"We Still Have Embeds in CISA": UK Cyber Agency's CTO Discusses Post-Trump Ties With U.S. Counterpart

Despite evident worries from the technology sector, both organizations appear unperturbed about U.S. information security issues.

CYBERUK The senior officials from the UK's cybersecurity organization state that operations remain unchanged regarding the connection between GCHQ and CISA, despite increasing concerns over how the present leadership treats its American counterpart.

Ever since regaining control, the Trump administration has consistently criticized CISA, an organization that dismissed the president’s assertion that he lost the 2020 election because of “fraud.” This criticism casts doubt on CISA’s position within the Department led by Homeland Security Secretary Kristi Noem.

When asked about changes in the relationship between the British cybersecurity agency and CISA following President Biden’s election victory, members of the NCSC management board swiftly dismissed any suggestions that a change in administration had impacted cross-Atlantic cyber cooperation.

Ollie Whitehouse, the CTO of the National Cyber Security Centre (NCSC), stated during last week’s CYBERUK event that his direct counterpart remains unchanged. He specifically mentioned Chris Butera, who holds the position of Technical Director at CISA. “Our relationship hasn’t altered,” he explained. “I visited the area just last week. Our connection continues unabated and stays steadfast.”

Felicity Oswald, the COO of NCSC, who visited CISA a couple of weeks back, mentioned that their team had "excellent engagement as usual" during the visit.

Oswald was hesitant to discuss another nation's democratic procedures, yet he confirmed to The Register that both NCSC and CISA continue to be "strong allies."

She mentioned, 'We stay very closely connected with CISA and all U.S. agencies.'

Illustrating the point, Whitehouse added "we still have embeds inside CISA," suggesting perhaps if things were really bad, foreign eyes may have already been ousted from the agency's headquarters.

What "really bad" looks like, though, is subjective.

The way the present administration has handled CISA has attracted significant attention, starting with President Trump’s continuous criticism of Chris Krebs. Additionally, Department of Homeland Security Secretary Nielsen indicated during her speech at RSA that CISA seemed to have deviated from its intended path and required adjustment—this was suggested through potential shifts in its mission focus along with planned reductions in funding. Many more instances like these can be cited, leading those within the sector to worry about how this might undermine the organization’s valuable efforts.

A few days back, during the Homeland Security Subcommittee’s CISA oversight hearing, Congresswoman Lauren Underwood from Illinois voiced her concerns stating, “Instead of supporting this well-regarded, flexible, and budget-friendly organization that safeguards virtually all facets of American life, you’re suggesting a reduction close to 20%, which amounts to $491 million, along with pushing employees into early retirement via buyouts and dubious layoffs. This isn’t about trimming excess; it’s more like delivering a fatal strike.”

It's not just CISA that's under fire. More broadly, the way in which the US government views cybersecurity as a component of national security has also caused concern in recent months.

Within a week of taking power, Trump's office gutted the Cyber Safety Review Board, whose work has, among other things, exposed the infosec failings that led to widespread government compromise at the hands of Volt Typhoon.

In just the past few weeks, the Common Vulnerabilities and Exposures (CVE) program, on which the cybersecurity industry relies for tracking vulnerabilities, was saved only at the very last hour by renewed government funding.

There were real fears that Trump's government would not fund MITRE, which runs the CVE program, for over a week. And even though its contract was ultimately renewed, it was only done so for less than a year, meaning the lead-up to March 2026 could see the same concerns revived.

Nevertheless, the NCSC had nothing bad to say or concerns to share about their US counterparts. Toeing the agency's line was Jonathan Ellison, the NCSC's director of national resilience and future technology.

Like Whitehouse and Oswald, he too was on the CISA trip a few weeks back and also attended the RSA talk where Noem vowed to put the cyber agency back on track, but left with a different takeaway.

"I listened to the DHS secretary's keynote at RSA, and I think there's a very clear message there about the importance that the administration in the US is putting on cybersecurity," he said. "And that came through in all the conversations that I had with my counterparts at CISA and other organizations while I was out there.

"I think they're an absolutely key partner for us and a really important partner, and I think we will continue that level of cooperation with them. I think hearing the DHS secretary talking about the importance of cybersecurity to the administration was a really good thing for them to publicly project, and that came out in the final thoughts that I had while I was out there."

It's true that Noem's commitment to cybersecurity was clear throughout RSA. She specifically expressed how perturbed she was upon being briefed on the threat from China, and how many of the questions surrounding the Volt and Salt Typhoon incidents remained unanswered.

She didn't mention that her boss gutted the group his predecessor established for the sole purpose of investigating events such as these.

Asked for a response to the NCSC leaders' comments, CISA's line was equally as sanitized as that of its tea-drinking cyber sibling across the pond in the UK.

"Cybersecurity requires nations to work across borders to share information and work together to strengthen defenses against global threats," it told The Register. "Our close partnership with UK National Cyber Security Centre has enabled us to provide timely, actionable information and beneficial capabilities that greatly strengthened our collective ability to globally defend against cyber incidents.

"CISA is committed to continue working closely with UK NCSC and other international allies to build capacity, cyber resilience, and enhance security for the global critical infrastructure community." ®