How Project 2025 Would Put US Elections at Risk

Of all the [Cybersecurity and Infrastructure Security Agency] proposals in Project 2025’s plan, the most ambitious one is highly unlikely to succeed: moving the agency into the Department of Transportation as part of a broader initiative to dismantle DHS.

The recommendation reflects conservatives’ desire to shrink the overall size of government, but it may also suggest a belief that moving CISA would curtail its scope and make it “a little more manageable,” says Brandon Pugh, director of the cybersecurity and emerging threats team at the center-right think tank R Street Institute. Pugh says some Republicans believe the agency “went beyond its original mandate and [has] become too bloated…”

Even as Project 2025 appears to misunderstand some aspects of CISA’s mission and focus disproportionately on others, the document also misses opportunities to recommend meaningful reforms.

Congress has spent years waiting for CISA to complete a “force structure assessment” that would better define its mission and the resources and organization needed to accomplish it. But even beyond CISA, there are serious concerns that the government as a whole isn’t coordinating well on cyber issues.

Pugh says it’s worth examining whether the system is working well. “Do we need to take a harder look at who’s responsible for different leadership aspects of cyber?”