America's Cyber Defenses Are Being Dismantled From the Inside

America's Cyber Defenses Are Being Dismantled From the Inside

As a journalist, I've seen my fair share of cyber attacks, but what's happening in the US is something else. The country that once took pride in being the leader in technology security is now on the brink of disaster. The Common Vulnerabilities and Exposures (CVE) database system, which has been the backbone of cybersecurity efforts for over 25 years, is nearly dying. This is just a symptom of a much larger problem – President Donald Trump's administration is systematically dismantling critical cybersecurity measures, leaving the country vulnerable to attack.

So, what's behind this mess? According to Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency (CISA), "It's the global catalog that helps everyone – security teams, software vendors, researchers, governments – organize and talk about vulnerabilities using the same reference system." Without it, defenders waste precious time figuring out what's wrong, and threat actors take advantage of the confusion.

The CVE system has been a crucial component of US cybersecurity efforts for decades. However, in recent times, it's faced significant challenges. The group that oversees the CVE, CISA, had been targeted for staff cuts of over a third of its employees. In addition, CISA employees were given until midnight Monday to choose between staying on the job or resigning. This led to a last-minute decision to extend the MITRE CVE contract, which will still run out in March 2026.

Such decisions are no longer taken lightly. Once upon a time, this kind of situation would be a no-brainer. Now? You can't depend on guesses when it comes to security. The Trump administration's tenure has already been marked by significant setbacks to US federal government technology security efforts, over and over again.

For example, General Timothy D. Haugh, the head of the National Security Agency (NSA) and US Cyber Command, was fired in early April. His dismissal, along with the removal of other senior cyber officials, has significantly weakened the country's cyber defense. The administration has also systematically dismantled critical cybersecurity advisory bodies.

Notably, the Cyber Safety Review Board (CSRB), established under the previous Biden administration to investigate major cyber incidents, was effectively disbanded by terminating all its members. This move halted investigations into significant cyberattacks, including the Chinese "Salt Typhoon" hacks. The Salt Typhoon attacks were also aimed at Trump and VP JD Vance, but for some reason, don't ask me why, they don't care.

So, who should be in charge of protecting the US's cyber resources? According to Trump's Achieving Efficiency Through State and Local Preparedness executive order: "Preparedness is most effectively owned and managed at the State, local, and even individual levels, supported by a competent, accessible, and efficient Federal Government." Part of that clearly sets the stage for getting rid of the Federal Emergency Management Administration (FEMA), but space weather!? Cyberattacks?! Does Trump et al know what they're talking about?

Cyberattacks aren't only made against, say, North Carolina and West Virginia; they hit everyone, everywhere. Fifty different groups trying to cope with state-sponsored elite hacking teams is too stupid for words. And did I mention? Earlier in his tenure, Trump had cut funding for cybersecurity-specific federal grant programs. So, good luck hiring top-flight security mavens to protect your home state.

But that's not all. The enemy inside – DOGE has access to sensitive federal systems. These include the Treasury Department's payment systems and the Social Security System. It appears that this data had been copied to God alone knows where and can now be accessed by people without the right to see or use it.

So, not only has America's external cyber defenses been dismantled, but the data is out there for the greatest security attacks ever on individual citizens. 1.6 million people had their Social Security information stolen from an insurance company? That's so penny-ante. The US will suffer the most from these self-inflicted security wounds, but the entire world will feel the pain.

"Buckle up, we're in for a bumpy ride." It's time for the Trump administration to take responsibility for their actions and start working on rebuilding the country's cyber defenses. Until then, the US is left vulnerable to attack, and the consequences will be dire.