DHS Reassignment of CISA Cybersecurity Staff to Border and Immigration Roles
The Department of Homeland Security (DHS) has initiated a large-scale reassignment of cybersecurity personnel, particularly from the Cybersecurity and Infrastructure Security Agency (CISA), to roles focused on immigration and border enforcement. Hundreds of DHS employees, including those from CISA, have been directed to transfer to agencies such as Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), and the Federal Protective Service. This move is part of a broader shift in departmental priorities, emphasizing border security and deportation efforts reminiscent of previous administration policies. Employees affected by these reassignments have reportedly been given a week to respond, with the risk of termination if they do not comply. The CISA Capacity Building team, responsible for drafting emergency directives and overseeing cybersecurity for the government's most critical assets, has been particularly impacted by these changes. Experts warn that the loss of specialized cybersecurity staff could result in slower detection of cyber threats, delayed issuance of security advisories, and increased risks to both federal and enterprise networks. The reassignment comes on the heels of the firing of 130 CISA staff since the change in administration, further depleting the agency's cyber workforce. CISA, as the national coordinator for critical infrastructure security and resilience, relies heavily on the expertise of its analysts to manage risks to both cyber and physical infrastructure. The reduction in cyber personnel is expected to hinder vulnerability scanning, slow down coordination with other agencies, and diminish the agency's institutional knowledge. There is concern that the shift in focus away from cybersecurity could leave U.S. networks more exposed to cyberattacks and reduce the government's ability to respond effectively to emerging threats. The move has sparked criticism from cybersecurity experts, who emphasize the importance of maintaining a robust cyber defense posture amid a rising landscape of cybercrime. The reassignments highlight the tension between competing national security priorities and the potential unintended consequences for the nation's cyber resilience. The situation underscores the need for careful consideration of workforce allocations within critical government agencies. As the DHS continues to implement these changes, the long-term impact on U.S. cybersecurity capabilities remains a significant concern for both public and private sector stakeholders.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Reports warn CISA reassignments could weaken U.S. network defense
Coverage of the DHS personnel moves said the reassignment of CISA staff could leave U.S. networks more exposed by reducing cybersecurity capacity. This reflects public reporting and concern about the operational impact of the staffing changes.
DHS begins reassigning hundreds of staff to border and immigration work
The Department of Homeland Security moved forward with reassignments affecting hundreds of employees, shifting personnel toward border security and immigration-related duties. The reporting indicates CISA staff were among those impacted by the broader DHS personnel changes.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Divisions Impacted by Workforce Termination Orders During Government Shutdown
Several divisions within the Cybersecurity and Infrastructure Security Agency (CISA) have been affected by reduction-in-force (RIF) notices issued during the ongoing government shutdown, according to multiple industry sources. The Office of Management and Budget, led by Director Russ Vought, announced these workforce cuts as part of broader federal government measures. Staff members from CISA's Stakeholder Engagement Division, Infrastructure Security Division, and Integrated Operations Division are among those impacted by the layoffs. The Department of Homeland Security (DHS) has stated that these layoffs are intended to help CISA refocus on its core mission. Prior budget documents from DHS indicated that the Chemical Security subdivision within CISA was already scheduled to wind down certain programs and initiatives, suggesting that the workforce reductions are part of a longer-term restructuring. A recent court filing revealed that 176 DHS employees were laid off, though the specific number of CISA employees affected remains unclear. The possibility of further reductions across the federal workforce has not been ruled out. The Trump administration has been critical of CISA's involvement in addressing misinformation, particularly regarding its collaborations with social media platforms to counter false information about elections and COVID-19. This criticism has been cited as a factor in the administration's push to "refocus" the agency. The layoffs have created uncertainty within CISA, with staff members expressing concerns about the future of their divisions and the agency's ability to fulfill its cybersecurity mandate. The Stakeholder Engagement Division, which plays a key role in liaising with external partners, is believed to be among the hardest hit. The Infrastructure Security Division and Integrated Operations Division, both critical to national infrastructure protection and operational coordination, are also affected. The reduction in workforce may impact CISA's capacity to respond to cyber threats and support critical infrastructure sectors. DHS has not provided detailed breakdowns of which positions or functions are being eliminated. The ongoing government shutdown has exacerbated the challenges faced by CISA, as resource constraints and political pressures converge. Industry observers are closely monitoring the situation for potential impacts on national cybersecurity readiness. The future direction of CISA remains uncertain as the agency navigates these significant organizational changes. The broader implications for federal cybersecurity efforts are still unfolding as the shutdown and workforce reductions continue.
Mar 21, 2026
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Mar 21, 2026
CISA Staffing Crisis and Urgent Recruitment Initiatives
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is facing a significant staffing crisis following substantial personnel reductions attributed to Trump-era cuts and a prolonged government shutdown. Acting CISA Director Madhu Gottumukkala acknowledged in an internal memo that these reductions have hampered the agency's ability to fully support national security imperatives, with nearly one-third of the workforce lost in the past year. The memo outlines an urgent need to hire highly qualified professionals by the end of fiscal year 2026 to restore and strengthen CISA's defensive posture, leveraging the Department of Homeland Security's Cyber Talent Management System to attract critical cyber talent at market rates. In response to mounting cyber threats, particularly from China, CISA is accelerating recruitment, workforce development, and retention initiatives. The agency plans to focus on hiring state cybersecurity coordinators, regional cybersecurity advisors, and making itself more attractive to both industry experts and junior practitioners. Additional measures include expanded collaboration with colleges and universities, reviving internship programs, and considering return-to-office exemptions for certain employees. These efforts are intended to ensure CISA's mission readiness and operational continuity amid increasing cyber risks and resource constraints.
Mar 21, 2026