By STEVE KARNOWSKI and JULIE CARR SMYTH
MINNEAPOLIS (AP) — Since it was created in 2018, the federal government’s cybersecurity agency has helped warn state and local election officials about potential threats from foreign governments, showed officials how to protect polling places from attacks and gamed out how to respond to the unexpected, such as an Election Day bomb threat or sudden disinformation campaign.
The agency was largely absent from that space for elections this month in several states, a potential preview for the 2026 midterms. Shifting priorities of the Trump administration, staffing reductions and budget cuts have many election officials concerned about how engaged the Cybersecurity and Infrastructure Security Agency will be next year, when control of Congress will be at stake in those elections.
Some officials say they have begun scrambling to fill the anticipated gaps.
“We do not have a sense of whether we can rely on CISA for these services as we approach a big election year in 2026,” said Minnesota Secretary of State Steve Simon, a Democrat who until recently led the bipartisan National Association of Secretaries of State.
The association’s leaders sent a letter to Homeland Security Secretary Kristi Noem in February asking her to preserve the cybersecurity agency’s core election functions. Noem, whose department oversees the agency, replied the following month that it was reviewing its “funding, products, services, and positions” related to election security and that its services would remain available to election officials.
Simon said secretaries of state are still waiting to hear about the agency’s plans.
“I regret to say that months later, the letter remains very timely and relevant,” he said.
An agency in transition
CISA, as the agency is known, was formed under the first Trump administration to help safeguard the nation’s critical infrastructure, from dams and power plants to election systems. It has been undergoing a major transformation since President Donald Trump’s second term began in January.
Public records suggest that roughly 1,000 CISA employees have lost their jobs over the past years. The Republican administration in March cut $10 million from two cybersecurity initiatives, including one dedicated to helping state and local election officials.
That was a few weeks after CISA announced it was conducting a review of its election-related work, and more than a dozen staffers who have worked on elections were placed on administrative leave. The FBI also disbanded a task force on foreign influence operations, including those that target U.S. elections.
CISA is still without an official director. Trump’s nomination of Sean Plankey, a cybersecurity expert in the first Trump administration, has stalled in the Senate.
CISA officials did not answer questions seeking specifics about the agency’s role in the recently completed elections, its plans for the 2026 election cycle or staffing levels. They said the agency remains ready to help protect election infrastructure.
“Under the leadership of President Trump and Secretary Noem, CISA is laser-focused on securing America’s critical infrastructure and strengthening cyber resilience across the government and industry,” said Marci McCarthy, CISA’s director of public affairs.
She said CISA would announce its future organizational plans “at the appropriate time.”
Christine Serrano Glassner, CISA’s chief external affairs officer, said the agency’s experts are ready to provide election guidance if asked.
“In the event of disruptions or threats to critical infrastructure, whether Election Day-related or not, CISA swiftly coordinates with the Office of Emergency Management and the appropriate federal, state and local authorities,” she said in a statement.
States left on their own
California’s top election security agencies said CISA has played a “critical role” since 2018 but provided little, if any, help for the state’s Nov. 4 special election, when voters approved a redrawn congressional redistricting map.
“Over the past year, CISA’s capacity to support elections has been significantly diminished,” the California secretary of state’s office said in a statement to The Associated Press. “The agency has experienced major reductions in staffing, funding, and mission focus — including the elimination of personnel dedicated specifically to election security and foreign influence mitigation.”
“This shift has left election officials nationwide without the critical federal partnership they have relied on for several election cycles,” according to the office.
CISA alerted California officials in September that it would no longer participate in a task force that brought together federal, state and local agencies to support county election offices. California election officials and the governor’s Office of Emergency Services did what they could to fill the gaps and plan for various security scenarios.
In Orange County, California, the registrar of voters, Bob Page, said in an email that the state offices and other county departments “stepped up” to support his office “to fill the void left by CISA’s absence.”
Neighboring Los Angeles County had a different experience. The registrar’s office, which oversees elections, said it continues to get a range of cybersecurity services from CISA, including threat intelligence, network monitoring and security testing of its equipment, although local jurisdictions now have to cover the costs of some services that had been federally funded.
Some other states that held elections this month also said they did not have coordination with CISA.
Mississippi’s secretary of state, who heads the national association that sent the letter to Noem, did not directly respond to a request for comment, but his office confirmed that CISA was not involved in the state’s recent elections.
In Pennsylvania, which held a nationally watched retention election for three state Supreme Court justices, the Department of State said it is also relied more on its own partners to ensure the elections were secure.
In an email, the department said it was “relying much less on CISA than it had in recent years.” Instead, it has begun collaborating with the state police, the state’s own homeland security department, local cybersecurity experts and other agencies.
Looking for alternatives
Simon, the former head of the secretary of state’s association, said state and local election officials need answers about CISA’s plans because officials will have to seek alternatives if the services it had been providing will not be available next year.
In some cases, such as classified intelligence briefings, there are no alternatives to the federal government, he said. But there might be ways to get other services, such as testing of election equipment to see if it can be penetrated from outside.
In past election years, CISA also would conduct tabletop exercises with local agencies and election offices to game out various scenarios that might affecting voting or ballot counting, and how they would react. Simon said that is something CISA was very good at.
“We are starting to assume that some of those services are not going to be available to us, and we are looking elsewhere to fill that void,” Simon said.
Smyth reported from Columbus, Ohio.