The Cyber Strategy That Gutted Its Own Defense Team

Corruption of Power GriftMatrix

Trump’s cybersecurity plan is impressive on offense. The defense side is a different story.

The White House just released a six-page cybersecurity strategy, and I need you to understand what’s actually in it, because the gap between what it says and what’s actually happening is so wide you could drive a Mack truck through it.

The document opens by bragging about three things: seizing $15 billion from online scammers, knocking out Iran’s nuclear infrastructure, and going dark on Venezuela while they grabbed Maduro. And look, those things happened. The $15 billion figure is real – that’s the DOJ’s October 2025 forfeiture of bitcoin from a Cambodian forced-labor crypto empire called the Prince Group, run by a guy named Chen Zhi who allegedly kept workers in prison-like compounds to run “pig butchering” scams (that’s where someone befriends you online, convinces you to invest in fake crypto platforms, and disappears with your money). The Iran and Venezuela cyber operations are also real and confirmed by the Joint Chiefs of Staff.

Then the document pivots to six “pillars of action” – shape adversary behavior, promote common sense regulation, modernize federal networks, secure critical infrastructure, maintain tech superiority, and build talent. It’s all very confident. Very we-are-the-best-in-the-world.

Here’s the thing though. While the White House was typing this document, CISA – the Cybersecurity and Infrastructure Security Agency, which is literally the federal agency responsible for everything this strategy claims to care about – had already lost a third of its staff. Between February and May of 2025, the agency shrank from over 3,700 employees to around 2,540. The Trump administration’s own 2026 budget then proposed cutting another 1,000 positions and slashing $495 million from the budget. The Stakeholder Engagement Division, which is how CISA actually talks to water utilities and hospitals and local governments about threats in real time, is proposed to lose 62% of its funding. The National Risk Management Center – the team that models and predicts attacks on infrastructure – would lose 73%. The cyber defense education program gets eliminated. The election security team has already been gutted.

These aren’t abstract numbers. When a local water utility in rural Mississippi gets a Chinese state-sponsored hacker in their network, CISA is what they call. One cybersecurity expert put it plainly: “We can’t expect a local water utility to defend itself against attacks from China without support.”

And then there’s this detail that the strategy very much does not mention: the Cyber Safety Review Board – the independent body created specifically to investigate major cyber incidents and figure out what went wrong – was disbanded by the Trump administration. It had been in the middle of investigating Salt Typhoon, which is the Chinese state-sponsored hack that burrowed into AT&T, Verizon, T-Mobile, and at least six other major telecom companies and sat there for months. They didn’t just steal metadata. They got into the lawful intercept systems – the wiretapping infrastructure that law enforcement uses for court-approved surveillance. One intelligence expert called it “the worst counterintelligence breach in U.S. history.” That investigation is now dead.

The White House strategy uses the phrase “promote common sense regulation” as one of its six pillars. In practice, this means reducing compliance requirements for the private sector. The document frames cyber regulation as a costly burden that slows innovation. What it doesn’t say is that when companies can write their own cybersecurity rules – as the FCC allowed telecoms to do – you get Salt Typhoon. Senator Ron Wyden said it in plain English back in 2024: “It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules.”

The strategy also brags about fighting authoritarianism and censorship online, which would be more convincing if the administration hadn’t fired the Democratic members of the Privacy and Civil Liberties Oversight Board – the watchdog that monitors spy agency overreach into Americans’ civil liberties – while the agency is currently suing to get its members reinstated.

Pillar six is “Build Talent and Capacity.” They want a pipeline of trained cyber professionals. They want academia and industry and government and the military all working together. Great. Meanwhile, Pete Hegseth directed Pentagon officials to minimize cybersecurity training in the military in favor of programs “directly linked to warfighting” – which is a wild thing to say given that cyber operations literally turned off the lights in Caracas and blinded Iran’s air defenses. That’s warfighting.

A cybersecurity strategy that brags about offensive cyber capabilities while simultaneously defunding the agency responsible for defending the country is not a strategy. It’s a press release written around the stuff that already went well, published in a building where they’ve spent the last year firing the people who would have to implement it.

The lights went out in Caracas because of our cyber capabilities. The lights staying on in America depends on CISA.

Sources