America Exposed

Executive Summary

For decades, presidents and Congress treated cybersecurity as a bipartisan imperative. Republican and Democratic administrations alike recognized that defending America’s digital infrastructure is as essential as safeguarding our borders and maintaining our military strength. Programs such as the Cybersecurity and Infrastructure Security Agency (CISA), the FBI’s Foreign Influence Task Force, and the State Department’s counter-disinformation offices were created on this consensus and became cornerstones of America’s resilience against hostile state and non-state actors.

That consensus has now been broken. What began as fringe rhetoric about “censorship” and a “deep state” has hardened into formal directives and budget cuts that hollow out the very institutions designed to protect our infrastructure, elections, and democratic integrity. The second Trump administration has pursued a series of rollbacks at precisely the moment when Russia, China, Iran, and other adversaries are intensifying their attacks. The dismantling of the FBI’s Foreign Influence Task Force, deep staffing cuts at CISA, the suspension of offensive cyber operations against Russia, and the weakening of foreign influence enforcement are not routine adjustments — they are deliberate retreats from carefully constructed bipartisan tools of defense and deterrence.

The consequences of these cuts are already visible. U.S. critical infrastructure is more vulnerable; pipelines, hospitals, and election systems are being targeted; and adversaries are exploiting the very gaps created by these decisions. By undercutting the institutions that protect Americans from attack — whether through direct network intrusions or information operations designed to destabilize public trust — the administration has created a strategic imbalance, leaving the United States weaker, more exposed, and increasingly reactive rather than prepared. Adversaries have taken note and are escalating accordingly, with Russian military hackers, Chinese state-backed groups, and Iranian propagandists already exploiting the vacuum.

If this trajectory continues, the risks will compound dramatically. Within a single election cycle, Americans could face widespread disruptions to power grids, fuel supplies, emergency communications, and hospital systems. AI-enabled propaganda could overwhelm voters with fabricated stories, erode confidence in election results, and drive domestic unrest. Foreign adversaries could deter U.S. military responses abroad by threatening mass disruption at home. In short, the hollowing out of America’s cyberdefenses does not just invite more attacks — it virtually guarantees that our adversaries will succeed in striking at the very foundations of American security, prosperity, and democratic stability.

Congress must act decisively to repair this damage. Lawmakers across the political spectrum should restore bipartisan guardrails by reauthorizing and strengthening CISA’s authorities, ensuring oversight of U.S. cyber capabilities, reaffirming the threat posed by foreign malign influence operations, and safeguarding the independence of U.S. intelligence reporting. These steps are not partisan. They are the minimum required to protect America’s security, economy, and sovereignty in an era of intensifying digital conflict.

Key Takeaways:

1. Systematic Dismantling of U.S. Cyberdefenses: Since 2025, the Trump administration has rolled back the core institutions and programs that underpinned national cyber resilience. Weakening CISA, shuttering influence-focused offices, and removing top leadership at NSA and U.S. Cyber Command have collectively hollowed out capacity, disrupted continuity, and eroded deterrence.
2. Critical Infrastructure Under Siege: U.S. pipelines, hospitals, courts, and airlines are experiencing escalating cyberattacks, from Chinese “pre-positioning” campaigns to disruptive ransomware incidents. At the same time, the federal scaffolding that once provided threat intelligence and rapid coordination is collapsing, leaving local operators to “fight nation-state actors on municipal budgets.”
3. Adversaries Pressing the Advantage: Iran, Russia, and China are already exploiting U.S. retrenchment to expand disruptive and influence cyber operations. Iranian retaliation, Russian logistics targeting, and Chinese cognitive warfare are converging with the spread of generative AI, which is accelerating the speed, scale, and sophistication of attacks.
4. Breakdown of Oversight and Consensus: For decades, national security drew bipartisan unity, from Cold War containment to post-9/11 reforms. That tradition is now eroding as cyberdefense becomes politicized, and too few in Congress are willing to challenge the shift. The absence of robust, bipartisan oversight leaves the nation more vulnerable and undermines the shared foundation that once anchored U.S. resilience.

Key Recommendations for Congress:

1. Reauthorize and strengthen core cyber authorities, backed by full funding: Congress should move quickly to renew foundational statutes such as the Cybersecurity Information Sharing Act of 2015 and ensure that they are reinforced with explicit, sustained appropriations. Protecting and expanding these authorities — alongside robust funding for CISA, the FBI, the State Department, and sector agencies — is essential to maintaining national cyber resilience.
2. Enforce execution of appropriated funds and prevent executive overreach: Congress must ensure that funds it allocates for cybersecurity are actually spent as intended, not delayed, repurposed, or quietly rescinded by the executive branch.
3. Conduct targeted oversight after major cyber failures: When cyber incidents expose leadership negligence or political interference, Congress should respond with hearings, inspector general reviews, and bipartisan investigations.
4. Reaffirm the reality and severity of foreign malign influence operations: Congress must treat disinformation and cognitive warfare from China, Russia, and Iran as serious national security threats, not partisan talking points. By publicly acknowledging the scale of the problem and ensuring that agencies tasked with countering these operations have the mandate and resources to act, lawmakers can blunt adversaries’ efforts to fracture American society.
5. Protect the independence and integrity of cyber threat intelligence: Congress should guarantee that cyber threat intelligence reaches decision-makers and allies unfiltered by political manipulation. Safeguards must prevent the politicization of analytic judgments, insulate intelligence professionals from retaliation, and establish protected reporting channels that preserve accuracy, credibility, and trust across government and with international partners.

Read the full report.