CISA Divisions Impacted by Workforce Termination Orders During Government Shutdown
Several divisions within the Cybersecurity and Infrastructure Security Agency (CISA) have been affected by reduction-in-force (RIF) notices issued during the ongoing government shutdown, according to multiple industry sources. The Office of Management and Budget, led by Director Russ Vought, announced these workforce cuts as part of broader federal government measures. Staff members from CISA's Stakeholder Engagement Division, Infrastructure Security Division, and Integrated Operations Division are among those impacted by the layoffs. The Department of Homeland Security (DHS) has stated that these layoffs are intended to help CISA refocus on its core mission. Prior budget documents from DHS indicated that the Chemical Security subdivision within CISA was already scheduled to wind down certain programs and initiatives, suggesting that the workforce reductions are part of a longer-term restructuring. A recent court filing revealed that 176 DHS employees were laid off, though the specific number of CISA employees affected remains unclear. The possibility of further reductions across the federal workforce has not been ruled out. The Trump administration has been critical of CISA's involvement in addressing misinformation, particularly regarding its collaborations with social media platforms to counter false information about elections and COVID-19. This criticism has been cited as a factor in the administration's push to "refocus" the agency. The layoffs have created uncertainty within CISA, with staff members expressing concerns about the future of their divisions and the agency's ability to fulfill its cybersecurity mandate. The Stakeholder Engagement Division, which plays a key role in liaising with external partners, is believed to be among the hardest hit. The Infrastructure Security Division and Integrated Operations Division, both critical to national infrastructure protection and operational coordination, are also affected. The reduction in workforce may impact CISA's capacity to respond to cyber threats and support critical infrastructure sectors. DHS has not provided detailed breakdowns of which positions or functions are being eliminated. The ongoing government shutdown has exacerbated the challenges faced by CISA, as resource constraints and political pressures converge. Industry observers are closely monitoring the situation for potential impacts on national cybersecurity readiness. The future direction of CISA remains uncertain as the agency navigates these significant organizational changes. The broader implications for federal cybersecurity efforts are still unfolding as the shutdown and workforce reductions continue.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Top Democrat condemns CISA staffing cuts and demands answers
Additional reporting said a senior Democratic lawmaker criticized the CISA workforce reductions and demanded explanations from the agency. The criticism escalated the issue from initial reporting into a broader political and oversight dispute.
Rep. Eric Swalwell seeks answers from CISA on workforce cuts
Rep. Eric Swalwell publicly pressed CISA for information about the reported staffing reductions and personnel changes. His inquiry marked a formal congressional response to the reported cuts.
Reports emerge of planned layoffs across multiple CISA divisions
News reports said multiple divisions within the Cybersecurity and Infrastructure Security Agency were being targeted for workforce termination orders or shutdown-related layoffs. The reports indicated the cuts would affect several parts of CISA rather than a single office.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Top Democrat Demands Answers on CISA Staffing Cuts
bankinfosecurity.com
Open sourceCISA workforce cuts slammed by Democrat legislator
scworld.com
Open sourceTop Democrat Demands Answers on CISA Staffing Cuts
govinfosecurity.com
Open sourceSwalwell seeks answers from CISA on workforce cuts
cyberscoop.com
Open sourceWorkforce termination orders affect several CISA divisions
scworld.com
Open sourceMultiple CISA divisions targeted in shutdown layoffs, people familiar say
nextgov.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Mar 21, 2026
DHS Reassignment of CISA Cybersecurity Staff to Border and Immigration Roles
The Department of Homeland Security (DHS) has initiated a large-scale reassignment of cybersecurity personnel, particularly from the Cybersecurity and Infrastructure Security Agency (CISA), to roles focused on immigration and border enforcement. Hundreds of DHS employees, including those from CISA, have been directed to transfer to agencies such as Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), and the Federal Protective Service. This move is part of a broader shift in departmental priorities, emphasizing border security and deportation efforts reminiscent of previous administration policies. Employees affected by these reassignments have reportedly been given a week to respond, with the risk of termination if they do not comply. The CISA Capacity Building team, responsible for drafting emergency directives and overseeing cybersecurity for the government's most critical assets, has been particularly impacted by these changes. Experts warn that the loss of specialized cybersecurity staff could result in slower detection of cyber threats, delayed issuance of security advisories, and increased risks to both federal and enterprise networks. The reassignment comes on the heels of the firing of 130 CISA staff since the change in administration, further depleting the agency's cyber workforce. CISA, as the national coordinator for critical infrastructure security and resilience, relies heavily on the expertise of its analysts to manage risks to both cyber and physical infrastructure. The reduction in cyber personnel is expected to hinder vulnerability scanning, slow down coordination with other agencies, and diminish the agency's institutional knowledge. There is concern that the shift in focus away from cybersecurity could leave U.S. networks more exposed to cyberattacks and reduce the government's ability to respond effectively to emerging threats. The move has sparked criticism from cybersecurity experts, who emphasize the importance of maintaining a robust cyber defense posture amid a rising landscape of cybercrime. The reassignments highlight the tension between competing national security priorities and the potential unintended consequences for the nation's cyber resilience. The situation underscores the need for careful consideration of workforce allocations within critical government agencies. As the DHS continues to implement these changes, the long-term impact on U.S. cybersecurity capabilities remains a significant concern for both public and private sector stakeholders.
Mar 21, 2026
CISA Layoffs Challenged Amid Union Injunction During Government Shutdown
The Cybersecurity and Infrastructure Security Agency (CISA) defended its decision to issue reduction-in-force notices to 54 employees in its stakeholder engagement division, arguing in federal court that none of the affected workers are protected by a preliminary injunction covering unionized federal employees. The agency stated that the layoffs, delivered on October 11, were in compliance with a court order that blocks layoffs during the government shutdown for employees represented by eight national civil service unions. CISA maintained that none of the impacted branches include union members covered by the injunction. Critics have raised concerns that the layoffs could undermine CISA's ability to coordinate with private sector partners, as the affected employees were responsible for fostering external relationships. CISA reported taking additional steps to ensure ongoing compliance with the court's order while the legal challenge proceeds. The preliminary injunction, extended by a San Francisco federal judge, prohibits agencies from issuing or processing layoff notices to any office with even a single member of the unions involved in the lawsuit.
Mar 21, 2026