CYBERUK The top brass from the UK’s cyber agency say everything is business as usual when it comes to the GCHQ arm’s relationship with CISA, amid growing unease about the current administration’s treatment of its US equivalent.
Since retaking power, Donald Trump’s administration has routinely criticized CISA, an agency that rubbished the President’s claim that his election loss in 2020 was due to “fraud,” bringing uncertainty to its status in the department headed up by Homeland Security Secretary Kristi Noem.
Ex-CISA chief decries cuts as Trump demands loyalty above all else
READ MORE
Asked about how the British cyber agency’s relationship with CISA had changed since Trump’s election win, members of the NCSC management board quickly swatted away any notion that a switch of power had affected transatlantic cyber ties.
“My direct peer is still in place,” said Ollie Whitehouse, CTO at the National Cyber Security Centre (NCSC) during last week’s CYBERUK, referring to CISA’s technical director, Chris Butera. “Our relationship has not changed. I was in country last week. [Our relationship] is enduring. It is unwavering.”
The NCSC’s COO, Felicity Oswald, was also on that trip to CISA a few weeks ago and said the team “had great engagement as ever.”
Oswald was reticent to comment on another country’s democratic processes, but assured The Reg that NCSC and CISA remain “steadfast partners.”
“We remain really close to CISA and all of the US agencies,” she added.
Illustrating the point, Whitehouse added “we still have embeds inside CISA,” suggesting perhaps if things were really bad, foreign eyes may have already been ousted from the agency’s headquarters.
What “really bad” looks like, though, is subjective.
The current administration’s treatment of CISA has been firmly in the public eye, from Trump’s ongoing attack on Chris Krebs, to DHS secretary Noem suggesting at RSA that it had “gone off the rails,” and needed correcting (in the form of a shift in its “mission” as well as proposed budget cuts). There are umpteen other examples we could list, and many in the industry are concerned the agency’s good work will be scuppered.
Just a few days ago, at the Homeland Security Subcommittee’s CISA oversight hearing, Congresswoman Lauren Underwood (D-IL) expressed concern that “instead of investing in this popular, nimble, and cost-efficient agency that protects nearly every aspect of Americans’ lives, you are proposing an almost 20 percent cut to CISA — $491 million — and driving out the workforce through early retirement buyouts and questionable terminations. That’s not cutting fat — that’s a death blow.”
It’s not just CISA that’s under fire. More broadly, the way in which the US government views cybersecurity as a component of national security has also caused concern in recent months.
Within a week of taking power, Trump’s office gutted the Cyber Safety Review Board, whose work has, among other things, exposed the infosec failings that led to widespread government compromise at the hands of Volt Typhoon.
In just the past few weeks, the Common Vulnerabilities and Exposures (CVE) program, on which the cybersecurity industry relies for tracking vulnerabilities, was saved only at the very last hour by renewed government funding.
There were real fears that Trump’s government would not fund MITRE, which runs the CVE program, for over a week. And even though its contract was ultimately renewed, it was only done so for less than a year, meaning the lead-up to March 2026 could see the same concerns revived.
A ‘key partner’ for us
Nevertheless, the NCSC had nothing bad to say or concerns to share about their US counterparts. Toeing the agency’s line was Jonathan Ellison, the NCSC’s director of national resilience and future technology.
Like Whitehouse and Oswald, he too was on the CISA trip a few weeks back and also attended the RSA talk where Noem vowed to put the cyber agency back on track, but left with a different takeaway.
“I listened to the DHS secretary’s keynote at RSA, and I think there’s a very clear message there about the importance that the administration in the US is putting on cybersecurity,” he said. “And that came through in all the conversations that I had with my counterparts at CISA and other organizations while I was out there.
“I think they’re an absolutely key partner for us and a really important partner, and I think we will continue that level of cooperation with them. I think hearing the DHS secretary talking about the importance of cybersecurity to the administration was a really good thing for them to publicly project, and that came out in the final thoughts that I had while I was out there.”
It’s true that Noem’s commitment to cybersecurity was clear throughout RSA. She specifically expressed how perturbed she was upon being briefed on the threat from China, and how many of the questions surrounding the Volt and Salt Typhoon incidents remained unanswered.
She didn’t mention that her boss gutted the group his predecessor established for the sole purpose of investigating events such as these.
CISA slammed for role in ‘censorship industrial complex’ as budget faces possible $500M cut
British govt agents step in as Harrods becomes third mega retailer under cyberattack
Chris Krebs loses Global Entry membership amid Trump feud
Homeland Security boss says CISA has gone off the rails, vows to set it right
Asked for a response to the NCSC leaders’ comments, CISA’s line was equally as sanitized as that of its tea-drinking cyber sibling across the pond in the UK.
“Cybersecurity requires nations to work across borders to share information and work together to strengthen defenses against global threats,” it told The Register. “Our close partnership with UK National Cyber Security Centre has enabled us to provide timely, actionable information and beneficial capabilities that greatly strengthened our collective ability to globally defend against cyber incidents.
“CISA is committed to continue working closely with UK NCSC and other international allies to build capacity, cyber resilience, and enhance security for the global critical infrastructure community.” ®
