Following the RIBridges cyberbreach, downsizing the Cybersecurity and Infrastructure Security Agency would significantly undermine protections against cyberattacks
WASHINGTON, DC – In an effort to protect the Cybersecurity and Infrastructure Security Agency (CISA) from the Trump Administration’s proposal to cut and eliminate federal agencies, U.S. Senators Jack Reed and Sheldon Whitehouse and Congressmen Seth Magaziner and Gabe Amo sent a letter to Secretary Kristi Noem urging her to not take any action to reduce the size and scope of the agency. CISA played a critical role in supporting Rhode Island through the RIBridges cyberattack last December.
“Last year, Rhode Island experienced firsthand the vital assistance CISA provides to states before, during, and after a cyberattack,” said the lawmakers. “Those efforts helped the State take action to contain the damage from the cyberattack, and they demonstrate how the partnership between Rhode Island and CISA is critical to protecting our infrastructure, businesses, and citizens.”
“Because CISA plays such a vital role in defending against and responding to cyberattacks, we are concerned by your plan to shrink the size and scope of the agency,” continued the lawmakers. “Rather than downsizing the agency, we hope you will support CISA’s continued work across the country.”
BACKGROUND
In Secretary Noem’s confirmation hearing before the Senate Committee on Homeland Security and Governmental Affairs on January 17. 2025, she stated that CISA has “gotten far off mission” and that she plans to shrink the size and scope of the federal agency.
On December 10, 2024, the state of Rhode Island received confirmation that there had been a cyberattack on RIBridges (formerly known as UHIP), by the international ransomware group known as Brain Cipher. RIBridges was developed by consulting firm Deloitte under a state contract. The cyberattack put the personal data (including names, addresses, Social Security numbers, and bank information) of approximately 650,000 people at risk. The attack shut the RIBridges system down for over a month — creating challenges for Rhode Islanders seeking to apply for benefits.
During the cyberattack, CISA was instrumental in helping the State of Rhode Island determine the scope of the attack, provide support, monitor the breach, and facilitate public education on identity and data protection.
FULL TEXT OF THE LETTER:
The Honorable Kristi Noem
Secretary
Department of Homeland Security
Washington, D.C. 20528
Dear Secretary Noem:
We write to urge you to reconsider your views about the Cybersecurity and Infrastructure Security Agency (CISA). During your confirmation hearing, you stated that CISA has “gotten far off mission” and that you plan to shrink the size and scope of the agency. Downsizing CISA could significantly undermine the essential work it does to protect against cyberattacks and support states like Rhode Island. Indeed, CISA played a critical role in supporting the State of Rhode Island through a significant cyberbreach last December.
According to the Government Accountability Office, the frequency and cost of cyberattacks against critical infrastructure is increasing. From 2017 to 2022, the number of cyberattack incidents reported in the United States rose over 70 percent, and costs ballooned from $19.4 billion in 2017 to $220.1 billion in 2022. Cyberattacks can impact anyone, from federal, state, and local governments, to private companies and individuals. CISA works with government and industry partners at all levels to prevent and respond to cyberattacks. CISA also manages Secure Our World, an essential resource to help individuals and businesses stay safe online.
Last year, Rhode Island experienced firsthand the vital assistance CISA provides to states before, during, and after a cyberattack. On December 10, 2024, Rhode Island received confirmation that the international cybercriminal group Brain Cypher hacked the RIBridges data system. RIBridges manages the state’s social services programs, including state health coverage, Medicaid, food assistance, and childcare. This cyberattack forced Rhode Island to shut down the RIBridges system for over a month, making it difficult for residents to apply for benefits. It also put the personal data of over 650,000 Rhode Islanders at risk as personal information, including social security numbers and bank information, were posted onto the dark web.
During the cyberattack, CISA shared threat actor information on Brain Cypher to help our State enhance its threat monitoring and determine if any other platforms had been compromised. CISA continued to provide assistance and support to Rhode Island throughout the attack. The CISA Cybersecurity Advisor for Rhode Island has helped educate Rhode Islanders on the importance of identity protection services and data protection best practices.
Even before the RIBridges cyberattack, CISA was hard at work in Rhode Island, conducting cybersecurity assessments for our State’s election infrastructure, educating municipalities and schools on state and local cybersecurity programs, and conducting cybersecurity risk and resilience assessments for organizations across the state. Those efforts helped the State take action to contain the damage from the cyberattack, and they demonstrate how the partnership between Rhode Island and CISA is critical to protecting our infrastructure, businesses, and citizens.
Because CISA plays such a vital role in defending against and responding to cyberattacks, we are concerned by your plan to shrink the size and scope of the agency. Rather than downsizing the agency, we hope you will support CISA’s continued work across the country. With this in mind, we request answers to the following questions:
- What is your plan to change the size and scope of CISA’s mission? What resources and staff, if any, do you plan to change or eliminate?
- How will your planned changes to CISA impact the services it provides to states like Rhode Island?
- If you propose reductions in CISA, how will you continue to help state and local governments, businesses, and citizens protect themselves from cyberattacks?
Thank you for your attention to this request and we ask that you provide responses to these questions no later than March 7, 2025.
