CISA Admits that firing lots of people degrades their ability to do their job

April 16, 2026 Mitch Tanenbaum Leave a comment

Since the new administration took over the White House a year ago, CISA has lost a third of their workforce due to layoffs, buyouts, early retirements and RIFs. That amounts to about a thousand people, out of an original 3,400.

As a result of the refusal of the White House to put any guardrails on ICE resulting in a partial government shutdown, 62 percent of what was left of CISA got furloughed (1,453 people).

That leaves CISA with about 888 people out of a former workforce of 3,400 to protect the entire federal government, help state and local governments and advise critical infrastructure operators. It also leave zero people to help you and me. In fact it doesn’t cover any of it very well.

Not surprisingly, morale is in the toilet.

The agency has not had a leader ever in this administration (since they have to be Senate confirmed). All they have had is a rotating placeholder person in the last 15 months.

It is not clear whether those 1,400+ people who got furloughed 6 weeks ago found other jobs and have just not bothered to notify CISA (since they are not being paid and not working they might not feel a need to do that). Recovering from this will take years.

They administration’s proposed 2027 CISA budget chops another $700 million although it is unclear whether Congress will agree to that.

The downsized CISA did not detect the Russian hack of the US court system exposing all sorts of sensitive documents, Chinese attacks on other federal agencies, reports that the Chinese hackers who had US telecom providers are still inside those networks and the hacking of FBI Director Patel’s personal email, among many other compromises.

The placeholder guy at CISA defended the president’s budget cuts before Congress while at the same time saying that they want to stabilize the agency and scale the mission as cyber threats grow.

Placeholder-man said they were working to fill 329 positions identified as critical to restoring operational capacity. Given the president’s open hatred of the agency (he wanted to shut it down at one point), I suspect that filling those positions with anyone who is remotely qualified is going to be an interesting challenge, if not impossible. He said that they are redirecting what little staff they have at the moment to the highest risk sectors without regard to other tasks they are legally required to do.

For security people in private industry this means that you are on your own and should not expect much help from CISA. While most of you did not have direct support from CISA before, you were the beneficiaries of the work that they did in identifying attacks and attackers, disclosing bugs and coordinating with global law enforcement to take down attacks. I suspect that even when it comes to critical infrastructure, attacks on which impact everyone, CISA is not able to do a great job at the moment.

Since this is all over media, including Congressional hearings, every attacker in every unfriendly country also knows that CISA is in disarray and will take advantage of that. Combine this with the release of Mythos and GPT 5.4-Cyber, which, luckily, both OpenAI and Anthropic are trying to roll them out responsibly. That doesn’t mean that China’s version of these products will be constrained in any meaningful way – assuming they have not already breached one or both of these companies and stolen the source code. We don’t even know if the 500,000 lines of code that Anthropic accidentally leaked contained Mythos code. Luckily, they claim, that key parameters were not part of what was disclosed.

As the Chinese proverb says … may you live in interesting times.

Credit: Tech Crunch and GovInfoSecurity