When I walk into Jen Easterly’s office on a bright January day in Arlington, Virginia, I’m greeted by a giant shark head lurking on the floor. I instantly spot a Rubik’s Cube—an Easterly hallmark—emblazoned with the logo of the organization she’s run for the past three and a half years—the Cybersecurity and Infrastructure Security Agency, or CISA, which President Donald Trump created during his first term.
Easterly, who is 56 years old, jumps to her feet to greet me. The first thing that hits me is her denim pants, which have a dragon on one leg and a serpent on the other. Then she launches into updates on CISA’s animated “Secure Our World” video series and, in the same breath, laments that she hasn’t had time for a private guitar lesson in weeks. Seemingly a regular day on the job for her, except for one thing. As of January 20, Inauguration Day, Easterly’s time at CISA would be over. Trump had fired the agency’s first director, Chris Krebs, after CISA refused to question the integrity of the 2020 election, and Easterly now says she wasn’t asked to stay. Rumors are swirling that CISA programs—or even the entire agency—may soon be on Trump’s chopping block.
The timing couldn’t be worse for the nation to lose its top cybersecurity cop. A Beijing-linked group called Salt Typhoon spent months last year rampaging through American telecoms and siphoning call logs, recordings, text messages, and even potentially location data. Many experts have called it the biggest hack in US telecom history. Easterly and her agency unknowingly detected Salt Typhoon activity in federal networks early last year—warning signs that ultimately sped up the unraveling of the espionage campaign.
The work of banishing Chinese spies from victim networks isn’t over, but the walls are already closing in on CISA. Trump’s nominee to run the Department of Homeland Security, Kristi Noem, told a senate committee last week that CISA needs to be “smaller” and “more nimble.” And a day after the inauguration, all members of the Cyber Safety Review Board—who were appointed by Easterly and were actively investigating the Salt Typhoon breaches—were let go.
When Easterly officially became the agency’s second director, in 2021, the government was still reeling from a different blockbuster hack—SolarWinds. Kremlin-backed intruders had compromised widely used software to infiltrate the networks of US agencies and other targets. Helping US institutions defend themselves became an even more urgent and daunting project. CISA doesn’t enforce laws or collect intelligence; its job is to evangelize digital security measures and offer free services, so institutions can see what they need to do to not get hacked or—more realistically—get hacked less badly. Easterly got to work building relationships across the federal government and with state and local officials, corporate executives, and utility managers. In crises like the Salt Typhoon campaign, these relationships are crucial to quickly containing the damage.
It takes a determined person, and perhaps a charismatic one, to build rapport with such a wide-ranging group of people. Easterly has the background for it: She has worked in the Army (with multiple deployments), the National Security Agency, and the National Security Council under Barack Obama, and she spent nearly five years in charge of Morgan Stanley’s global cybersecurity. She also helped establish US Cyber Command within the Department of Defense. Somehow, though, she’s chill. To break the ice, and probably to make an impression, Easterly has leaned into her passions while in office, cubing and jamming with executives and utility operators around the country. And, yes, there’s her eclectic style—high fashion (by cybersecurity standards, anyway) mixed with bell-bottoms and Birkenstocks—but also her quiet, intense obsession with trying to solve the puzzle that is digital defense.
This interview has been edited for length and clarity, combining on-camera and off-camera portions. Check out WIRED’s YouTube channel for the video.
You’re in your last days as the director of CISA. How’s it going?
It’s a little bittersweet.
Why are you leaving?
Well, at the end of the day, I’m a Senate-confirmed political appointee. We serve at the pleasure of the president. I’ve not been asked to stay.
There are signs that the Trump administration may be hostile to some of CISA’s goals. Do you think the agency has proven it’s valuable?
We are America’s cyberdefense agency, but our budget is less than $3 billion. I think the American people are getting an incredible return on investment. Anybody who looks at it will see that there’s been an enormous amount of progress made in reducing risk to the critical infrastructure Americans rely on every hour of every day. We’re talking water, power, transportation, communication, finance. It’s not a political or partisan issue, and these threats are only getting more complicated, more dangerous. Any stepping back of what we’ve put in place will be to the detriment of the safety and security of the American people.
One threat that’s top of mind is Salt Typhoon. How have past foreign espionage campaigns, like Russia’s SolarWinds attacks, informed the work you all are doing?
What we saw in December 2020, with the revelations about the Russian intrusions into US federal government networks, as well as businesses around the world, was a pretty sophisticated supply-chain espionage operation. I would say the bumper sticker was to finally allow CISA to manage the .gov federal digital assets as one enterprise, not as a disparate tribe of a hundred separate departments and agencies. It’s still a work in progress, but what we’ve put in place across the government over the past three and a half years has given us enormous visibility and has allowed us to detect intrusions much more rapidly, to be able to remediate them and to get ahead of future intrusions.
It’s concerning how difficult it seems to have been for the telecoms to eradicate the Chinese hackers from their networks. Has there been progress in terms of that transparency and insight you’re talking about?
After the revelations of these breaches, we stood up what’s called a unified coordination group. So we’re responding, the FBI is investigating, folks like the National Security Agency are using what we see in the intelligence to understand the extent and the depth of this intrusion. And we’re coming together to work with the victims. We’ve been doing that for months. This has unfortunately been out in the press a lot—
I would say fortunately!
Anything that gets out there has the downside of having adversaries change their tactics. So, while I think the transparency to consumers is important, it also makes it more difficult to then find these actors within the network. I don’t expect it to be remediated in the short term.
What about in the long term?
Everybody should assume that our adversaries, in particular China, are attempting to go after our critical infrastructure. The private sector, they are on the front lines of this fight, because they own and operate the vast majority of our critical infrastructure. It’s why companies need to put collaboration over self-preservation.
I want a future where something like a ransomware attack is a shocking anomaly. Where damaging software vulnerabilities exploited by nation-state actors are as infrequent as plane crashes. A world where the technology that we’ve come to rely on every hour of every day is first and foremost secure.
It feels like hackers always find new ways to get where they want to go. Can you win at defense?
I mean, you’re right. Defense is hard. I say that as America’s cyber head goalie. And that’s why it has to be a team. As much as we work to hunt for and eradicate Chinese actors, our partners need to hold those actors accountable, whether that’s through offensive cyber capabilities or indictments or sanctions. But, yes, we’re on the defensive side, and it’s a challenge.
Former CISA director Jen Easterly left office on Inauguration Day as rumors swirled about the fate of the agency.Photograph: Dana Scruggs
Right now is a very scary and precarious time in cyberspace.
I spent a lot of time in counterterrorism, and people would often say, “What keeps you up at night?” But it’s really not what keeps me up at night. It’s all about what gets you up in the morning. I love my team. I love the mission. Not every day is the best day ever, but you work through the issues, you stay resilient, you stay focused.
Probably a necessary attitude for this type of work. But I just have to be that guy who asks you one more time: What keeps you up at night?
A major conflict in Asia—the potential invasion or blockade of Taiwan by the People’s Republic of China—could have very real consequences here in the US. You could see pipelines and water being affected, telecommunications being severed, rail lines, power. That is all part of a very deliberate effort by the People’s Republic of China to incite what they call “societal panic” and to deter our ability to marshal military might and citizen will. We have to acknowledge that disruption may occur.
Is the public paying too much attention to espionage campaigns like Salt Typhoon? Should we all be more worried about threats to critical infrastructure, like China’s Volt Typhoon?
We are very focused overall on PRC cyber actors. CISA is one of the few agencies in the government that has been able to find both Volt Typhoon within critical infrastructure as well as Salt Typhoon. In fact, it was our work several months ago to find Salt Typhoon that then led to law enforcement identifying virtual private servers that were being leased by the adversaries, and then that unraveled the wider campaign.
You and I have talked before about how Ukraine has faced years of punishing digital attacks and, of course, an ongoing kinetic war with Russia. CISA has partnered for a few years now with its counterpart agency in Ukraine. Do you have concerns that the Trump administration won’t prioritize that relationship?
Ukraine is under active assault by a very sophisticated threat actor. What we are learning from how they are dealing with those attacks actually helps us understand and mitigate similar threats to our own infrastructure. Cyber is a borderless space, and what our foreign partners see can absolutely benefit us. We need to ensure that all of us—from the vendors that create technology to companies that buy technology to citizens that consume technology—recognize our shared role in a collective defense of cyberspace and critical infrastructure.
Do you feel that there are too many cooks in the US federal cybersecurity kitchen? Has that been an issue?
It really has not. A lot of people have asked that question, but when the SolarWinds incident occurred I was looking at it as both the cyber policy lead for the Biden-Harris transition team and, perhaps more importantly, from my day job at Morgan Stanley. One advisory came out from CISA that was very SolarWinds-specific. We didn’t have SolarWinds in our infrastructure. Another one came from NSA that was focused on VMware, and we did have VMware in our systems. It was not clear how these things were connected. And then you would see an FBI private-sector notice about something else. At this point I’ve already been in government for 27 years. I’d been in the military, the Department of Defense, the intelligence community, the White House. It’s like, I know this. I thought I understood the government. And I couldn’t make sense of what the government was trying to tell us about this Russian espionage campaign. It was one of the motivating things about coming to CISA. How do we bring together the federal cyber ecosystem?
The relationships with NSA, FBI, and CISA have never been better. Some of that is personalities, but I think we have actually developed institutional connective tissue, so that it will last. It’s very, very clear what CISA’s role is. Now, you often talk about, what does the National Security Council do? What does the Office of the National Cyber Director do? I think we’ve sorted out the relationships at that level with policy and strategy, but really at the operational level where CISA lives, those relationships across the federal cyber ecosystem I think have never been better.
You said that there is unfinished business as you prepare to leave CISA. Where do you wish you could have done more?
There’s a lot of unfinished business. We have made an impact through our ransomware vulnerability warning pilot and our pre-ransomware notification initiative, and I’m really proud of that, because we work on preventing somebody from having their worst day. But ransomware is still a problem. We have been laser-focused on PRC cyber actors. That will continue to be a huge problem. I’m really proud of where we are, but there’s much, much more work to be done. There are things that I think we can continue driving, that the next administration, I hope, will look at, because, frankly, cybersecurity is a national security issue.
I have to ask you, there are rumors: Are you or are you not going on tour when you leave CISA?
You know, I certainly hope to. I played piano and guitar when I was young, but I started taking up electric guitar, and that has become my passion, my obsession. So my big postretirement plan several years from now is to start a bar in lower Manhattan, to have a band. We’re going to do magic. We’re going to do improv. I’m going to be the bartender.
And will there be Rubik’s Cubes at every table?
There will be Rubik’s Cubes. I’m obsessed with the Rubik’s Cube. When I was 11 these things were introduced across the world, and I was a huge puzzler and a video game person. I learned how to solve it, and then I would go to toy stores—I was this little kid with pigtails—and say, “Hey, if I can solve this in less than two minutes, will you give me a free one?” So I was able to amass this whole set of them.
You must see some sort of connection between that and your day job.
Ernő Rubik, who invented the thing, said something like, if you are curious, you will find puzzles around you. And if you are determined, you will solve them. And when I think about the incredible technical talent that we have here at CISA, it’s the intellectual curiosity, it’s the hacker mindset, it’s the problem solver. But it’s also the determination, the relentless drive to solve the most complicated problems out there.
Let us know what you think about this article. Submit a letter to the editor at mail@wired.com.