The newest Senior Advisor at CISA joins the team at the same time that DOGE is facing scrutiny for possibly endangering federal cybersecurity.
Trump’s first month in his second term dominated headlines for the wave of executive orders, actions on immigration, new foreign policies, and Cabinet appointees. These appointees have also generated a lot of press around their Senate confirmations. As these larger proceedings continue, smaller changes in government agencies may fly under the radar, like the Cyber Safety Review Board (CSRB) being dismantled in the first week of Trump’s presidency. About a week after the new Secretary of the Department of Homeland Security (DHS), Kristi Noem, was confirmed, a new senior advisor was appointed for the Cybersecurity and Infrastructure Security Agency (CISA), a smaller department under the DHS.
On February 2, 2025, Karen Evans shared that she is now a senior advisor for cybersecurity at CISA through a LinkedIn post. According to some sources, she may become the executive assistant director at the agency or transition to a top position elsewhere in DHS. Evans served as the Administrator of the Office of Electronic Government and Information Technology (IT) under the George W. Bush administration, overseeing over $70 billion in annual funding for IT. Evans also worked as the Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response at the Department of Energy (DOE) from 2018 to 2020, mitigating cybersecurity risk in critical energy infrastructure. Her most recent stint in government work was as the Chief Information Officer (CIO) for the DHS from June 2020 to January 2021. Even after this long period of federal service, Evans helped lead a study on “The Federal Government’s Role in Building a Cybersecurity Workforce for the Nation” through the National Academy of Public Administration.
Evans has worked in government cybersecurity for over 20 years, and her position at CISA will likely be informed by her years of experience. This may help jumpstart the agenda of former Hawaii Representative Tulsi Gabbard, who is likely to be the next Director of National Intelligence. In the past, Gabbard has supported fortifying federal cybersecurity and shared concerns about the rapid development of artificial intelligence, so a veteran cyber official like Evans may be a good point of collaboration, with Gabbard not having as much cybersecurity experience in her career.
Gabbard’s past calls for stronger federal cybersecurity are in stark contrast to the current cybersecurity concerns with the actions of the Department of Government Efficiency (DOGE), led by Elon Musk. Musk’s team reportedly accessed the Office of Personnel Management (OPM) network, the Department of Treasury’s payment system, and the U.S. Agency for International Development (USAID) systems. DOGE is legally considered an external advisory board, meaning the group may not be working with the previously established controls and rules for accessing federal government networks.
In an interview with Recorded Future News, Jason Kikta, a former U.S. Cyber Command official, said DOGE’s access to these federal networks “has the potential to be the largest breach [of government systems] ever by orders of magnitude and could have consequences for decades,” as DOGE is acting in “an unauthorized way, on unauthorized systems, with unauthorized personnel and unknown spread.” Kikta explained that DOGE could unknowingly create a massive attack surface, a serious threat in the context of China’s latest intrusion efforts, which have already proven to be wide-reaching. A previous attack on the OPM (also orchestrated by China) jeopardized national security in 2015.
Kikta is not the only person to sound the alarm about the risks that come with DOGE’s access requests. The Treasury Department was sued for providing Musk and some members of DOGE with “full access to the Bureau’s data and the computer systems that house them.” The lawsuit said the shared access meant that “retirees, taxpayers, federal employees, companies, and other individuals from all walks of life have no assurance that their information will receive the protection that federal law affords.” On February 6, 2025, the Treasury agreed to put an interim ban on DOGE’s access, which DOGE claims only reached two associates.
Even amid a call for federal resignations, the new CISA appointment and the limits on access to important data prove that federal cybersecurity will be a battleground in the next few months, if not for the next few years.