BY KEVIN POLICARPO
China is gradually refining and improving its cyberwarfare capabilities that could shut down and hamper critical U.S. infrastructure including the U.S. power grid.
Meanwhile, the U.S. is cutting back on spending for its cybersecurity infrastructure, reducing budgets for organizations and systems that are vital for U.S. cyberdefense.
QUANTUM COMPUTING THREAT
China is also leading the charge in the development of quantum computing, which has the potential to overcome U.S. cyberdefenses.
Jesse Van Griensven, an adjunct professor from the University of Waterloo in Canada and the executive chairman of the quantum computing security company, EigenQ, used a bank robbery analogy to describe the potential effect of quantum computing in an interview with Nikkei Asia:
“‘With today’s computers, somebody hacks your account and your money is gone. With quantum computers, the money from the whole bank is gone.’
He went on to say that such machines could disable airports, power plants, telecom networks and military forces, reducing the United States “to the Stone Age” without firing a single bullet…”[1]
Ryan Fedasiuk, a fellow at the American Enterprise Institute, warned that if China acquires an error-corrected quantum computer before the U.S., Japan or Taiwan transition to quantum-resistant algorithms, the consequences could be devastating. Beijing would gain “an asymmetric advantage in intelligence, the ability to read sensitive back traffic and compromise systems we thought were secure…”[2]
The Chinese government sees quantum computing as one of its advantages and has been pouring considerable resources into development, construction of the largest quantum communications infrastructure in the world. Morgan Peirce, a cyber and quantum analyst from the Center for a New American Security said: “The Chinese government is funding quantum communications at a much more massive scale than the U.S. or … anyone else in the world…”[3]
She added that China is preparing for any quantum threat to their encryption algorithms via “…large-scale deployment of quantum communications, especially quantum key distribution, which can offer unhackable communications even against a quantum computer.”[4]
IMPACT OF BUDGET CUTS TO U.S. CYBER DEFENSES
According to Risk Management, proposed Trump administration cuts to cybersecurity services could be signed into law that would diminish the U.S. government’s role as the central agency on vital information in regards to cybersecurity.
This is especially notable for the Cybersecurity and Infrastructure Agency (CISA), which saw its budget cut by 17% or $491 million resulting in the dismissal of over 1,000 employees in order to refocus “… on defending the federal network and increasing critical infrastructure resilience.”[5]
Risk Management publishes analysis, insight and news for the risk management community. Risk Management “explores the foundational and dynamic concepts and strategies used by those tasked with protecting the physical, financial, human and intellectual assets of their organizations, and provides in-depth insight into new and emerging risks to help risk and insurance professionals meet the evolving challenges of today’s business landscape.” (see: https://www.rmmagazine.com/about) Risk Management is published by the Risk and Insurance Management Society, Inc.
The House of Representatives’ subcommittee on Homeland Security passed a smaller cut of $134 million and didn’t mention any staff cuts for CISA.[6]
Regardless of the final cutbacks, Risk Management argues that CISA has been diminished in terms of staff due to layoffs, buyouts, and voluntary departures. It quotes Jen Sovada, public sector general manager at the cybersecurity software firm Claroty, as stating: “…recent coverage indicated the agency’s staffing has dropped to between 2,200 and 2,600 employees, from 3,700 at the start of the year.”[7]
On its website, Claroty defines its mission to: “Control, monitor, and protect your industrial control systems …”[8]
Just as China is ramping up its cybersecurity capabilities, Trump administration cutbacks at CISA, Homeland Security and NIST mean that U.S. cybersecurity efforts are at risk of being hamstrung and creating vulnerabilities that hostile actors can exploit.
DEPARTMENT OF HOMELAND SECURITY CUTS
As CISA is experiencing cuts to its budget including to staffers and support to state and local governments for cyber-related threats, Homeland Security Secretary Kristi Noem promised to shift CISA’s focus toward defending the U.S’s most vital infrastructure.
During a keynote speech at the RSA Conference (Rivest, Shamir, and Adleman Conference), Secretary Noem remarked that “…she was ‘committed to cybersecurity’ and considered it to be ‘a national security imperative.’
She also encouraged her critics to “just wait” for the Trump administration’s plans on cyber before passing judgment.”[9]
However, there has been disgruntled voices in CISA in regards to Secretary Noem’s speech in light of the personnel and funding cuts, according to Politico.
A CISA employee speaking under anonymity told Politico that: :
“There’s a real disconnect between the public messaging about cybersecurity and the reality on the ground…”[10]
The majority of CISA’s stakeholder engagement team has either been laid off or reassigned to other agencies under DHS. In addition, “…many CISA employees around the country who provide security support to state and local governments have departed the agency, and CISA has discontinued funding for the Multi-State Information Sharing and Analysis Center, a core cyber threat sharing service used by many of these state leaders.”[11]
Some cyber officials worry that the downsizing and cuts to CISA and the indecisiveness of DHS in creating a clear plan could harm the U.S. ability to defend against potentially devastating cyberattacks.
A former cyber official was quoted as responding to Secretary Noem’s speech: “In retrospect, Secretary Noem’s RSAC speech seems like an utter work of fiction, if not deliberate disinformation… Clearly, cyber is not a priority for DHS or Noem — making us sitting ducks that are far more vulnerable to cyberattacks. Our adversaries are salivating.”[12]
In addition, U.S. cybersecurity has been weakened due to lapses from federal legislation. The 2015 Cybersecurity Information Sharing Act, a law that incentivizes private companies to intelligence regarding cyber threats with the U.S. government, had lapsed on September 30th, 2025. CISA also had its State and Local Cybersecurity Grant Program lapse in September, which “…was established in 2022 and funneled around $1 billion to state and local governments to strengthen cybersecurity efforts.”[13]
These lapses and the policy changes under Secretary Noem come at a time when the U.S. is besieged by relentless cyber attacks from hostile actors.
Hackers linked to China had been “… previously discovered burrowing inside U.S. power and transportation networks, while other state-sponsored groups have spied on Americans through U.S. telecommunications networks. Hackers have also recently exploited widely used tech, including several Microsoft applications, to gain access to U.S. federal agency networks.”[14]
CISA Director Jen Easterly, who had stepped down from the position in January 2025 stated the following: “The cyber threat environment continues to be highly complex and highly dynamic… I think the American people want and deserve a cyber defense agency that is nonpolitical, nonpartisan, well-led, well-resourced with the capability and capacity to help defend businesses large and small across the country, and the critical infrastructure they rely on every day.”[15]
A CISA employee also stated that the workforce is spread thin: “While the remaining workforce is dedicated and mission-driven, the workload has increased substantially without a corresponding adjustment in expectations or support, and without any real acknowledgment of how unsustainable it has become…”[16]
For example, CISA’s Stakeholders Engagement Division would have its funding slashed by 62%.
According to Curtis Dukes, former information-assurance director at the National Security Agency (NSA) and general manager of the best practices and automation group at the Center for Internet Security (CIS), this division of CISA provides “…support to critical infrastructure operators, sharing cyberthreat intelligence for criminal as well as nation state-types of attacks…”[17]
Dukes also notes another proposed cut of 73% to the CISA National Risk Management Center, “…which analyzes and predicts threats to national infrastructure.”[18]
Another key branch of CISA is their Cyber Defense Collaborative, which “…brings together big technology providers that are experts in cybersecurity to identify potential cyberrisks and how to mitigate them.”[19]
CUTBACKS TO NATIONAL INSTITUTES OF STANDARDS & TECHNOLOGY (NIST)
Another major budget cut is aimed at CISA’s National Institute of Standards and Technology (NIST). The NIST’s focus is to “…create standards that enable organizations to interact more efficiently and securely.”[20]
In August 2024, NIST finalized post-quantum cryptography standards which allows for organizations to protect sensitive data and communications from potential attacks caused via quantum computers. The Trump administration justified the cuts by accusing the agency “…of developing ‘curricula that advances a radical climate change agenda’ and pushing ‘environmental alarmism with its university grants.’”[21]
CISA’s ROLE
CISA serves as the pillar of the U.S. government’s cybersecurity efforts, with its main mission being “…to protect the federal government and critical infrastructure.”[22] It also provides cyber-related services to both public and private organizations, such as offering “…forums for Fortune 100 chief information officers and other groups to confidentially share sensitive information about cyberattacks. In turn, the agencies use that information to alert the broader business community to new risks.”[23]
In addition, key infrastructure companies are required to notify CISA about significant cyber incidents within 72 hours, which are also sent out as warning to the right organizations.
ALTERNATIVES TO CISA
There are alternatives that companies and the public sector can look to for assistance. The first alternatives are Information Sharing and Analysis Centers (ISACs), which “…are nonprofit organizations that aim to facilitate sharing of information and analysis on cyberthreats and vulnerabilities within critical infrastructure sectors.[24] ISACs focus on sectors such as finance, power and water and often work with the sector’s regulator.
FOOTNOTES
[1]https://asia.nikkei.com/spotlight/cybersecurity/china-s-quantum-leap-will-eclipse-us-aircraft-carriers-analysts-say
[2] Ibid.
[3] Ibid.
[4] Ibid.
[5]https://www.rmmagazine.com/articles/article/2025/10/09/the-impact-of-federal-budget-cuts-on-cyber-defenses
[6] Ibid.
[7] Ibid.
[8] https://claroty.com/company
[9] https://www.politico.com/news/2025/10/23/kristi-noem-cybersecurity-strategy-concerns-cisa-00619108
[10] Ibid.
[11] Ibid.
[12] Ibid.
[13] Ibid.
[14] Ibid.
[15] Ibid.
[16] Ibid.
[17] Ibid.
[18] Ibid.
[19] Ibid.
[20] Ibid.
[21] Ibid.
[22] Ibid.
[23] Ibid.
[24] Ibid.