Jen Easterly, who has steered CISA for more than three years for the Biden Administration and championed such initiatives as secure by design and the rapid reporting of attacks on critical infrastructure operations, will step down in January as President-elect Donald Trump is inaugurated.

Deputy Director Nitin Natarajan also will depart, with the agency noting in a statement that “all appointees of the Biden Administration will vacate their positions by the time the new Administration takes office at noon on January 20.”

The Cybersecurity and Infrastructure Security Agency was created in 2018 during Trump’s first tenure as president but became a political punching bag after he and Republicans in Congress were angered when then-Director Chris Krebs pushed back at accusations that the 2020 election was rigged in favor of Biden.

Trump eventually fired Krebs. Easterly was appointed to the role in April 2021 and she and CISA have since played a central role in President Biden’s aggressive push to improve the country’s secure posture at a time when foreign adversaries like Russia, China, and Iran ramped up their cyber efforts against the country, more sophisticated attacks in areas like ransomware and supply chains accelerated, and generative AI – and the security concerns that came with it – exploded on the scene.

Helped Lead Biden Cyber Initiatives

Biden issued his cybersecurity executive order a month after appointing Easterly to the CISA role and she has since run with it. She pushed for private-public partnerships in many parts of the cybersecurity world, including in the secure-by-design initiative not only within federal government agencies but also in the private sector that urged organizations and their developers to put security features into their products from the beginning of the software development cycle rather than bolting them on at the end.

That included efforts like software bills-of-materials (SBOM), which essentially are like ingredient labels on foods that detail the components that make up an application in hopes of protecting organizations from supply chain and similar attacks, such as the one by a Russian threat group against software maker SolarWinds in 2020 that had such far-reaching effects.

Secure by design was part of a larger effort to shift the responsibility for cybersecurity from the device users to the device makers.

Easterly also helped lead Biden’s push for greater security of critical infrastructure in such sectors as water and waste water, energy, manufacturing, and health care, including advocating for such rules as immediately reporting when such organizations were attacked by ransomware.

Addressing AI, Quantum Security

In addition, CISA has been instrumental in developing security guidelines for such emerging technologies as AI and quantum computing and recently introduced a plan to strengthen partnerships around the world against cyberthreats.

Easterly came to the role with deep experience she accumulated after graduating from West Point and becoming a Rhodes Scholar and spending 20 years in the Army. She helped create U.S. Cyber Command in the wake of a malware attack on the Defense Department in 2008 and, after retiring from the Army as a lieutenant colonel, was with the National Security Agency (NSA), serving as deputy director of counterterrorism.

She also served as the National Security Council’s deputy director of counterterrorism during the Obama Administration and at one point was head of cybersecurity for Morgan Stanley.

CISA’s Future Unclear

How CISA will fare during the Trump Administration is under question. Senator Rand Paul (R-KY), who is positioned to become chair of the Senate Homeland Security and Governmental Affairs Committee now that the GOP has regain control of the Senate, has long been a critic of the agency, not only because of its defense of the security of the 2020 election but also for what he believes is CISA infringing on free speech by targeting conservative viewpoints.

“I’d like to eliminate it,” Paul told Politico last week. “The First Amendment is pretty important, that’s why we listed it as the First Amendment, and I would have liked to, at the very least, eliminate their ability to censor content online.”

CISA also vouched for the security of the infrastructure underpinning the 2024 election in the wake of concerns from Democratic politicians and activists.

Some commentators on Reddit were concerned about Easterly leaving CISA and the future of the agency. One wrote that they “work in K12 and CISA is an invaluable partner for schools that generally don’t have a ton of money to throw at security. This could be terrible news for a lot of districts.”

Another wrote that “CISA is one of the best things the federal government has ever done. I really hope it survive[s] the next 4 years.”