top of page
Search

Trump’s Budget Cuts: Is America Ready for the Next Wave of Supply Chain Cyberattacks?

Divij Bhaw

Image sourced from Focal Foto via Flickr.


With President Trump’s politicised budget cuts aimed at domestic cyber security agencies and the rise of AI-enabled cyberattacks, the United States (U.S.) faces a critical moment in its approach to cyber defence. As the global cost of cybercrime is projected to rise to USD 18 trillion by 2030, the U.S. is no longer prepared to withstand the next wave of state-sponsored cyberattacks.


Rescinding Policies and Restructuring Cyber Security Agencies

Following Trump’s return to the White House, several executive orders aimed at securing cyber security and AI safety set out by the Biden administration were rescinded. Furthermore, Trump has disbanded the Department of Homeland Security’s Cyber Safety Review Board (CSRB) and made cuts to the Bureau of Cyberspace and Digital Policy (CDP), while committing to reducing the size and scope of the Cybersecurity and Infrastructure Security Agency (CISA).Trump’s cost-cutting measures have been justified as part of broader efforts to streamline government operations. However, these decisions have drawn strong criticism from national security experts, who argue that such actions have significantly weakened the nation’s ability to respond to hostile cyber operations, especially following Defense Secretary Pete Hegseth's announcement to halt U.S. Cyber Command's offensive operations against Russia.


Cyber security has historically enjoyed bipartisan support, with members agreeing on its importance to national security. Nonetheless, critics argue that Trump’s crackdown on cyber security agencies stems from his grievance over the perceived politicisation of misinformation management by CISA. The Trump administration has claimed that CISA’s efforts to combat misinformation disproportionately affected conservative voices during the 2020 U.S. presidential election and the COVID-19 pandemic. In response, CISA has placed several employees on administrative leave, specifically targeting members of its misinformation subcommittee. 


The crackdown mirrors Trump’s firing of former CISA director Christopher Krebs, who refuted voter fraud claims and vouched for the integrity of the 2020 election. The politicisation and defunding of key cyber security agencies have significantly hindered efforts to investigate foreign interference. As a consequence, the CSRB has been forced to halt its inquiry into major security incidents, including the Salt Typhoon attack by Chinese state-sponsored hackers, who were responsible for breaching at least nine telecommunications networks.


Challenges in Securing Open-Source Software Amid Policy Shifts

The uncertainty surrounding the transitional period has impeded CISA's role in securing open-source software (OSS) in operational technology. OSS is the backbone of the digital economy, with 95 per cent of enterprises using open-source projects in some capacity. OSS supports critical technology and is essential for intelligence systems, military communications, logistics, critical infrastructure, and advancements in AI and machine learning. As large users of OSS, governments bear some responsibility for supporting the OSS ecosystem.


For example, the recent XZ backdoor incident serves as a wake-up call for regulators to reassess and strengthen security practices surrounding OSS. The backdoor nearly became one of the most significant intrusion enablers, potentially providing attackers with immediate access to millions of critical computer systems around the world. Such exploits are difficult to detect, and with the growing reliance on OSS, organisations are exposed to sophisticated attacks more than ever before. Navigating the OSS ecosystem poses a significant challenge for regulators, as vulnerabilities are often hidden beneath layers of dependencies. Moreover, attributing the origin and tradecraft of hackers is challenging, as skilled nation-state groups often mask their digital trails. 


AI, Open-Source Security, and the Growing Cyber Threat Landscape

With industry embracing AI and open-source large language models (LLMs) in their operations, the role of cyber security regulatory bodies has become more important than ever before. The shock release of DeepSeek as China’s low-cost, open-source alternative to Western LLMs raises concerns about the future of AI supply chains. While businesses may be drawn to DeepSeek's cost efficiency, reliance on foreign AI providers carries long-term risks. Geopolitical tensions could lead to access restrictions, exposure to new attack vectors, compliance challenges, and potential state-sponsored influence


It remains unclear which cyber policies from the Biden Administration Trump will retain or discard going forward. Fluctuating government responses to LLM ecosystems and open-source regulatory requirements have created an opportunity for state actors to exploit the absence of enforcement mechanisms. Cyber policies protecting critical infrastructure, which have bipartisan support, are likely to endure. Yet the escalating risk surrounding software supply chain ecosystems, for example, underscores the urgent need for reforms in OSS security practices. 


Strengthening Open-Source Security Through Collaboration

Collaboration between government and industry to reinforce open-source security is paramount. However, the politicisation of cyber security agencies creates vulnerabilities at a critical time. The U.S. risks falling behind in an evolving AI and cyber security arms race, leaving critical infrastructure vulnerable to sophisticated attacks. Stronger regulatory enforcement is needed, as weakening oversight of misinformation, AI, and software supply chains risks undermining the U.S.’s security posture. Supporting organisations such as the Open Source Security Foundation (OpenSSF), bug bounty programs, auditing OSS ecosystems, and mandating dependency mapping for software vendors are essential steps in securing against software supply chain attacks. To safeguard national security, bipartisan support must be restored, and regulatory consistency for AI and OSS must be prioritised to maintain a resilient cyber security landscape.



Divij Bhaw is a DFIR analyst who specialises in investigating complex cybersecurity threats and has experience in both the private and public sectors. Currently undertaking a Bachelor of Arts at the University of Western Australia, majoring in Politics and International Relations, his academic background complements his technical expertise, providing valuable insights into the geopolitics of cyberspace. Together, his proactive approach to policy making fuels his commitment to advancing national and international security initiatives.

 
 
 
  • Instagram
  • Facebook
  • Twitter
  • LinkedIn
acnc-registered-charity-logo_rgb.png

Young Australians in International Affairs is a registered charity with the Australian Charities and Not-for-Profits Commission.

YAIA would like to acknowledge Aboriginal and Torres Strait Islander peoples as Australia’s First People and Traditional Custodians.​

 

We value their cultures, identities, and continuing connection to country, waters, kin and community.

 

We pay our respects to Elders, both past and present, and are committed to supporting the next generation of young Aboriginal and Torres Strait Islander leaders.

© 2025 Young Australians in International Affairs Ltd

ABN 35 134 986 228
ACN 632 626 110

bottom of page