CNN
—
Misha Pride, then the mayor of South Portland, Maine, was greeting voters early on Election Day when police cars suddenly swarmed outside the city’s community center with lights flashing.
“Possible shooting,” the city manager texted Pride. Officers locked down the center.
Authorities quickly determined the call to police was a hoax, one of hundreds of threats and cyberattacks last November aimed at disrupting the presidential election – some pushed by partisan zealots, others perpetrated by foreign state actors including Russia and China. Voting at the community center was delayed by only ten minutes.
The attacks in Maine, and elsewhere across the US, had minimal impact because of strong preparation and quick work by an information-sharing and analysis network of hundreds of federal, state and local election, cybersecurity and law-enforcement officials.
But now key parts of this network, much of it built over the past eight years, are being systematically dismantled by the Trump administration and Elon Musk’s Department of Government Efficiency, a CNN investigation has found – leaving election offices across the country scrambling to protect against future threats.
In early February, Musk’s team laid off 130 staffers at the Cybersecurity and Infrastructure Security Agency, or CISA, including 10 regional security specialists who worked with local and state election officials. The Trump administration is also advancing plans to strip civil service protections from 80% of the remaining CISA workforce, potentially allowing them to be fired for political reasons. Attorney General Pam Bondi that month disbanded a key FBI task force charged with investigating foreign efforts to influence elections. She also left in the wind the fate of another FBI task force that investigated threats against election workers and polling places.
Homeland Security chief Kristi Noem, meanwhile, on March 6 canceled the funding for national information sharing efforts that helped state and local election officials detect and ward off coordinated hacking attacks and other threats.
Those moves come as Trump has appointed to key positions officials who embrace his false claims of widespread voting fraud, including Bondi, Noem and FBI Director Kash Patel, among others – and as Trump has cashiered the head of the National Security Agency and the US Cyber Command, Gen. Timothy Haugh, who was involved in countering Russian interference in past elections.
Trump officials argue that some of the election security agencies targeted for cuts were improperly hurting the president’s allies. During her confirmation hearing in January, Noem said that CISA has “gotten far off mission” in trying to combat foreign disinformation. She pledged to help “rein in” the agency, which critics say pushed social media companies to target conservative commentators. Bondi said disbanding the Foreign Influence Task Force was necessary to end the “risk of further weaponization … of prosecutorial discretion.”
But the administration’s actions have deeply alarmed state officials, who warn the next round of national elections will be seriously imperiled by the cuts. A bipartisan association representing 46 secretaries of state, and several individual top state election officials, have pressed the White House about how critical functions protecting election security will perform going forward. They have not received clear answers, according to documents shared with CNN.
Trump has justified his efforts to exert more control over America’s state and local election systems as a way of stopping illegal voting by noncitizens and other voter fraud, both of which experts say are rare.
Officials involved in administering elections say the moves already are making it harder, and less safe and secure, to vote in America.
“It’s absolutely hypocritical,” said Sen. Alex Padilla, a Democrat and former secretary of state of California, “for a president who has lied ad nauseam about rampant voter fraud to be undoing the very tools we rely on to protect the integrity and security of our elections.”
Much of the election security system now under siege by Trump was created during his first term in the wake of the 2016 election. After the US intelligence community determined that Russia and its proxies had engaged in hacks, disinformation campaigns and direct cyberattacks against voter-registration systems and election offices – largely seeking to help Trump – the outgoing Obama administration declared the elections system as critical infrastructure in January 2017.
That fall, Trump’s first FBI director, Christopher Wray, established the Foreign Influence Task Force “to identify and counteract … malign foreign influence operations,” including those aimed at US elections. Trump signed into law an act creating CISA in 2018, halfway through his first term, to help protect the country’s critical infrastructure against physical and cyber threats. From the start, that included election infrastructure.
But more recently, CISA has come under fire from Republicans over efforts to get social media companies to remove disinformation about Covid-19 and about elections. Project 2025, a blueprint created by the conservative Heritage Foundation and allies for a second Trump term, targeted CISA, the FBI and the Department of Justice as part of what it termed the “censorship industrial complex.” That blueprint argued that CISA should engage only in assessing the security of elections offices, and not in planning, incident-response management, or much of its other work.
It’s part of a “broader right-wing effort to dismantle the networks that existed to correct the record on the 2020 election and push back on false information on elections,” said Lawrence Norden, vice president of the Elections and Government Program at the non-profit Brennan Center.
In early February, CISA acting director Bridget Bean fired 130 employees and, in a memo first obtained by Wired, put all election-security and counter-disinformation work on hold pending an internal review. The agency hasn’t revealed the outcome of that review, which was completed March 6. A CISA spokesperson said the review “is not planned to be released publicly.”
While courts have since ordered CISA to reinstate the fired employees, some said as of April 8 that they remain on administrative leave.
“I was terminated February 20… technically I was reinstated yesterday [March 17], but I don’t have anything that guarantees I’m back,” Kyle Rahn, a manager in CISA’s infrastructure security division, told CNN. “I don’t have my ID to log into systems; I don’t have my IT equipment.”
Noem also ordered CISA in February and March to cancel more than $9 million in annual contracts with the Center for Internet Security, a non-profit group. Many of the cuts imposed by DHS targeted the Elections Infrastructure Information Sharing and Analysis Center, or EI-ISAC, which brought together more than 1,300 election and law enforcement officials around the country to help monitor and share information about threats to voting.
That center played a key role in alerting officials that the scores of emailed and phone threats they were seeing on Election Day – like the one in South Portland – were false. And it helped counter thousands of hacks, cyberattacks and other threats to that election. Maine Secretary of State Shenna Bellows, a Democrat, said that, nationwide, the EI-ISAC “saw a 158% increase in the number of cyberthreats reported by members from 2023 to 2024.” On Election Day alone, a domain-security service provided through the center blocked more than 138,000 attempted links to malicious domains, according to a Center for Internet Security assessment.
Election officials and CISA employees say the loss of that center raises alarm bells.
“The election integrity ISAC is gone,” Rahn said. “That just blows my mind. … Intentionally, unintentionally, they’re creating holes.”
Bellows added, “What made EI-ISAC special was that collaboration of election officials directly with each other all across the nation. We’ve lost information sharing among election officials nationwide.”
A CISA spokesperson told CNN that election officials “have access to the same CISA support as other critical infrastructure entities, including access to cyber and physical security services and incident response.” A spokesperson also said the EI-ISAC contract termination “did not preclude CIS from funding the EI-ISAC with other funds.”
In a letter last month to state and local partners, the Center for Internet Security said it would try to figure out “how best to support these critical services without federal funding.” But 28 states have adopted laws in recent years that bar election offices from accepting private donations and privately funded services – which could apply in this instance, officials said.
Meanwhile, Bondi in February disbanded the FBI’s Foreign Influence Task Force. Last year, it was among several agencies that warned that Russia, Iran and other countries were conducting operations meant “to undermine public confidence in the integrity of U.S. elections and stoke divisions among Americans.”
Bondi said the administration needed to “free resources to address more pressing priorities.”
The head of the FBI Elections Threats Task Force, John Keller, who also served as the acting head of the Justice Department’s Public Integrity Section, resigned last month after prosecutors were ordered to drop federal corruption charges against New York City Mayor Eric Adams. Bondi has thus far left the position unfilled and the fate of the task force unclear.
The Department of Justice did not respond to queries from CNN about the task force.
In the weeks since the sweeping cuts to CISA and other agencies, local and state election officials have scrambled for answers about how to guarantee election security without that federal help.
New Mexico Secretary of State Maggie Toulouse Oliver, a Democrat, told CNN, “There’s been so much work done … to shore those up and create a national network. Now we’re looking at it being completely dismantled. We feel like we’re having to combat these foreign threats and domestic threats as individual states. Without the assistance of the federal government, how do we make that happen?”
In a February 21 letter, the bipartisan National Association of Secretaries of State urged Noem not to toss out CISA’s core election services, noting that the election systems are officially considered critical infrastructure. They said that EI-ISAC and CISA have helped protect recent elections from “sophisticated cyber threat actors including nation-state and cybercriminal groups.”
A coalition of US senators, led by Padilla, also wrote to CISA leaders demanding explanations for terminating EI-ISAC, slashing the agency’s workforce, and related actions.
On February 10, Arizona Secretary of State Adrian Fontes wrote to Trump comparing the cuts at CISA to “kneecapping the Federal Aviation Administration while [it’s] managing thousands of active flights.” The next month, the Democratic official detailed in a letter to Noem how CISA and the federal government had helped probe threats to Arizona election officials and disrupt bomb threats and false voting fraud claims from Russian groups. He asked her to commit to leaving CISA’s election services intact.
Fontes said an official at the White House called him in response, but didn’t offer any clear answers. The White House executive office didn’t respond to CNN requests for comment.
“The biggest issue I have right now is the abject lack of communication from the administration. If they’re just going to wholly eviscerate these services, that’s highly problematic,” the Democratic secretary of state told CNN. “The very existence of these task forces and agencies is, in itself, a deterrent. If they’re gone, we’re going to have a lot more problems.”
Noem wrote to the secretaries of state on March 7, saying that election officials could continue to receive “cyber and physical security assessments, incident response planning resources, and tabletop exercises” through a body knows as the Multi-State Information Sharing and Analysis Center. That center, also operated by the Center for Internet Security, offers general cybersecurity services to state and local governments.
But Homeland Security is evaluating possible further cuts by the end of this fiscal year, September 30 – including to networked sensors that detect attempted intrusions and cyberattacks, and quickly share that information with election offices around the country.
“The information sharing is supremely important,” Padilla told CNN. “As a former California secretary of state, I saw how valuable it was … in protecting the integrity and security of our elections,” especially, he added for smaller counties and localities that have tiny staffs and few resources.
Padilla and a coalition of 31 senators also wrote to Bondi on March 17 asking her to explain her plans for the FBI’s Election Threats Task Force and urging her not to shutter it.
Bondi has yet to comment on the future of that task force or to appoint a successor to Keller. “You won’t hear anything more about it,” a person close to that task force, who spoke on the condition of anonymity out of fear of retaliation, told CNN. “It will just quietly go away.”
Padilla’s office said March 31 that he was still waiting for a response from Bondi about the fate of the task force.
“They’re undoing resources at the FBI that protect election workers and officials from threats of violence,” the California Democrat told CNN. “It’s the wrong thing to do.”
The cuts hitting the national election security apparatus come as Trump has sought to exert more control over elections.
On March 25, the president issued a sweeping executive order that he said was meant to protect the integrity of elections. But the order largely reflected Trump’s debunked claims that large numbers of noncitizens vote illegally and that voting by mail is riddled with fraud.
Trump ordered states to give DOGE access to voter rolls. His order also tries to force states to require federally approved IDs to register to vote – a move that critics say would make it harder for millions of people who don’t have such IDs. And Trump told Bondi to take “enforcement action” against the roughly 20 states that accept mailed ballots that arrive after Election Day.
On April 1, a coalition of voting-rights groups filed suit in US District Court in Washington, DC challenging the constitutionality of Trump’s executive order. The suit argues that the order would take powers reserved to the states and to Congress, and that it would disenfranchise millions of eligible voters. At least three other lawsuits have been filed challenging the order, including one filed April 3 in US District Court in Boston by 19 Democratic state attorneys general.
Meanwhile, some state election officials are discussing how to protect elections on their own – for example, by replacing, at least in part, the information sharing about threats and cyberattacks that was central to EI-ISAC.
In Arizona, Fontes has led an effort to set up a lab to identify artificial intelligence-related election threats and has proposed an alternative non-profit information-sharing center to replace the shuttered EI-ISAC. Fontes’ office said he has been in touch with his counterparts in other states, along with other potential partners, to try to secure funding for the effort – a prospect that could be a challenge in Republican-controlled state legislatures, like Arizona’s.
Even if a state-level network emerges, it’s not clear whether it would be granted the same level of collaboration from federal law enforcement and intelligence agencies under Trump. One reason that matters: There’s little question that “Russia, Iran and China will continue to attempt to interfere in the next election,” said Gowri Ramachandran, a director for elections and security at the Brennan Center for Justice, and co-chair of Fontes’ advisory committee on AI and election security.
CISA was “privy to information from so many sources,” said Kim Wyman, CISA’s former elections security lead. “They had this bird’s-eye view of the national security elections subsector in a way that didn’t exist before. They could take this information and analyze it in ways to make it accessible to state and local election offices.”
Many election officials told CNN they have broader concerns about the fate of elections going forward – and about the likelihood that further cuts to security programs may be in the offing. A person familiar with the situation at CISA said as many as 1,300 additional positions are expected to be cut this month.
“I’m worried that there are folks in the state and federal government who want to completely dismantle the election security infrastructure,” said Fontes.
Zachary Cohen and Sean Lyngaas contributed to this report.
