The departures have strained a workforce that was already stretched thin. “We were running into [a] critical skills shortage previously,” says a second employee. “Most people are and have been doing the work of two or more full-time [staffers].”
The CISA team that helps critical infrastructure operators respond to hacks has been understaffed for years. The agency added support positions for that team after a Government Accountability Office audit, but “most of those people got terminated,” a third employee says.
CISA’s flagship programs have been mostly unscathed so far. That includes the threat-hunting branch, which analyzes threats, searches government networks for intruders, and responds to breaches. But some of the laid-off staffers provided crucial “backend” support for threat hunters and other analysts. “There’s enhancements that could be made to the tools that they’re using,” the first employee says. But with fewer people developing those improvements, “we’re going to start having antiquated systems.”
In a statement, DHS spokesperson Tricia McLaughlin says CISA remains “committed to the safety and security of the nation’s critical infrastructure” and touted “the critical skills that CISA experts bring to the fight every day.”
National Security Council spokesperson James Hewitt says the reporting in this story is “nonsense,” adding that “there have been no widespread layoffs at CISA and its mission remains fully intact.”
“We continue to strengthen cybersecurity partnerships, advance AI and open-source security, and protect election integrity,” Hewitt says. “Under President Trump’s leadership, our administration will make significant strides in enhancing national cybersecurity.”
Partnership Problems
CISA’s external partnerships—the cornerstone of its effort to understand and counter evolving threats—have been especially hard-hit.
International travel has been frozen, two employees say, with trips—and even online communications with foreign partners—requiring high-level approvals. That has hampered CISA’s collaboration with other cyber agencies, including those of “Five Eyes” allies Canada, Australia, New Zealand, and the UK, staffers say.
CISA employees can’t even communicate with people at other federal agencies the way they used to. Previously routine conversations between CISA staffers and high-level officials elsewhere now need special permissions, slowing down important work. “I can’t reach out to a CISO about an emergency situation without approval,” a fourth employee says.
Meanwhile, companies have expressed fears about sharing information with CISA and even using the agency’s free attack-monitoring services due to DOGE’s ransacking of agency computers, according to two employees. “There is advanced concern about all of our services that collect sensitive data,” the third employee says. “Partners [are] asking questions about what DOGE can get access to and expressing concern that their sensitive information is in their hands.”
“The wrecking of preestablished relationships will be something that will have long-lasting effects,” the fourth employee says.
CISA’s Joint Cyber Defense Collaborative, a high-profile hub of government-industry cooperation, is also struggling. The JCDC currently works with more than 300 private companies to exchange threat information, draft defensive playbooks, discuss geopolitical challenges, and publish advisories. The unit wants to add hundreds more partners, but it has “had difficulty scaling this,” the first employee says, and recent layoffs have only made things worse. Contractors might be able to help, but the JCDC’s “vendor support contracts run out in less than a year,” the employee says, and as processes across the government have been frozen or paused in recent weeks, CISA doesn’t know if it can pursue new agreements. The JCDC doesn’t have enough federal workers to pick up the slack, the fourth CISA employee says.
