Jen Easterly, CISA Director, To Step Down On Inauguration Day

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is set to leave the agency after more than three years of service.

CISA is tasked with safeguarding critical infrastructure and enhancing the U.S. government’s defenses against cybercriminals and state-sponsored actors. These adversaries have increasingly targeted American agencies to steal sensitive data and disrupt essential services.

Both Easterly and CISA Deputy Director Nitin Natarajan will step down on January 20, coinciding with the transition to the new Trump administration.

CISA spokesperson Antonio Soliz confirmed the leadership exits in an email to TechCrunch, stating, “All appointees of the Biden Administration will vacate their positions by the time the new Administration takes office at noon on January 20.”

Easterly has served as CISA’s second director since the agency was established in 2018. She was nominated by the Biden administration in April 2021 to fill the vacancy left after then-President Trump dismissed CISA’s first director, Chris Krebs, who publicly refuted Trump’s false claims of widespread voter fraud in the 2020 U.S. presidential election.

During her tenure as CISA director, Jen Easterly navigated several pivotal events in the cybersecurity landscape. Among these was the Colonial Pipeline ransomware attack, which disrupted fuel supplies across the U.S. and highlighted vulnerabilities in critical infrastructure. The incident served as a wake-up call, driving substantial reforms in how critical infrastructure is secured.

Easterly also spearheaded transformative initiatives, including the Secure by Design framework, aimed at encouraging manufacturers to embed security into their products from inception, shifting the cybersecurity burden from the user to the technology manufacturer.

Additionally, she introduced CISA’s Resiliency Playbook, which offers comprehensive guidance to bolster the protection and resilience of critical infrastructure against emerging cyber threats. These efforts cemented CISA’s role as a cornerstone of U.S. cybersecurity strategy.

The agency played a vital role in defending U.S. government systems against cyber threats from Russian and Chinese-backed hacking groups targeting critical infrastructure.

Easterly has described Chinese cyberattacks against U.S. critical infrastructure as the most serious threat to the nation she has seen in her 30-plus year career.

CISA was instrumental in aiding Ukraine’s defense against Russia's full-scale invasion in 2022, including countering cyberattacks tied to the conflict.

In 2022 she also announced an "ambitious goal" to address the gender gap and talent shortages in the cybersecurity industry by aiming for women to represent 50% of the cyber workforce by 2030.

In 2023, Easterly stated that potential cybersecurity threats posed by Artificial Intelligence (AI) development meant that the government should implement systemic safeguards

In the lead-up to the 2024 election, Easterly focused on boosting public confidence in the U.S. election system. As the head of America's cyber defense agency, she emphasized that “election infrastructure has never been more secure, and the election stakeholder community has never been more prepared.”

Highlights of her tenure include:

1. Joint Cyber Defense Collaborative (JCDC): This public-private partnership leverages authorities granted by the 2021 National Defense Authorization Act to unite the global cyber community in defending cyberspace. JCDC fosters collaboration between governments, private companies, and international partners to address emerging cyber threats.
2. Secure by Design Initiative: Launched in 2021, this initiative promotes embedding security into the design of products, software, and systems. By encouraging technology companies and developers to proactively incorporate security measures, the program aims to minimize vulnerabilities before deployment.
3. Cross-Sector Cybersecurity Performance Goals (CPGs): Developed through consultations with industry, government, and experts, these guidelines focus on reducing risks to critical infrastructure and enhancing the cybersecurity posture of essential operations.
4. Known Exploited Vulnerabilities (KEV) Catalog: Since 2021, CISA has maintained this regularly updated list of actively exploited vulnerabilities in software and hardware, providing actionable insights to organizations seeking to mitigate risks.
5. Vulnrichment Program: Introduced in 2024, this initiative integrates contextual data into vulnerability management processes, improving the efficiency of reporting and remediation efforts.
6. Cyber Support to Ukraine: Under her leadership, CISA partnered with international allies to support Ukraine’s defenses against Russian cyberattacks targeting critical infrastructure and government systems. CISA contributed technical expertise, threat intelligence, and mitigation strategies to bolster Ukraine’s resilience.
7. Shields Up Campaign: This initiative underscored the need for vigilance among US organizations, focusing on protecting critical infrastructure against potential spillover effects from global cyber threats.
8. Election Security Collaboration: She worked closely with state and local governments to safeguard election systems against interference, reinforcing public trust in the integrity of US elections amidst escalating cyber risks.

During her term Easterly was a relentless advocate of:

• Creating strong passwords
• Enabling MFA
• Keeping software up to date
• Recognising phishing attempts

Under Easterly's leadership CISA has now become an integral pillar of the U.S government in ensuring the security of Americans as well as supporting efforts across the globe in the fight against cyber crime and attacks by hostile states.

Before leading CISA, Easterly headed Morgan Stanley’s cybersecurity division and held senior roles within the U.S. Army, the National Security Agency, and U.S. Cyber Command.

The Trump administration’s transition team has not yet announced who will be appointed to lead CISA starting January 20.