The US continues to play musical chairs with it cyber guardians, as the Trump administration works to reshape the nation’s cybersecurity defenses.
The White House announced over the weekend that the US Senate had confirmed Sean Cairncross as the National Cyber Director, making him President Trump’s “principal advisor on national cybersecurity policy and strategy.”
Cairncross was senior advisor to the White House chief of staff in Trump’s first term, and more recently was CEO of The Millennium Challenge Corporation, a US foreign aid agency.
The new cyber security advisor doesn’t have a technology background, having spent most of his career with the Republican National Committee in roles including chief counsel and chief operating officer.
In a White House statement, Cairncross said: “The United States must dominate the cyber domain through strong collaboration across departments and agencies, as well as private industry. Under President Trump’s leadership, we will enter a new era of effective cybersecurity policy.”
Separately, Dr Allan Friedmann has resigned as director of cybersecurity initiatives at CISA as of Thursday.
In a farewell email, Friedman wrote “Together, we have helped make transparency less of an abstract aspiration, and start to make it an expectation, a norm, a new requirement, and a technical reality.” The SBOM team at CISA remains in the hands of Victoria Ontiveros, he said.
He added: “I intend to stay active in supply chain security, and will remain an enthusiastic champion of transparency as a powerful tool for defenders. There is plenty left to do, and I am always happy to roll up my sleeves and get involved.”
Friedman is just the latest senior CISA staffer to leave the White House since it changed hands. The incoming administration had pledged to refocus the organisation. CISA director Jen Easterly and her deputy – both Biden appointees – stepped down on Inauguration day.
The administration’s 2026 budget proposal for the agency laid out almost half a billion dollars in cuts, and a 30 percent reduction in head count.
Meanwhile, CISA and the Federal Emergency Management Agency has unveiled a more than $100m kitty to support “community cybersecurity”. State and local governments can bid for $91.7m for cybersecurity improvements, while $12.1m is available to tribal governments.
Local administrations have long been identified as one of the weak links in cybersecurity, as they are often over-stretched and under-funded.
However, larger organisations are not immune. CISA and the US Coast Guard last weekend flagged “areas for cyber hygiene improvement” after a “threat hunt” at an un-named US critical infrastructure organization.
This uncovered a catalogue of risks, including insufficient logging and insecurely stored credentials, and “several” device misconfigurations.
