The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election officials.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ended about $10 million in annual funding to the nonprofit Center for Internet Security, a CISA spokesperson told The Association Press Monday in an email.
The news follows CISA’s announcement a few weeks ago that it was reviewing its election-related work, during which more than a dozen staffers involved in election efforts were placed on administrative leave.
CISA, which falls under the Department of Homeland Security umbrella, was formed in 2018 under the Trump administration to protect critical infrastructure. It has a Senate-confirmed director, but the president has yet to nominate one for the current term.
The moves have sparked concerns in the cybersecurity world. Those who work in financial services are concerned about moving forward in an industry that is prone to harm from bad actors.
Tom Cronkright, the co-founder and executive chairman of CertifID, sat down with HousingWire to discuss how recent cuts to CISA could harm the ability of mortgage and real estate companies in identifying and preventing cyberattacks. This interview has been edited for length and clarity.
Sarah Wolak: We have done a lot of reporting on what the federal government cuts mean for all aspects of the housing industry. With one of the most recent cuts being to CISA, how are they going to affect the financial services space?
Tom Cronkright: Apolitically, CISA plays a very important role. They’re able to take disparate information from different industries, but then they identify trends in cybersecurity and threats that a lot of us wouldn’t otherwise know, and then educate and empower industry sectors like housing and financial services.
My only concern is with anything that would inhibit their ability to obtain, to vet, to distill and disseminate valuable information on these threats. I think it could have a negative effect, because the reality is we’re seeing the threat levels in our business continue to increase and the sophistication of the attacks continue to advance.
And I know for a fact, at scale — whether it’s brokerage or it’s mortgage lending or it’s title or it’s legal — anybody touching the real estate transaction, everyone benefits from the intelligence and the education and the awareness and the public policy that CISA has continued to push forth.
Wolak: It wasn’t that long ago that Mr. Cooper Group had a huge cyberattack which took a long time to recover from. So I’d imagine that if protections are not as stringent, these events could be more frequent?
Cronkright: Let’s take it to real estate, which is still one of the primary targets for bad actors and business email compromise, because you have large sums of money and so many people connecting over a transaction. And in the housing market we’re in right now, every deal matters more than it did the year before.
We did just north of 4 million transactions on the residential side last year. That’s the same as 1995 … but yet we have tens of millions more people and tens of millions more potential homeowners. So I only say that because even though we’re in kind of a trough of volume, they continue to post up higher fraud numbers year over year.
The point is, we all need more cybersecurity awareness. Because whether it’s a mortgage servicer having a ransomware issue where we have an email compromise — or now we’re seeing and hearing more of token hijacking to get into Treasury platforms and escrow accounts, where money is being sent from the scammer that hijacked the token from the actual account holder — all those things are areas of vulnerability right now. We wouldn’t have been talking about those a few years ago.
Wolak: From an outsider’s perspective, it seems like cyberattacks are becoming more scaled and more intense. Is that accurate?
Cronkright: Yes. Here’s what keeps me up at right now: I believe that bad actors were handed a revolutionary tool in AI — whether it’s in the way that they code, in the way that they craft and communicate through email or text messaging, in the way now that they’re doing generative AI voice replication in deep fake. And I’m concerned that they’re in a lab, tinkering and testing and running their betas, and we’re still dealing with hacked email.
We’re still dealing with V1 of this, while they’re already deploying a beta on V2. So the fact that CISA is getting rounded out, we need organizations like that more than ever before right now, because it’s just accelerating.
Wolak: What has the experience been like to manage cybersecurity or consider cybersecurity measures?
Cronkright: We’re in the trenches on this thing every single day. Every single day, we’re managing some risk profile on a wire, or someone trying to impersonate someone else on a transaction.
I think one of the realizations that people are struggling with is balancing being a real estate broker or a mortgage lender or a title company operator with now having to take on this whole thing about cybersecurity, fraud risk — and I have to be an expert in that and I have to surround myself with experts in that.
I think it’s OK to acknowledge that it’s a lot right now, especially in this market where the last thing we need is to spend more time away from our core business and deliverables to our customers and our referral partners. Because we have to make sure that all of our data in our network — and our infrastructure and our funds — are protected on every file, every time.
