Two top officials have resigned from Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, furthering fears of a brain drain amid White House cuts to the federal workforce.
In Monday posts on LinkedIn, Bob Lord and Lauren Zabierek both announced they were leaving the agency – tasked with, among other things, protecting America's critical infrastructure from cyberattacks – highlighting their work on the Secure by Design program, which pressed software makers to build better security into their products from the get go.
"I've made the difficult decision to leave CISA," wrote Lord, a senior technical advisor at the agency since April 2022.
"I'm deeply grateful for the opportunity to help lead the agency's work on Secure by Design software," he added, noting that he will continue contributing to the CISA-led effort, "but first, I'm taking a short break."
Zabierek also referenced her work on the Secure by Design initiative, which included wrangling more than 250 software makers into signing a voluntary pledge to do seven things, such as bake multi-factor authentication into their products, reduce default passwords, and increase patching by customers.
"After an incredible journey at CISA, I have made one of the toughest decisions of my career: I will be resigning my role at the agency," wrote Zabierek, who started working at CISA in January 2023.
"This was not an easy choice," she continued, adding: "I'm particularly proud of our work on the Secure by Design initiative."
The fact that both ex-CISA staffers specifically called out Secure by Design possibly suggests dissatisfaction with the direction of the program under the Trump administration. Lord and Zabierek have not yet responded to a request for comment, but we'll update this story if they do.
In the meantime, the acting director of the agency emailed a statement to The Register hinting that changes to Secure by Design are afoot.
Here's the full statement from Bridget Bean, the senior official performing the duties of the director at CISA:
CISA remains laser-focused on working across the public and private sectors to improve the nation's cybersecurity, a critical element of which is ensuring that technology companies do their part. This is why we continue to urge companies to develop products that are secure by design, instead of passing the cost of poorly designed products on to consumers.While CISA's approaches to Secure by Design evolve, our commitment to the principles remain steadfast. I thank Bob Lord and Lauren Zabierek for helping to lay the foundation on which future work in this space can be built.
The resignations come as the agency braces for the ax to fall on as many as 1,300 — nearly 40 percent — of its employees, following the firing of around 130 staffers last month.
Also in March, CISA cut $10 million in funding, or about half the total budget, for the Multi-State Information Sharing and Analysis Center (MS-ISAC).
- As CISA braces for more cuts, threat intel sharing takes a hit
- CISA boss: Makers of insecure software must stop enabling today's cyber villains
- Cyber congressman demands answers before CISA gets cut down to size
- CVE fallout: The splintering of the standard vulnerability tracking system has begun
More generally, the Trump administration seems to be treating cybersecurity as a low to low-ish priority. Shortly after returning to office, the President terminated all memberships on advisory committees within CISA parent Homeland Security, including those focused on cyber threats and information sharing, such as the Homeland Security Science and Technology Advisory Committee, the Data Privacy and Integrity Advisory Committee, and the Secret Service's Cyber Investigations Advisory Board.
These cuts, described by retired US Navy Rear Admiral Mark Montgomery as the "gutting" of CISA, are weakening America's cyber defenses, he told The Register in an earlier interview.
"Firing cyber personnel at CISA harms national security on a daily basis — this goes well beyond disruption and is actually causing destabilization," Montgomery said. ®
