According to The Verge, Arizona Secretary of State Adrian Fontes deliberately avoided contacting CISA during a June cyberattack where Iranian government-affiliated hackers replaced candidate photos with images of Ayatollah Khomeini. The Cybersecurity and Infrastructure Security Agency has faced mass staffing cuts under the Trump administration, including nearly all 95 employees in its Stakeholder Engagement Division being laid off last month and a proposed $3 billion budget being slashed by nearly half a million dollars. CISA’s election integrity team is now led by right-wing activist Heather Honey, who has promoted voting fraud conspiracy theories, while Trump loyalists have taken key posts at DHS. Fontes says many CISA staffers his office regularly worked with have left, forcing him to contact the National Guard and Arizona’s Counter Terrorism Information Center instead while keeping CISA at “arm’s length.”
The trust is gone
Here’s the thing about cybersecurity coordination: it only works when everyone feels safe sharing their vulnerabilities. And right now, state officials like Fontes clearly don’t. He told The Verge point-blank: “How can I reveal security information that’s very sensitive in nature, that could be very easily exploited for political means, with an agency that’s been gutted and politicized?” That’s a devastating admission from someone who previously praised CISA for providing “instantaneous” intel during 2024 election bomb threats.
This isn’t just about elections either. CISA coordinates protection for everything from water systems to transit networks – critical infrastructure that experts have warned for years is vulnerable. When Microsoft Exchange Online got breached by Chinese hackers in 2023, CISA served as the central clearinghouse for information across agencies. But that whole system collapses if people stop talking.
The real-world consequences
Look at what’s happening with smaller organizations that rely on CISA. Cynthia Lane, who runs a Colorado water utility with just 15 staffers, says CISA’s free weekly threat assessments are vital because they can’t afford that kind of security analysis otherwise. The consequence of a hack here isn’t abstract – we’re talking about water main breaks from manipulated pressure systems or sewage overflowing into rivers.
Meanwhile, the agency’s capabilities are being systematically dismantled. A public-private partnership that gave utilities legal cover to share sensitive information got disbanded. Grants for state and local cyber defenses have lapsed during the government shutdown. A law protecting companies that share threat information recently expired. It’s death by a thousand cuts.
The political reality
Retired Rear Adm. Mark Montgomery puts it bluntly: the Trump administration’s claim that CISA is fine “defies a 250-year history of the government. We do not do these kinds of cuts and everything’s fine.” But the political motivation is pretty clear – Republicans have “special animus” toward CISA because of its role tracking 2020 election disinformation.
So now we’ve got this bizarre situation where Fontes, a Democrat, has to operate in what he calls “silent mode” – sharing only what the law absolutely requires while assuming anything he discloses could be weaponized against him. He’s literally worried that DHS Secretary Kristi Noem might take internal cybersecurity data and turn it into a Truth Social post. That’s where we are.
What comes next
The former CISA official who spoke to The Verge warned the administration is “playing with fire.” And they’re probably right. We’ve already seen major attacks on US telecom systems that prompted officials to recommend all Americans use encrypted communications. The departure of experienced staff combined with lost trust from state partners creates exactly the kind of vulnerability that nation-state hackers dream about.
Basically, CISA was built to be the central nervous system for American cybersecurity. Now it’s being treated like just another political football. Fontes summed up the new reality perfectly: “Share with who you can trust, in as limited a way as you have to to get the job done.” That might work for individual states, but it’s a recipe for national security disaster when we’re facing coordinated international threats.
