Consider the following:
SCWORLD.com: In the wake of DOGE cuts on cyber, why the healthcare industry must step up
“While the headlines understandably focus on the cuts — between 10,000 to 20,000 jobs under Secretary Robert F. Kennedy, Jr.’s federal restructuring initiatives, including 3,500 at the FDA and more than 2,400 at the CDC — it’s shortsighted to view these changes solely through the lens of lost headcount. Instead, this moment offers a broader opportunity to reconsider how we govern, support, and enforce cybersecurity standards across the healthcare industry—and, more importantly, who’s responsible.”
“Nearly half of states have recently created efficiency groups, had legislation proposed to make one, or were already well into the midst of their own efficiency analysis when President Donald Trump took office, and the federal reform group, Department of Government Efficiency (DOGE), started its work.
"Through deep analysis, Government Technology found at least 16 instances of states who have created their own work groups or initiatives in 2025 inspired by federal action. However, those groups only tell part of the story of statewide government efficiency work, as similar efforts in a few states were actively underway well before Trump returned to office.”
Wall Street Journal: Deloitte to Lay Off U.S. Consultants After Government Cost Crackdown
“Deloitte is cutting U.S. workers in its consulting business after the federal government demanded it find ways to shrink the cost of government projects it is working on.”
“The federal government announced plans to axe 216,215 jobs, accounting for nearly 80% of the 275,240 layoffs announcements made by US employers in March, according to Challenger Gray & Christmas’ latest report. It’s the third-highest monthly total behind April 2020 (671,129) and May 2020 (397,016).”
HOW MIGHT CUTS HELP OR HURT GOVERNMENT CYBER DEFENSES?
Back in February I published two blogs that looked deeper at the issue of DOGE and cybersecurity, as well as my experience of budget and staffing cuts in government more than a decade ago when I was Michigan CISO. Here are those two pieces:
Cybersecurity Needs to Stay Nonpartisan in the Age of DOGE
“I certainly hope that recent events with DOGE won’t change this historical cybersecurity nonpartisan agreement, and that we can even continue bipartisan support for cyber in lasting ways across all levels of government.
“There is still time to course correct if cybersecurity and technology pros remember the importance of 'need to know' principles and who authorizes access in your government situation or business — regardless of who wins elections or who is appointed CEO.”
Despite Disruptions, Hope for Federal Employees Who Stay
“All of the Michigan stories above are intended to set the stage for what comes below. Here are just a few of the tips, best practices and hopefully renewed hope for all of the federal government employees, contractors and other partners who are facing a difficult season in 2025. These are my heartfelt beliefs that helped me through the fiscal storms and cuts. ”
In addition, I moderated a great discussion this past week for the BrightTALK show CISO Insights called "The DOGE-effect on Cyber: What's happened and what's next?" You can access this webinar for free (with registration).
GLOBAL TARIFFS AND CYBERSECURITY
Meanwhile, the financial world of stocks, bonds and more were up and down in historic ways this past week after President Trump’s announcements regarding tariffs. On Thursday, April 10, 2025, tariffs on China were reported to be 145 percent.
But how do these global tariffs impact cybersecurity? Here are just a few of the media stories that I was following:
CSO Magazine: How Trump’s tariffs are shaking up the cybersecurity sector
“'What’s happening is that people are looking at cybersecurity through the lens of these huge market falls,' David Brumley, CEO of ForAllSecure, tells CSO. 'They’re cutting their cybersecurity staff. I was in a meeting with one of our major customers earlier this year, and they said, "We’re going to be asked to cut 15% of our budget if our stock falls 15%." And now that is happening.'
"For Brumley, the tariffs deliver an ironic blow, given how loudly the Trump administration has proclaimed that Chinese cyber threat actors are in its crosshairs. 'On the one hand, everyone is saying we’re going to go to war with China. I think Trump was public about that, so that was refreshing, right? On the other hand, critical companies are all going to cut their cybersecurity budgets.'
"The tariffs could further erode cybersecurity budgets by increasing the prices of necessary technology equipment, such as servers and other digital hardware, that organizations purchase from outside the US."
CyberNews: Is your tech budget ready for 145% China tariff? Cyber pros warn about consequences
"A 145% surcharge on goods from China will further stress IT budgets, which were already expected to increase. Everything from a simple home WiFi router to enterprise firewalls, network equipment, and even cloud services will be affected.
"In 2019, restrictions on a single company, Huawei, disrupted the deployment of 5G infrastructure and forced companies to look for alternative vendors. This extended timelines by up to 12 months and drove up costs.
"Security experts warn that a 145% tariff on goods from China will have far-reaching consequences for hardware prices, product availability, various IT services, and vendors.
"Retailers are already hiking prices, and the alternatives will be dire as most supply chains pass through China. Most cybersecurity-related products — servers, network appliances, firewalls, intrusion detection systems, and even endpoints — are made in China or use Chinese-made components."
Dark Reading: Tariffs May Prompt Increase in Global Cyberattacks
“Overall, the digital threat landscape is likely to become more dangerous as companies make tough economic choices, says Matt Pearl, director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS).
"'An economic downturn will reduce the resources that US businesses and multinational companies have to spend on cybersecurity,' he says. 'Additionally, there is a belief in some — though certainly not all — companies that there is a low return on investment on cybersecurity because they have invested resources in the past and still suffered significant cyberattacks.'"
Mondaq: Tariffs: A Hidden Threat To Corporate And Supply Chain Security
"Tariffs, sanctions, and other rapid government changes can cause catastrophic impacts to businesses and government agencies if we don't pay attention. Some very often missed but extremely important topics ...
"You may ask: 'What do security breaches have to do with tariffs?' The answer is 'a lot more than you may think.'
"Tariffs, sanctions, and other rapid government changes can cause catastrophic impacts to businesses and government agencies if we don't pay attention. Some very often missed but extremely important topics are how a tariff or other governmental actions can impact the supply chain of companies, increase attacks on critical infrastructure (e.g., hospitals, power grid, transportation network), and significantly increase exposure to a cyberattack or breach.
"The nation-state sponsored attack on the Viasat KA-SAT satellite during the Russian-Ukraine War is a recent instance of this, which resulted in a rapid shift of technology overnight. The satellite technology, utilized by the Ukrainian military for communication, was targeted to disrupt their network. The attack successfully achieved its goal, causing significant chaos."
The Register (U.K.): Infosec experts fear China could retaliate against tariffs with a Typhoon attack
“Tariff-related fraud tends to fall into three buckets, he noted. The first is a new spin on the DHL phishing scam, where the recipient receives an email or text message claiming to be from DHL or another shipping company like FedEx or UPS. The message says the individual has a package waiting for pickup. 'But to release it, you have to pay the tariff,' Lenguito explained.
"The scam then directs the recipient to a phony website and prompts them to enter their personal and payment information, which is then recorded by the crooks to use for fraud.
"'This has always existed, especially abroad, but we've seen an extreme peak here in the US,' Lenguito said. 'Normally you would have maybe a few hundred of these every week. Now you're looking at tens of thousands.'"
FINAL THOUGHTS
In all my years working in government cybersecurity, I cannot remember a time with so many significant factors impacting our cyber defenses at one time on a global scale. From the war in Ukraine to DOGE staffing and budget cuts (for better and worse) to state government budget efficiency efforts to AI-generated cyber attacks to our new tariffs on China, the cyber threat environment has never been more complex.
These international challenges are daunting to say the least, and our domestic situation in the U.S. continues to evolve dramatically.
My one bit of advice at this moment is to ensure that you stay connected, informed and engaged with our cyber community, and particularly connected to your industry information sharing and analysis center (ISAC).
State and local governments should be coordinating with the MS-ISAC. Also, the National Association of State CIOs is more vital than ever.
For others, you can find your particular industry ISAC at this National Council of ISACs website.
