financial networks—you know, the stuff that might actually matter for “national security.”

Bloomberg provides more detail on exactly which CISA personnel are being moved:

Compulsory reassignments have gone in recent weeks to workers within the Cybersecurity and Infrastructure Security Agency, or CISA, who had focused on issuing alerts about threats against US agencies and critical infrastructure, current and former employees said. They described the orders on condition of anonymity over fears of retaliation.

Affected CISA staffers have been shuffled to agencies including Immigration and Customs Enforcement, which received a $150 billion infusion to carry out Trump’s immigration crackdown, the employees said. CISA workers have been moved to Customs and Border Protection and the Federal Protective Service, a domestic police force working with ICE and CBP on deportations.

Changes have hit particularly hard in CISA’s Capacity Building team, which writes emergency directives and oversees cybersecurity for the government’s highest value assets, the employees said. Reassignments have largely targeted senior CISA staffers, who are forbidden from joining unions because they work on national security issues, according to one person.

So we’re specifically targeting the people whose job it is to improve the cybersecurity of federal agencies and coordinate with international partners on cybersecurity threats.

Once again, the Trump admin seems to time these things to highlight how messed up their priorities truly are. We’re still dealing with the fallout from the Salt Typhoon hack and we’re only just starting to get a sense of just how bad the recent Salesforce hack really is.

But sure, let’s pull the people who deal with those threats off their jobs so they can help arrest landscapers.

What could possibly go wrong?

This fits perfectly with the broader pattern we’ve already documented, where Trump’s immigration obsession is gutting federal law enforcement’s ability to tackle actual crimes that matter. As we covered recently, federal agents are being pulled off child trafficking cases, drug interdiction, and terrorism investigations so they can chase non-violent immigrants instead.

But there’s an extra layer of stupidity here, because CISA has become a target of right-wing conspiracy theories. Republicans have spent years claiming that CISA is actually a “censorship” agency rather than a cybersecurity one, because the agency had the audacity to set up a system to help local election officials alert social media companies of election misinformation around the time, place, and manner of voting.

Senator Rand Paul has been particularly vocal about wanting to eliminate CISA entirely. As Politico reported last year:

“I’d like to eliminate it,” Paul told POLITICO Thursday. “The First Amendment is pretty important, that’s why we listed it as the First Amendment, and I would have liked to, at the very least, eliminate their ability to censor content online.”

Of course, CISA doesn’t actually censor content online. That’s not what the agency does. But when you’re dealing with people who think everything is a grand conspiracy, facts tend to be inconvenient.

The reality is that CISA was created in 2018 under Trump himself, and its actual mission is defending critical infrastructure from cyberattacks. You know, the kind of attacks that could actually shut down hospitals, banks, and power plants. The kind of attacks that represent genuine national security threats, as opposed to someone trying to mow your lawn without the right paperwork.

But with the MAGA GOP’s bizarre obsession with CISA, reassigning actual cybersecurity experts to bogus immigration jobs is hardly surprising. The weird obsession with CISA is causing all sorts of stupid decisions, including Rand Paul making sure a different “CISA” (the Cybersecurity Information Sharing Act of 2015) basically expired, in part because Paul seemed unwilling to recognize the two CISAs are different things:

Senate aides echoed concerns that cybersecurity industry stakeholders have also shared with Axios: That Paul is conflating CISA the agency with the information-sharing program, which shares the same acronym.

When you’re more concerned with feeding red meat to your base than actually protecting the country, these distinctions don’t matter much.

The human cost of this bureaucratic madness is becoming clear. As Nextgov reports:

The shifts could slow ongoing responses to cyber threats that have targeted the federal enterprise. 

CISA personnel are addressing a Cisco vulnerability — recently exploited by a hacking group potentially linked to China — that predominantly affects government networks. And over the summer, a hacker stole employee data from both the Federal Emergency Management Agency and CBP, Nextgov/FCW first reported.

So while CISA personnel are being reassigned to help with deportations, actual foreign adversaries are actively exploiting vulnerabilities in government networks. But I’m sure the Chinese hackers will politely wait until we’re done processing paperwork on restaurant workers.

The DHS response to this criticism is predictably tone-deaf and filled with culture war nonsense, rather than actually addressing the underlying issues:

“DHS routinely aligns personnel to meet mission priorities while ensuring continuity across all core mission areas,” DHS Assistant Secretary Tricia McLaughlin said in a statement. “Any notion that DHS is unprepared to handle threats to our nation because of these realignments is ludicrous, especially given the abject failure at the hands of CISA in the last administration.”

“CISA was adrift and was focused on censorship, branding, and electioneering instead of defending America’s critical infrastructure. Today, CISA is focused squarely on executing its statutory mission: serving as the national coordinator for securing and protecting the nation’s critical infrastructure and is delivering timely, actionable cyber threat intelligence, supporting federal, state and local partners, and defending against both nation-state and criminal cyber threats,” she added.

Ah yes, the “abject failure” of… defending critical infrastructure from cyberattacks. Because apparently the real threat to America isn’t foreign hackers potentially shutting down our power grid, it’s people trying to work in agriculture and construction.

This is what happens when you let people who fundamentally don’t understand how anything works make decisions about complex systems. They see an agency that viewed foreign influence attacks on elections and assume it must be part of some grand conspiracy to silence red-blooded Americans on social media.

The end result is that we’re making America demonstrably less safe in the name of political theater. When you pull cybersecurity experts off incident response and vulnerability management so they can help with deportation paperwork, you’re not making the country more secure. You’re just making it easier for foreign adversaries to exploit the next zero-day vulnerability, breach more federal systems, or potentially disrupt critical infrastructure.

But hey, at least the people cheering this on will have someone to blame when the lights go out.

Filed Under: breaches, cisa, cybersecurity, donald trump, immigration, rand paul