DHS Moves CISA Cyber Staff to Deportation Effort

The Department of Homeland Security has transferred hundreds of employees from the Cybersecurity and Infrastructure Security Agency to support the administration’s deportation efforts, Bloomberg and Nextgov have reported, with staff warned they would be fired if they defy orders. The move drags trained cyber experts from their immigration support work as the government and private sector wrestle with a drumbeat of high-impact intrusions.

A Loss of Cybersecurity Muscle Across Key CISA Teams

CISA personnel have been assigned to Immigration and Customs Enforcement, Customs and Border Protection, and the Federal Protective Service, the publications reported. Among the receiving units is FPS, which provides security at federal facilities and often partners with ICE and CBP on removals.

Many of the reassigned employees are from CISA’s Capacity Building and Stakeholder Engagement divisions—teams that bring cyber hygiene to life across federal entities, and link owners of critical infrastructure with threat intelligence and best practices. If they move those staffers elsewhere, that depletes the bench strength supporting patching, assessments and partner outreach.

Which CISA Missions Are Impacted by Staff Reassignments

Capacity Building operates services to which thousands of federal, state and local networks connect, including vulnerability scanning and configuration assessments commonly called Cyber Hygiene. These programs assist agencies in locating and mitigating known exploited vulnerabilities before our adversaries have an opportunity to exploit them, and they support the government’s wider risk reduction efforts.

Stakeholder Engagement, in the meantime, oversees relationships with energy, healthcare, water and transportation operators as well as foreign counterparts. It includes the Joint Cyber Defense Collaborative, which marries government and private-sector expertise in order to disrupt active threats. Even brief lulls here can hamper advisories, slow coordination across incidents and reduce the pace of joint defensive actions.

Rising Cyber Threats Raise Stakes for Redeployments

The timing is delicate. Over the past few weeks an English-speaking crime gang stole sensitive data from companies through stolen Salesforce credentials; Russian hackers swiped sealed files from the U.S. courts system; and exploitation of a SharePoint bug allowed attackers to compromise agencies including the department tasked with safeguarding the nation’s nuclear stockpile.

CISA’s Known Exploited Vulnerabilities catalog now includes more than a thousand actively exploited software bugs, a measure of how much patching is needed across government and industry sectors.

The F.B.I.’s Internet Crime Complaint Center, meanwhile, continues to tally billions in annual victim losses stemming from cybercrime and thousands of ransomware complaints, with critical infrastructure entities being hit again and again. Redeploying experienced hands from the front lines of prevention and response threatens to create a larger attack surface at a time when it is already hard enough.

Budget Priorities and Policy Context Behind Moves

Congress recently approved nearly $150 billion to speed up deportations conducted by ICE, a large portion of which is earmarked for technology and data gathering. That includes broader use of commercial data brokers and location intelligence to find and follow targets—potentialities that require careful oversight in order to rationalize privacy, accuracy and cybersecurity controls.

“DHS has the authority, on a long-term and consistent basis, to surge personnel across components for priority missions pursuant to its law enforcement operational authorities,” it added, saying this is also part of border surges and disaster response. The scale and source of the action here are unusual: CISA is the government’s chief civilian cyber defense agency, and its staff has been strained as high-profile breaches become more frequent and complicated.

Workforce and Legal Questions Around Forced Details

Reassignments on this scale arrive at a time when the nation faces a chronic shortage in cybersecurity talent. According to the CyberSeek website, there are hundreds of thousands of unfilled cybersecurity jobs in the United States, and that gap has not closed despite federal hiring efforts and pay reforms. When team specialists are detailed away, remaining teams bear a heavier burden, resulting in higher burnout and at-risk rates.

Inside the department, managers have indicated that declining a detail could be grounds for disciplinary action, including dismissal, the outlets reported. Federal employee associations have long warned that forced details, even temporarily, could hurt morale and readiness levels. For CISA, which depends on trust and quick cooperation with industry, continued turbulence could also affect external partnerships.

What This Means for Agencies and Critical Infrastructure

Federal CIOs and CISOs may experience longer turnaround times for vulnerability scans, architecture reviews and incident response help. Operators of critical infrastructure may find themselves in fewer exercises and receiving advisories later than normal—particularly advisories that would usually go through stakeholder engagement mechanisms.

To reduce exposure, agencies and companies should:

• Verify incident escalation contacts.
• Validate that logging and backup practices adhere to best practices as of the HBSS implementation date.
• Monitor any changes to CISA service levels.

Sector-specific information sharing groups can help fill the gaps, but there is no exact replacement for CISA’s capacity when threats make their way into public view.

What to Watch Next as DHS Details CISA Personnel

Key indicators will be how long the details last, whether CISA restricts them to non-technical tasks, and if advisories, KEV catalog updates or joint cyber defense activities slow. Congressional oversight and inspector general reports could examine how DHS is weighing obligations to enforce immigration laws against duties to defend cyberspace during a period of heightened risk.