At a Glance
- CISA lost about 1,000 staff, over a third of its workforce.
- The agency now faces a 40% vacancy rate in key mission areas.
- Officials warn that cuts could reverse progress in federal cyber defense.
- Why it matters: The workforce shrink threatens U.S. national security by weakening critical cyber infrastructure protection.
As the Trump administration nears the end of its first year, federal cybersecurity experts warn that recent staffing cuts could set back the nation’s digital defenses. The Cybersecurity and Infrastructure Security Agency (CISA) has already shed roughly 1,000 employees, a loss that has pushed vacancy rates to about 40% in critical roles. The move raises alarms that the country’s ability to respond to cyber threats may be weakened.
Massive Staffing Cuts Shake CISA
CISA’s workforce reduction, driven in part by the administration’s displeasure with the agency’s election-security work, has cut more than a third of its staff. This shrinkage has left key positions unfilled and has strained the agency’s operational capacity.
Gene Dodaro said:
> “We’ve spent a lot of time trying to encourage the government to do more, and CISA was doing, you know, a better job… I’m concerned that we’re taking our foot off the gas at CISA, and I think we’ll live to regret it.”
Madhu Gottumukkala wrote in a memo at the beginning of November:
> “The recent reduction in personnel has limited CISA’s ability to fully support national security imperatives and administration priorities… we have reached a pivotal moment but are hampered by an approximately 40 percent vacancy rate across key mission areas.”
Agency Response and Future Plans
CISA’s public-affairs chief, Marci McCarthy, defended the agency’s focus on its statutory mission:
> “Claims that staffing adjustments are weakening cybersecurity miss the truth… We are accelerating innovation, deepening operational collaboration, and directing resources where they yield the greatest return.”
The agency plans to rebuild its workforce by 2026, according to a mid-November report from Cybersecurity Dive.
Broader Cybersecurity Landscape
The federal shutdown compounded concerns, leaving many IT workers without resources and potentially disrupting relationships with specialized contractors. An anonymous former national-security official noted:
> “Federal IT workers, they are good jobs, there’s not enough resources for the issues that they have to deal with… It’s always underfunded. They always have to catch up.”
Amélie Koran, a former chief enterprise security architect, warned that the shutdown likely ended or disrupted many contractor relationships and that no new contracts or extensions were being pursued, which could affect the next fiscal year.
The Congressional Budget Office reported a hack more than five weeks into the shutdown, and the Washington Post identified a suspected foreign actor. This follows past high-profile breaches such as the 2015 Office of Personnel Management hack by China and the 2020 SolarWinds incident by Russia. Jake Williams, a former NSA hacker, cautioned:
> “When, not if, we have a major cybersecurity incident within the federal government, we can’t simply staff up with additional cybersecurity resources after the fact… On a daily basis I’m worrying that federal cybersecurity and critical infrastructure protection may be backsliding… We must stay ahead of the curve.”
| Metric | Value | Note |
|---|---|---|
| Staff cut | 1,000 | >1/3 of workforce |
| Vacancy rate | 40% | Across key mission areas |
| Rebuild plan | 2026 | Agency to rebuild staff |
Key Takeaways
- CISA’s 1,000-person cut leaves a 40% vacancy rate, threatening U.S. cyber defenses.
- Officials argue the workforce loss could reverse progress in national security.
- The agency plans a rebuild by 2026, but broader cyber incidents highlight the urgency.
The shrinking cybersecurity workforce raises urgent questions about the United States’ ability to protect its critical infrastructure in a rapidly evolving threat landscape.
