A leading Democratic member of the House Homeland Security Committee on Thursday urged the incoming Trump administration to spare the Cybersecurity and Infrastructure Security Agency (CISA) in its much-publicized plans to increase Federal efficiency by potentially eliminating some government operations.
Rep. Eric Swalwell, D-Calif., ranking member of the committee’s Subcommittee on Cybersecurity and Infrastructure Protection, issued the plea at a subcommittee hearing on CISA’s Secure by Design initiative. The initiative is an effort to improve cybersecurity by putting more security responsibilities on technology manufacturers instead of technology users.
“CISA’s secure by design initiative is just one example of the many vital projects that CISA carries out,” Rep. Swalwell said. “Efforts in the next administration to weaken or abolish CISA would have devastating impacts on our national security, and I hope that we can continue to work … in a bipartisan way to support this vital agency.”
Rep. Swalwell did not indicate any specific knowledge of pending CISA cuts, and thus far the incoming administration has not publicly discussed any plans to change CISA’s funding or its responsibilities for protecting the nation’s cyber and physical infrastructure.
CISA Director Jen Easterly, who has championed the Secure by Design push, will leave her post with other Biden administration appointees within the agency by Jan. 20, when President-elect Donald Trump is sworn in – as is typical during a presidential transition.
President-elect Trump is planning to create a Department of Government Efficiency (DOGE) advisory group, with a mission of finding ways to reduce government spending and potentially do away with any number of government operations. Vivek Ramaswamy, who is co-lead of the group, said on Dec. 4 that DOGE’s success hinges on the need to modernize technology across the Federal government.
CISA unveiled Secure by Design last year, in collaboration with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and six of the agency’s international partners. Billed as the first joint guidance of its kind, the program urges software manufacturers to take urgent steps necessary to ship products that are secure-by-design and by-default.
More than 250 companies have signed a Secure by Design pledge, vowing to build better security into their products. Representatives of several signers gave the program generally positive early reviews at Thursday’s subcommittee hearing, but said it will take time to determine how successful the program will be in improving security.
“Secure by Design and Secure by Default have been shown by Fortinet and other early adopters to be viable for IT manufacturers to implement and to generate measurable improvements in their customers’ security,” said Jim Richberg, Head of Cyber Policy and Global Field CISO at Fortinet, Inc., at the Dec. 5 subcommittee hearing. “However, this approach will only succeed if it is recognized and desired by the marketplace.”