“Trump Administration Cuts Cyberdefense Even as Threats Grow.”
That October headline from The New York Times has been swirling in my head over the past couple of days, along with various other reports of the Trump administration’s gutting of the country’s cybersecurity infrastructure over the past year, amid news of a debilitating hack that has rocked the American education system.
Wired reported on the incident, calling it a “new kind of ransomware debacle”:
The widely used digital learning platform Canvas was put into “maintenance mode” on Thursday after its maker, the education tech giant Instructure, suffered a data breach and faced an extortion attempt by attackers using the recognizable moniker “ShinyHunters.” Though the hackers have been advertising the breach and attempting to extract a ransom payment from Instructure since May 1, the situation took on additional immediacy for regular people across the US and beyond on Thursday because the Canvas downtime caused chaos at schools, including those in the midst of finals and end-of-year assignments.
CNN reported that this incident, which affected thousands of K-12 schools and universities in the United States, purportedly was the second such hack within weeks:
This was the second school data breach claimed by ShinyHunters this month. In Thursday’s ransom note, the group claimed it had hacked Instructure “again” and faulted the company’s response to the previous attack: “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”
As more details emerge, we’ll hopefully better understand how this attack occurred and how to thwart future ones. But it’s not promising that the Trump administration has dismantled key agencies responsible for answering these questions.
In November, a CNBC report featured experts who warned that the administration had left Americans and the U.S. economy “at greater risk of being hacked.” The report specifically cited cuts made to the Cybersecurity and Infrastructure Security Agency, an organization targeted by the MAGA movement ever since its former director refused to promote Trump’s “big lie” about fraudulence in the 2020 election.
The Trump administration’s budget cuts and government agency gutting, including at the Cybersecurity and Infrastructure Agency (CISA), place Americans and the U.S. economy at greater risk of hacks than a year ago, according to expert assessments.
CISA hasn’t exactly shown signs that it’s running on all cylinders. The agency still doesn’t have a Senate-confirmed director after Trump’s nominee pulled his own nomination last month. The agency is currently being led by an acting director, Nick Anderson, who took over in February when the previous, scandal-plagued acting director was reassigned. And on top of all that, Homeland Security Secretary Markwayne Mullin recently said CISA lost about 1,100 employees during his department’s recent shutdown.
None of these things paint a stellar image of the status of U.S. cybersecurity — or instill much confidence in the Trump administration’s efforts to guard against devastating hacks, like the one many American colleges and universities are dealing with now.
Ja’han Jones is an MS NOW opinion blogger. He previously wrote The ReidOut Blog.