Acting CISA Director Warns DHS Shutdown Would Curtail Cyber Defense Operations
Acting CISA Director Madhu Gottumukkala told House appropriators that a potential Department of Homeland Security funding lapse would materially reduce CISA’s ability to support public- and private-sector partners, warning that “when the government shuts down, cyber threats do not.” He said a shutdown would degrade timely, actionable guidance; curtail core missions such as digital response; and limit work to activities deemed essential to protecting life and property—shifting the agency from proactive efforts (including vulnerability scanning) to a more reactive posture. He also said a shutdown would force more than a third of CISA’s frontline security experts and threat hunters to work without pay and would impede progress on CISA’s long-awaited cyber incident reporting rule.
In the same congressional context, Gottumukkala also acknowledged that about 70 CISA staff were reassigned to other DHS offices over the last year (including a “handful” to ICE), while “30 plus” personnel were transferred into CISA; a December 2025 staffing chart cited in reporting reflected 27 inbound and 65 outbound reassignments. Separately, Congress reauthorized the Cybersecurity Information Sharing Act of 2015 (CISA 2015)—which provides liability protections, FOIA exemptions, and other safeguards for sharing cyber threat indicators and defensive measures—extending it from its planned January 2026 sunset to September 30, 2026. Reporting on the Senate Intelligence Committee advancing a nominee to lead U.S. Cyber Command/NSA is related to federal cyber leadership but is not part of the shutdown/CISA operational-impact story.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
CISA announces CIRCIA listening sessions
CISA announced a series of listening sessions related to revisions to its Cyber Incident Reporting for Critical Infrastructure Act rulemaking. The announcement came as agency leaders warned a shutdown would further slow the already delayed rulemaking process.
Gottumukkala discloses 70 CISA staff were reassigned over the past year
In separate testimony to House appropriators, Gottumukkala said about 70 CISA employees had been reassigned to other DHS offices over the previous year, with more than 30 people transferred into CISA. The disclosure contradicted his earlier January remarks and intensified concerns about the agency's staffing and readiness.
Acting CISA chief warns Congress a DHS shutdown would cripple operations
Testifying before the House Appropriations Homeland Security subcommittee, Gottumukkala said a DHS funding lapse would furlough most of CISA's workforce, leave 888 of 2,341 employees as excepted staff working without pay, and halt or limit proactive cyber work. He said CISA would focus on immediate threats, maintain its 24/7 operations center, and pause or delay work including vulnerability scanning, service deployment, and CIRCIA rulemaking.
Congress grants short-term DHS funding extension
Congress approved a two-week extension of DHS funding, setting up a new Friday deadline and the risk of a partial shutdown if lawmakers failed to reach a broader agreement. The extension framed subsequent warnings from CISA about operational impacts.
Gottumukkala tells House panel reassignments did not occur during his tenure
In January, Gottumukkala told the House Homeland Security Committee that the staff reassignments did not occur during his tenure. That statement later conflicted with his February testimony acknowledging about 70 reassignments over the past year.
CISA reassigns about 70 employees to other DHS offices
Over the following year, roughly 70 CISA employees were management-directed to other DHS components, including some to ICE, while more than 30 employees transferred into CISA. Lawmakers later raised concerns that moving experienced cyber staff could weaken U.S. cyber defenses.
Madhu Gottumukkala joins CISA
Madhu Gottumukkala joined CISA in May of the prior year and later became acting director. His tenure became relevant to later congressional scrutiny over staff reassignments.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
CISA to furlough most of its workforce under impending DHS shutdown - Nextgov/FCW
nextgov.com
Open sourceCISA threatened by potential DHS shutdown | SC Media
scworld.com
Open sourceActing CISA chief says DHS funding lapse would limit, halt some agency work | CyberScoop
cyberscoop.com
Open sourceCISA’s acting chief says 70 staff were reassigned to other DHS offices in last year - Nextgov/FCW
nextgov.com
Open sourceCISA: DHS Funding Lapse Would Sideline Federal Cyber Staff
bankinfosecurity.com
Open sourceInterim CISA chief: ‘When the government shuts down, cyber threats do not’ | The Record from Recorded Future News
therecord.media
Open sourceCISA: DHS Funding Lapse Would Sideline Federal Cyber Staff
govinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
DHS Shutdown and Leadership Vacuum Deepen Concerns Over CISA Staffing and Mission Capacity
Senators and cybersecurity experts warned that **CISA** is operating under growing strain as the **Department of Homeland Security shutdown** and the absence of stable leadership compound earlier cuts to the agency’s workforce and budget. During his confirmation hearing, DHS secretary nominee **Markwayne Mullin** was pressed on whether he would restore staffing and funding after roughly one-third of CISA’s workforce was cut, but he declined to commit to rehiring personnel or reversing budget reductions, saying only that the agency would be staffed to remain mission capable. Security professionals said CISA can still perform its core statutory functions with excepted staff, but the loss of personnel, sidelining of employees during the shutdown, and lack of a permanent director are limiting the agency’s ability to sustain non-essential programs, build new capabilities, and advocate for long-term resources. Even as CISA continues to issue operational guidance, including recent warnings tied to **Microsoft Intune** hardening and patching of vulnerabilities in products such as **Synacor Zimbra Collaboration Suite** and **Microsoft Office**, the broader concern is that reduced staffing and weakened leadership are eroding national cyber defense capacity at a time of elevated threat pressure.
May 27, 2026
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Mar 21, 2026
US Lawmakers Seek Short-Term Extension of Key CISA Cybersecurity Authorities Amid Agency Leadership Turmoil
Congressional leaders introduced a compromise federal funding package that would **temporarily extend two major U.S. cybersecurity authorities**—the 2015 *Cybersecurity and Infrastructure Security Act* (which provides liability protections intended to encourage private-sector cyber threat information sharing with the federal government) and the **State and Local Cybersecurity Grant Program**—through **September 30**. The proposal follows prior stopgap extensions after the statutes lapsed, and comes as lawmakers debate longer-term reauthorization options, including competing House and Senate proposals and a draft approach from Sen. Rand Paul that would remove the original law’s liability protections. Separately, reporting highlighted **internal leadership instability at CISA**: acting director **Madhu Gottumukkala** reportedly attempted to remove or reassign CISA CIO **Robert Costello** via a management-directed reassignment, but was blocked after objections from other political appointees within DHS. The episode adds to concerns about decision-making and turnover at the agency at a time when CISA is responsible for coordinating federal cyber defense, incident response support, and collaboration with state, local, and private-sector partners—functions that could be affected by sustained leadership disruption.
Mar 21, 2026