Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), is vacating her office, marking a leadership change for the government agency responsible for protecting critical U.S. infrastructure against cyber threats. Her departure in January 2025, comes at a time when the nation’s cyber defenses are under increasing strain from sophisticated attacks by nation-state actors and criminal organizations.
Easterly, who was confirmed in July 2021, led over a volatile cyber period during her tenure. Her leadership has drawn both praise and criticism, reflecting the challenges of an evolving digital threat environment.
As CISA prepares for new leadership, questions linger about how the agency will continue addressing persistent cybersecurity gaps while adapting to emerging threats.
Challenges During Easterly’s Tenure
Easterly assumed her role shortly after the SolarWinds cyberattack, a major breach linked to Russian operatives that infiltrated federal agencies and private companies. Her tenure coincided with rising ransomware incidents, such as the Colonial Pipeline attack, which disrupted fuel supplies along the East Coast.
These incidents spotlighted the vulnerabilities in critical infrastructure and calls for CISA to deliver stronger protections.
Under Easterly, the agency pursued initiatives focused on public-private collaboration, including programs urging companies to adopt “Secure by Design” principles, directing software developers to embed security features during the development process.
Election security also was a chosen focus during her leadership. CISA worked with state and local officials to manage the 2022 midterm elections, evaluating disinformation campaigns and monitoring voting systems’ resilience.
While the agency’s efforts were credited for election integrity, some state officials expressed concerns over federal overreach and communication challenges.
Big Budgets, Mixed Results
Easterly sought to address the cybersecurity talent shortage by championing programs to recruit, train, and retain diverse professionals. Despite increased attention to workforce issues, the cyber talent gap remains a critical vulnerability.
Industry experts have noted that while CISA expanded hiring pipelines, efforts to scale the workforce fell short of the demand created by escalating threats.
CISA’s growing budget during Easterly’s tenure, reaching nearly $2 billion in 2023, allowed the agency to launch high-profile initiatives and threat detection capabilities. However, some industry observers question whether resources were allocated effectively.
Critics argue that more emphasis should have been placed on real-time response capabilities and operational support for critical sectors such as energy, healthcare, and water systems.
Implications of Leadership Change
Easterly’s resignation comes as the US faces an increasingly complex threat environment. Cyberattacks on critical infrastructure, ransomware targeting major industries, and emerging technologies such as artificial intelligence have compounded the challenges for the agency.
The next director will need to address unresolved issues, including:
Agency Independence: With CISA’s role growing in politically sensitive areas such as election security, its leadership will need to balance operational effectiveness with maintaining bipartisan trust and credibility.
Regulatory Gaps: While Easterly emphasized collaboration, future leadership may face pressure to move toward mandatory cybersecurity standards for sectors that have been slow to adopt best practices.
Rising Threats: Nation-state cyber campaigns and criminal hacking groups continue to evolve, testing CISA’s ability to keep pace with increasingly sophisticated tactics.
The Wrap
Jen Easterly’s departure from CISA coincides with President-elect Donald Trump’s plans to reassess the agency’s role and structure. Trump’s administration has signaled intentions to implement significant changes within CISA, reflecting a strategy to streamline federal cybersecurity efforts.
As CISA transitions to new leadership, the agency faces the dual challenge of maintaining the progress achieved under Easterly while adapting to the forthcoming administration’s vision. The agency’s ability to navigate this period of change will be crucial in ensuring the continued protection of the nation’s critical infrastructure.