In the past month, the U.S. government has rapidly moved to pause, disband, and dismantle efforts aimed at combating foreign interference in elections. This shift has raised alarms among federal lawmakers and election officials nationwide who depend on federal cybersecurity agencies to alert them about threats to election systems.
Initially, a wave of notices forced the removal of personnel from the Cybersecurity and Infrastructure Security Agency (CISA), specifically those assigned to prevent foreign electoral interference. Over the last month, at least a dozen employees have been either put on leave or dismissed. Furthermore, on Attorney General Pam Bondi‘s first day in office on February 5, she dissolved the FBI task force overseeing foreign influence operations from nations including Russia, China, and Iran.
The emphasis on election security has shifted towards historical assessments rather than future implications. An internal memo from CISA’s acting director this month announced an investigation into every position and program related to election security, including efforts against election misinformation and disinformation, with a report slated for March 6 detailing findings dating back to President Trump’s first term.
Authored by Acting Director Bridget Bean and first reported by Wired, the memo also indicated the defunding of a nationwide initiative intended to train state and local officials and provide threat monitoring services through the Elections Infrastructure Information Sharing and Analysis Center.
“Rescoping the agency’s election security activities is essential to ensure that CISA focuses solely on executing its cyber and physical security mission,” Bean wrote, reflecting Department of Homeland Security Secretary Kristi Noem’s earlier assertion during her confirmation hearing that the agency had diverged “far off mission.”
The memo reached CISA’s approximately 3,400 employees on Valentine’s Day, just hours before over 130 probationary workers — about 4% of the national cyber defense agency — were abruptly dismissed via form-letter terminations.
Leading Democrats on Senate and House committees monitoring election legislation voiced “grave concern” over these changes in a letter addressed to CISA’s senior leadership, emphasizing that the agency’s founding legislation clearly directs it to focus on elections.
“Our presence here is a result of a foreign government’s attempt — specifically Russia — to interfere with our processes,” Minnesota Secretary of State Steve Simon told CBS News, referencing the physical hacking attempts targeting election systems. He highlighted that Minnesota was among 21 states targeted, which led to the designation of elections as critical infrastructure in January 2017.
In correspondence to President Trump, Arizona Secretary of State Adrian Fontes compared the cuts to ceasing operations at the National Oceanic and Atmospheric Administration just before hurricane season. “This choice compromises Arizona’s election security at a time when adversaries globally are leveraging online platforms to push their agendas into our very homes,” he wrote.
These actions come after CISA and the FBI assisted states in responding to numerous threats on Election Day, including bomb threats and white powder mailings. Officials worked to debunk misleading Russian-connected videos alleging that election workers were destroying ballots during national voting, and an FBI investigation unveiled a hack-and-leak operation that compromised documents from Trump’s campaign, resulting in the indictment of three Iranian cyber operatives.
Both CISA and the FBI possess a broader understanding of the threat landscape, information that election officials find invaluable for assessing risks. “It would be nearly impossible to expect 50 states to handle this alone,” Pennsylvania Secretary of State Al Schmidt told CBS News. “While each state manages elections according to federal and state laws, no single state has a comprehensive view of the threats or the capabilities of ill-intentioned actors aiming to disrupt our electoral process.”
Although state and local jurisdictions administer elections nationwide, federal agencies like CISA and the FBI collaborate with election offices to safeguard against escalating cyber and physical threats, while exposing foreign influence campaigns that seek to divide Americans and undermine voter confidence.
“States typically only witness the repercussions of attacks — such as disinformation targeted at them and their voters and threats — but lack insight into the origins of these attacks, limiting their response capability,” said David Becker, an expert in election law from CBS News. “CISA, the FBI Foreign Influence Task Force, and others maintain a ‘birds-eye view,’ detecting not just the source of these attacks — be it domestic or foreign, state or criminal entities — but also how they connect within the larger context.”
In a letter to the DHS secretary, nearly 40 chief election officials urged Noem to sustain the cybersecurity and physical security services provided to states. “Information technology systems involved in election administration have long been targets of sophisticated cyber threats from both nation-states and cybercriminal organizations,” the National Association of Secretaries of State leaders asserted. “CISA’s prioritized services are crucial for helping election entities fend off these national security risks.”
DHS Assistant Secretary Tricia McLaughlin stated that “CISA needs to concentrate on its mission” and is “evaluating its execution of election security efforts, with a specific focus on any work related to mis-, dis-, and mal-information.”
However, the cuts affecting teams within CISA and the FBI could not only hinder their ability to identify false online content but also compromise the safeguards protecting election infrastructure, as noted by various current and former U.S. officials. The teams have successfully identified covert operations from Russia, China, and Iran within the past year. Among those targeted are members of CISA’s Election Security Resilience Team, the Cybersecurity Advisory Committee, and Regional Election Security Advisors, according to multiple current and former federal and state officials speaking to CBS News.
The new administration has yet to nominate a new CISA director, with Karen Evans, the agency’s highest-ranking political appointee, currently serving as a senior adviser.
Earlier this month, Mr. Trump sought to dismiss the chair of the Federal Election Commission, an action concurrent with the adjudication of campaign finance complaints pertinent to the 2024 election, including complaints against tech tycoon and Trump ally Elon Musk.
Mr. Trump and various conservatives in Congress have accused CISA of monitoring speech by collaborating with social media companies to identify online misinformation and disinformation in advance of the 2020 election. They alleged the agency engaged in “censorship,” a claim CISA officials have consistently denied. Last year, the U.S. Supreme Court rejected a lawsuit concerning the government’s activities, but the backlash prompted CISA to limit such discussions with tech companies in 2021, according to three former U.S. officials.
“That is not our role, nor is it our function,” former CISA Director Jen Easterly informed reporters last year, in the lead-up to the 2024 election. “We aim to collaborate with our partners on overall threats to election infrastructure.”
CISA’s ongoing internal investigation seems to stem from a directive issued January 20 directing the attorney general and agency leaders to scrutinize Biden administration activities that are “inconsistent” with Trump’s pledge to eliminate “online censorship.”
Neither DHS nor CISA immediately responded to CBS News’ inquiries regarding who ordered the audit, nor whether the findings will be released to the public. The Justice Department also did not reply to questions about whether the attorney general would be consulted during the investigation.
“I am troubled and alarmed by what appears to be a withdrawal from the anti-disinformation mission,” Simon stated. “If a foreign adversary is fabricating a false narrative concerning our election system that could pose a threat to physical security, it only takes one individual believing this disinformation to act violently or in a threatening, harassing, or intimidating manner. Just one is all it takes.”
