politics

The Cybersecurity and Infrastructure Security Agency has frozen all of its election security work and is reviewing everything it has done to help state and local officials secure their elections for the past eight years, WIRED has learned. The move represents the first major example of the country’s cyberdefense agency accommodating President Donald Trump’s false claims of election fraud and online censorship.

In a memo sent Friday to all CISA employees and obtained by WIRED, CISA’s acting director, Bridget Bean, said she was ordering “a review and assessment” of every position at the agency related to election security and countering mis- and disinformation, “as well as every election security and [mis-, dis-, and malinformation] product, activity, service, and program that has been carried out” since the federal government designated election systems as critical infrastructure in 2017.

“CISA will pause all elections security activities until the completion of this review,” Bean added. The agency is also cutting off funding for these activities at the Elections Infrastructure Information Sharing & Analysis Center, a group funded by the Department of Homeland Security (DHS) that has served as a coordinating body for the elections community.

In her memo, Bean confirmed that CISA had, as first reported by Politico, placed employees “initially identified to be associated with the elections security activities and the MDM program” on administrative leave on February 7.

“It is necessary to rescope the agency's election security activities to ensure CISA is focused exclusively on executing its cyber and physical security mission,” she told employees in the memo.

While Bean is temporarily leading CISA, she is officially the agency’s executive director, its top career position. CISA’s first director created the executive-director role to provide continuity during political transitions. Previously, Bean was a Trump appointee at the Federal Emergency Management Agency during his first term.

In justifying CISA’s internal review, which will conclude on March 6, Bean pointed to Trump’s January 20 executive order on “ending federal censorship.” Conservatives have argued that CISA censored their speech by coordinating with tech companies to identify online misinformation in 2020, during the final year of Trump’s first term. CISA has denied conducting any censorship, and the US Supreme Court dismissed a lawsuit over the government’s work. But in the wake of the backlash, CISA halted most conversations with tech platforms about online mis- and disinformation.

CISA and DHS did not immediately respond to requests for comment.

Since 2017, state and local election officials have relied on CISA’s expertise and resources—as well as its partnerships with other agencies—to improve their physical and digital security. Through on-site consultations and online guidance, CISA has helped election administrators secure voting infrastructure against hackers, harden polling places against active shooters, and create polling-place backup plans to deal with ballot shortages or power outages.

Election supervisors have always struggled to overcome serious funding challenges, but in recent years, their jobs have become even more stressful as intense voter scrutiny has given way to harassment and even death threats. Election officials of both parties have repeatedly praised CISA for its apolitical support of their work, saying the agency’s recommendations and free security services have been critical in boosting their own efforts.

But that bipartisan accord began fraying after the 2020 election, as some conservative election officials started criticizing the agency for its focus on mis- and disinformation. Congressional Republicans joined the fray as well, calling CISA “the nerve center of the federal government’s domestic surveillance and censorship operations on social media.” Their rhetoric echoed Trump’s own history of election denialism, which involved false claims of rigged voting machines and mass voter fraud and culminated in Trump supporters’ January 6, 2021, attack on the US Capitol.

With conservatives pushing to axe CISA’s election security mission, Trump’s election last November virtually guaranteed an end to that program, and employees have been bracing for retaliation against the people who participated in that work.

Bean’s memo indicates that CISA’s internal review will cover every agency position related to election security, as well as performance plans for employees involved in that work; all support services provided to the election community; and all election security guidance and publications. Bean wrote that CISA will describe any steps necessary to “correct any activities identified as past misconduct by the Federal Government related to censorship of protected speech,” including eliminating programs or roles.

After CISA completes its review, the agency will submit a report to the White House addressing how it plans to “deliver a more focused provision of services for elections security activities,” Bean told employees. The report will focus on three goals: streamlining the election security services that CISA offers to state and local governments, ensuring that its activities align with its new “mandate to refocus” on its core mission, and removing “all personnel, contracts, grants, programs, products, services, and activities” that conflict with Trump’s anti-censorship directive or exceed CISA’s authorities.

It is unclear if White House officials or DHS secretary Kristi Noem directly ordered Bean to launch the election security investigation or if she independently determined that Trump’s executive order necessitated it. The January 20 directive does instruct the attorney general to work with other agency leaders to investigate Biden-administration activities that are “inconsistent” with Trump’s vow to end online censorship, but it makes no mention of activities prior to Biden’s term, including CISA’s 2020 election work.