CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about one-third of its workforce and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support.
Reporting also tied the degradation to a prolonged leadership vacuum—with the administration’s nominee Sean Plankey not confirmed and Acting Director Madhu Gottumukkala criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced counter-ransomware efforts, work to promote secure software development, and losses affecting election security functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Reports describe CISA as severely weakened and unprepared for major crises
On February 25, 2026, CyberScoop and follow-on coverage reported bipartisan and industry concern that CISA had been significantly weakened by staffing losses, program cuts, and leadership problems. The reporting said the agency's reduced engagement, morale, and incident-response capacity left it in trouble and potentially unready for a major cyber emergency.
Acting Director Gottumukkala says CISA remains committed during shutdown
Amid the multi-week DHS shutdown, Acting Director Madhu Gottumukkala said CISA remained committed to protecting federal networks from malicious cyber threat actors. His statement came as critics questioned the agency's readiness and leadership.
Partial federal shutdown reduces CISA to about 38% staffing
A partial federal government shutdown began on February 14, leaving CISA operating at about 38% staffing according to the reporting. The disruption intensified concerns that the agency was not prepared to handle a major cyber crisis.
Hundreds of CISA staff are reassigned to other DHS missions
As part of the administration's immigration crackdown, hundreds of CISA personnel were reportedly reassigned to support other Department of Homeland Security components. The move further reduced CISA's operational capacity for cyber defense, incident response, and coordination.
CISA personnel cuts and program reductions hit during Trump's first year
During the first year of the second Trump administration, CISA reportedly lost roughly one-third of its staff through cuts and layoffs, while multiple programs were shuttered or scaled back. Reported losses included expertise tied to counter-ransomware, secure software development, election security, and broader engagement with industry and state and local partners.
Trump begins second term with CISA lacking a Senate-confirmed director
When President Trump entered office in 2025, CISA began operating without a permanent Senate-confirmed leader. Reporting says nominee Sean Plankey's confirmation was delayed, contributing to uncertainty and weakened agency direction.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Across party lines and industry, the verdict is the same: CISA is in trouble | CyberScoop
cyberscoop.com
Open sourceUS cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs | TechCrunch
techcrunch.com
Open sourceA sober look at the recent DOGE cuts at CISA | perspective | SC Media
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
DHS Shutdown and Leadership Vacuum Deepen Concerns Over CISA Staffing and Mission Capacity
Senators and cybersecurity experts warned that **CISA** is operating under growing strain as the **Department of Homeland Security shutdown** and the absence of stable leadership compound earlier cuts to the agency’s workforce and budget. During his confirmation hearing, DHS secretary nominee **Markwayne Mullin** was pressed on whether he would restore staffing and funding after roughly one-third of CISA’s workforce was cut, but he declined to commit to rehiring personnel or reversing budget reductions, saying only that the agency would be staffed to remain mission capable. Security professionals said CISA can still perform its core statutory functions with excepted staff, but the loss of personnel, sidelining of employees during the shutdown, and lack of a permanent director are limiting the agency’s ability to sustain non-essential programs, build new capabilities, and advocate for long-term resources. Even as CISA continues to issue operational guidance, including recent warnings tied to **Microsoft Intune** hardening and patching of vulnerabilities in products such as **Synacor Zimbra Collaboration Suite** and **Microsoft Office**, the broader concern is that reduced staffing and weakened leadership are eroding national cyber defense capacity at a time of elevated threat pressure.
May 27, 2026
CISA Leadership Uncertainty Amid Key Departures and Unconfirmed Director
The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant leadership challenges as the key employee responsible for its early ransomware warning program has departed the agency. This program, credited with preventing an estimated $9 billion in economic damages, now faces an uncertain future, raising concerns about the continuity of CISA's proactive ransomware defense efforts. The departure comes at a critical time for the agency, which has played a central role in national cyber defense and threat mitigation. Compounding these challenges, the U.S. Senate adjourned without confirming a new CISA director, leaving the agency without permanent leadership as it heads into the new year. The stalled nomination of Sean Plankey follows a year marked by workforce reductions and ongoing efforts to finalize a comprehensive national cyber strategy. The lack of confirmed leadership and the loss of key personnel may impact CISA's ability to respond effectively to evolving cyber threats and maintain its critical programs.
Mar 21, 2026
U.S. Federal Cyber Leadership Turmoil and CISA Policy Disruptions
U.S. federal cyber operations faced heightened uncertainty amid **leadership turnover and staffing reductions at CISA**, raising concerns about the agency’s capacity to execute its mission. Reporting indicated acting director **Madhu Gottumukkala** was replaced by **Nick Andersen** following controversies including alleged mishandling of sensitive information, while CISA also lost its CIO and reportedly saw staffing reduced by roughly one-third. Separately, Senate confirmation dynamics continued to affect cyber leadership, with Sen. Ron Wyden opposing the nomination of Lt. Gen. **Joshua Rudd** to lead **U.S. Cyber Command and the NSA**, citing concerns about experience and constitutional-rights familiarity as the agencies remained without a permanent chief. CISA’s policy and guidance output continued but faced headwinds from broader federal disruptions. CISA published new insider-threat program guidance centered on the **POEM framework** (*Plan, Organize, Execute, Maintain*) to help organizations build multi-disciplinary insider threat management teams spanning physical security, cybersecurity, HR/personnel, and reporting/analysis functions. At the same time, a **partial DHS shutdown** was reported to be stalling progress on the **Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)** rulemaking, complicating compliance planning for critical infrastructure entities awaiting clarity on incident reporting requirements and enforcement expectations.
Apr 3, 2026