With every new administration, changes are inevitable, and the Trump administration is no exception. Since President Donald Trump’s inauguration in January 2025, there have been major shifts within the Cybersecurity and Infrastructure Security Agency, as well as across the wider cybersecurity field.

I had the chance to speak with Brian Harrell, former Assistant Secretary at the U.S. Department of Homeland Security (DHS), to explore these changes and how they might impact the overall cybersecurity landscape.

Security: The Trump administration has made personnel changes at CISA, including the dismissal of key cybersecurity staff. How do you think these changes will affect the agency's ability to coordinate national cybersecurity efforts, particularly regarding critical infrastructure protection?

Brian Harrell: Every President, as the chief executive of the Executive Branch, has the right and ability to build cabinet agencies to fulfill his or her vision for the country. Having worn a public sector hat in my past, I can confirm there’s a ton of bloat in government, and a huge opportunity to streamline and become more efficient. While the public-private partnership is important, particularly around intelligence, much of the great risk reduction is happening in the private sector.

Security: With the Trump administration freezing certain cybersecurity regulations and dismantling the Cybersecurity Safety Review Board (CSRB), what long-term effects do you foresee on the U.S. government's ability to ensure comprehensive cybersecurity oversight and accountability?

Harrell: This is common with any new administration. It happened in the past, and it will happen again in the future. The Trump administration is looking to safeguard the country and mitigate risks rapidly, and this requires ideological synergies. The Trump team wants to build their own committees aligned with their priorities.

Security: Given that CISA's budget has been proposed to increase modestly for fiscal year 2025, but the final funding is still uncertain, how do you think these funding fluctuations will impact the agency's capacity to address emerging cyber threats, such as those posed by advanced persistent threats (APTs) like Volt/Salt Typhoon?"

Harrell: My concern around the Chinese “Typhoons” is that China has been relatively “noisy” with these attacks. The bigger question is, “what are we not seeing or identifying within our key energy, water, and financial systems?” Much of what China is doing is unseen, only to be operationalized when needed.

Security: As the Trump administration shifts focus toward reducing government regulation and increasing the responsibility of private companies for cybersecurity, what do you think this will mean for public-private partnerships in defending critical infrastructure from cyber threats? Will this lead to more fragmented or stronger collaboration?

Harrell: Ransomware attacks originating from adversarial nations continue to devastate local governments, health care systems, and private organizations, exposing vulnerabilities across vital sectors. These attacks strain government service efficiency and effectiveness, stunt economic progress, and threaten citizen privacy and data protection. With its authorities, CISA is in a pivotal position to foster public-private partnerships to strengthen resilience against these escalating threats. By collaborating with industry partners that possess advanced threat research and intelligence capabilities, the agency can enhance its ability to detect and respond to evolving cyber threats, especially across the federal government (.gov) space. Strengthening these partnerships will not only fortify CISA’s statutory mission but also demonstrate its value in protecting the nation’s most vital assets. Fragmented approaches to cybersecurity within the U.S. government have hindered progress and left defenders navigating a maze of competing regulations. Confusion among industry stakeholders about jurisdictional responsibilities and regulatory priorities has diluted efforts to combat malicious actors effectively. The Trump administration can drive progress by streamlining governance and harmonizing efforts across federal agencies. A more cohesive framework for sector-specific risk management agencies — such as those overseeing energy, water, transportation and health care — will provide clarity and reduce redundancy. Simplifying regulations will empower organizations to focus resources on meaningful security measures rather than bureaucratic compliance.

Security: Anything else you would like to add?

Harrell: As we approach a telegraphed invasion of Taiwan, we will continue to see China’s aggressive cyber-behavior within U.S. critical infrastructure sectors. Financial, energy, and water companies will continue to feel the brunt of these attacks as China attempts to exploit vulnerabilities and plant malicious code to be executed at a later date. Over the past 10 years, China has gone from data exfiltration and stealing intellectual property, to mapping critical systems and conducting reconnaissance for attack. China’s recent aggression has been noted by the Trump administration and more aggressive stance will be taken against China, which is sorely needed. The good news is, we are significantly more aware of Chinese tactics today, than ever before. We see a steady drumbeat of Chinese attacks, which means the intrusion numbers are going up, but it’s also because we are smarter, faster, and more aware of their attack methods.

On Volt: We have seen four major APTs aligned with China (Volt, Salt, Flax Typhoon, Velvet Ant) wreak havoc on critical infrastructure recently and they will be held to account. Not all Volt Typhoon intrusions look the same. Many intrusions have been discovered, but I will guess that most have not, as bad-actors are simply laying-in-wait for scrutiny to die down or for authorities to be distracted by a new crisis. The energy sector has seen the same traffic. If you are a critical infrastructure company using Cisco equipment, do a vulnerability scan and assessment — TODAY.

On the role of software companies: Software vulnerabilities are a fact of life, unfortunately. While the Microsoft CEO is asking for the new Trump Administration to take an aggressive stance against China, they also have a significant role to play, and they need to build a culture of security throughout the software lifecycle. Generally speaking, Trump 2.0 will focus their efforts on disrupting and dismantling cyber-aggressors rather than babysit tech companies.