CISA In Crisis After Trump Cuts And Layoffs

Bill Thompson
By Bill Thompson
News
7 Min Read

The nation’s lead civilian cyber defense agency is reportedly operating at a fraction of its capacity, with bipartisan lawmakers and security leaders warning that the Cybersecurity and Infrastructure Security Agency is in crisis following Trump-era budget cuts, layoffs, and a protracted federal shutdown.

Reporting by CyberScoop’s Tim Starks describes an agency struggling to perform core functions, citing sources across Congress and industry who say CISA’s workforce has been gutted, key staff reassigned within the Department of Homeland Security, and leadership instability compounding the strain. According to the report, CISA is currently functioning with about 38% of its normal staffing as the shutdown drags on, leaving it ill-prepared for a major cyber incident.

Table of Contents
A diagram illustrating the flow of information and actions taken during an internet intrusion, involving an Agency A Network, a Single Service Provider, an Internet Service Provider Nest, the Internet, and the U.S. Department of Homeland Security / National Cybersecurity and Communications Integration Center.

What the Cuts Mean for U.S. Cyber Defense Readiness

CISA sits at the center of the federal government’s cyber response. It runs 24/7 threat analysis, deploys incident response teams to hacked networks, and coordinates joint advisories on vulnerabilities via the Known Exploited Vulnerabilities catalog. It also operates federal defenses like EINSTEIN intrusion detection and helps agencies upgrade protections through Continuous Diagnostics and Mitigation. When those teams are short-staffed, patch timelines slip, threat hunting slows, and warnings reach critical infrastructure operators later than they should.

Recent history underscores the stakes. From the SolarWinds espionage campaign to the Colonial Pipeline ransomware attack, rapid coordination among federal, state, and private-sector partners has been essential to containing damage. Cybercriminals and nation-state operators do not pause for furloughs. The FBI’s Internet Crime Complaint Center has reported cybercrime losses in the billions annually, and U.S. and allied agencies have repeatedly warned of disruptive targeting of energy, water, and healthcare networks by advanced adversaries. An under-resourced CISA weakens the country’s first line of digital defense.

Staffing Freefall and a Deepening Leadership Vacuum

Multiple sources told CyberScoop that layoffs and hiring freezes, followed by the shutdown, have stripped CISA to skeleton crews in some mission areas. With only roughly 38% of personnel available, functions that rely on scarce expertise—industrial control systems analysis, vulnerability research, and incident surge support—are the first to feel the pinch.

Compounding the problem is a prolonged absence of a permanent director since the new administration took office. The acting director, Madhu Gottumukkala, has reportedly struggled to steady the agency amid the turmoil, with some sources blaming leadership missteps for operational headaches. Even in normal times, cybersecurity talent is hard to recruit and retain; prolonged uncertainty at the top makes it harder to keep experienced operators in the fight.

Reassignments Undercut the Mission Across DHS

The strain isn’t just from cuts. CyberScoop’s reporting indicates hundreds of CISA employees were reassigned to support other DHS components during a broader immigration crackdown, draining specialized cyber capacity. That diversion of personnel—paired with the shutdown tied to disputes over immigration funding—has left essential cyber programs short-handed at a moment when attack tempo remains high.

Lawmakers’ refusal to extend funding for certain immigration activities followed intense criticism after incidents in which federal agents killed two U.S. citizens, according to the report. Whatever the politics, the operational consequence for CISA is the same: fewer analysts in the watch center, fewer responders on call, and slower outreach to vulnerable targets across government and industry.

The U.S. Department of Homeland Security logo centered on a professional light gray background with a subtle hexagonal pattern.

Critical Programs at Risk Amid Staffing Shortfalls

Security practitioners point to specific programs now at risk of delay or degradation. CISA’s High-Value Asset assessments and attack-path modeling help agencies find crown jewels and fix weak links before adversaries do; those engagements are labor-intensive and time-bound. The Joint Cyber Defense Collaborative, launched to synchronize threat intelligence with major tech and infrastructure firms, depends on rapid, daily exchanges that are hard to sustain with thinned ranks.

For state, local, tribal, and territorial governments, CISA’s no-cost services—ransomware readiness assessments, vulnerability scans, tabletop exercises, and election infrastructure support—are a crucial force multiplier. The Center for Internet Security’s MS-ISAC relies on tight partnership with CISA to share indicators and remediation guidance. If that cadence slows, small municipalities and hospitals, already popular ransomware targets, will be left more exposed.

Industry and Hill Alarm Bells Over CISA Readiness

Members of both parties, as well as major critical infrastructure providers, have voiced concern that CISA’s diminished posture creates a dangerous gap between the threat landscape and federal readiness. Private-sector executives warn that without CISA’s authoritative directives and timely advisories, patch adoption and mitigation across sectors can lag by weeks, giving attackers a wider window to exploit known flaws.

Before the cuts, DHS budget documents showed CISA’s funding had grown to roughly the low billions, reflecting a recognition that cyber risk was rising faster than traditional homeland threats. Pulling resources now, experts say, risks reversing hard-won progress on basics like asset visibility and vulnerability management across civilian agencies.

What to Watch as Congress and DHS Confront CISA Crisis

Key signals in the coming weeks will include whether the administration and Congress move to:

  • Appoint a permanent CISA director
  • Restore funding to pre-shutdown levels
  • Authorize emergency hiring or surge support for incident response

Oversight inquiries from the DHS Office of Inspector General and the Government Accountability Office could also surface specific gaps in programs like EINSTEIN, CDM, and ICS advisories that need urgent triage.

CISA has long argued that cybersecurity is a team sport. Right now, the federal team’s playbook is intact—but too many players are off the field. Unless staffing and stability rebound quickly, the U.S. risks entering the next cyber crisis with fewer defenders on the front line and less time to blunt the blow.

Bill Thompson
ByBill Thompson
Bill Thompson is a veteran technology columnist and digital culture analyst with decades of experience reporting on the intersection of media, society, and the internet. His commentary has been featured across major publications and global broadcasters. Known for exploring the social impact of digital transformation, Bill writes with a focus on ethics, innovation, and the future of information.
Latest News