If anything, the military has impinged on CISA’s territory—not the other way around—out of exasperation with the civilian agency’s constrained resources, says Montgomery, a retired Navy rear admiral.

“The Department of Defense would say, ‘We’re having to do things that we think CISA should be doing,’” Montgomery says, which has meant “slowly creeping outside the base fence to make sure that electrical power grids, water systems, [and] telecom systems [near bases] are properly protected in case of a crisis.”

Department of Dubious Moves

Of all the CISA proposals in Project 2025’s plan, the most ambitious one is highly unlikely to succeed: moving the agency into the Department of Transportation as part of a broader initiative to dismantle DHS.

The recommendation reflects conservatives’ desire to shrink the overall size of government, but it may also suggest a belief that moving CISA would curtail its scope and make it “a little more manageable,” says Brandon Pugh, director of the cybersecurity and emerging threats team at the center-right think tank R Street Institute. Pugh says some Republicans believe the agency “went beyond its original mandate and [has] become too bloated.”

But this idea is a virtual nonstarter because the congressional committees with oversight of CISA won’t give up their power in a rapidly growing domain. “There’s no way that would ever work,” Costello says.

Apart from being infeasible, the proposal would undermine CISA’s effectiveness.

Cybersecurity fits squarely into DHS’s homeland-security portfolio, so moving CISA into a department with a different mission “doesn’t make a lot of sense” and “would undermine some of the organizational logic,” Kelly says. “I don’t actually understand the rationale of that.”

DHS is also better-suited to facilitate the kind of cross-government collaboration that CISA relies on for its twin missions of protecting federal computer systems and helping companies and local governments defend themselves.

“Giving CISA to Department of Transportation would reduce the cybersecurity of our national critical infrastructure for some period of time,” Montgomery says, adding that Transportation is “one of the last places” he’d put CISA and calling the proposal “nonsensical.”

Still, observers say it might be worth reviewing the structure of DHS, which has steadily accumulated functions since its post-9/11 creation and is now considered something of a Frankenstein department. But that review has to be “well thought out,” Todt says. “Reorganization of government should never be taken lightly.”

Squandering a Moment

Even as Project 2025 appears to misunderstand some aspects of CISA’s mission and focus disproportionately on others, the document also misses opportunities to recommend meaningful reforms.

Congress has spent years waiting for CISA to complete a “force structure assessment” that would better define its mission and the resources and organization needed to accomplish it. But even beyond CISA, there are serious concerns that the government as a whole isn’t coordinating well on cyber issues.

Pugh says it’s worth examining whether the system is working well. “Do we need to take a harder look at who’s responsible for different leadership aspects of cyber?”

For now, though, experts agree that Project 2025 misses the mark. The document, Montgomery says, is “full of little tantrums” and “shows a lack of understanding of how federal government works.”

Costello says it’s “embarrassing” to see Project 2025 “call for essentially the hollowing out of CISA,” and he worries that its implementation could create a perilous feedback loop for the agency.

“If you were to reduce the mission scope and importance of CISA,” he says, “morale is going to drop, people are going to want to leave, and Congress is going to be less willing to fund [it].”

Shares:

Leave a Reply

Your email address will not be published. Required fields are marked *