The Cybersecurity and Infrastructure Security Agency (CISA), the federal agency responsible for protecting U.S. Critical infrastructure from cyberattacks, is facing a crisis of its own. Bipartisan lawmakers and cybersecurity industry leaders are raising alarms about significant staffing cuts, program closures, and a lack of permanent leadership, leaving the agency, in their assessment, unprepared for a major cybersecurity incident. The situation has been exacerbated by a recent partial U.S. Federal government shutdown, now in its third week as of February 25, 2026, further straining already limited resources.
The concerns center around a roughly one-third reduction in CISA’s personnel over the past year, according to reports from CyberScoop. This loss of staff has impacted key initiatives, including the agency’s counter-ransomware efforts and programs designed to promote secure software development. The agency’s ability to safeguard U.S. Elections is also under scrutiny, with reports indicating that members of its election security team have been affected by the cuts, as TechCrunch reported last year.
Staffing Shortages and Shifting Priorities
The personnel reductions aren’t solely due to budget cuts. CISA has also reassigned hundreds of staffers to support other agencies within the Department of Homeland Security, specifically to bolster immigration enforcement efforts, according to TechCrunch. This internal reshuffling has diverted expertise away from CISA’s core cybersecurity mission. Sources speaking to CyberScoop attribute the agency’s woes to a combination of factors, including actions by the Trump administration, inaction by Congress, and challenges in leadership.
Currently, CISA is operating at approximately 38% of its normal staffing levels, a situation compounded by the ongoing government shutdown, as reported by SecurityWeek. Lawmakers have so far declined to continue funding federal immigration authorities, a decision linked to criticism surrounding recent incidents involving federal agents and the deaths of two U.S. Citizens.
Leadership Vacuum and Internal Concerns
Adding to the agency’s difficulties is the lack of a permanent director. CISA has been without a confirmed leader since President Trump took office in 2025, and the Senate has yet to approve his nominee, Sean Plankey, according to CyberScoop. In the interim, Madhu Gottumukkala is serving as acting director, but sources within the industry have expressed concerns about his leadership, with one source telling CyberScoop, “I don’t think anybody would argue he’s doing a great job.” There have also been reports of security issues stemming from Gottumukkala’s actions, including allegations that he uploaded sensitive government documents to ChatGPT, as TechCrunch detailed.
Impact on Cybersecurity Posture
The cumulative effect of these challenges is a significant weakening of CISA’s ability to fulfill its mission. Observers across the political spectrum describe the agency as “decimated,” “amateur hour,” and “pretty much fallen apart,” according to CyberScoop. Organizations that once relied on CISA for assistance are now turning to alternative resources, such as industry alliances and private consultants. The agency’s diminished capacity raises concerns about the nation’s preparedness to respond to increasingly sophisticated cyber threats, including ransomware attacks and attempts to interfere with critical infrastructure.
Despite the challenges, Gottumukkala maintains that CISA remains committed to its mission. In a statement to TechCrunch, he said the agency “remains unwavering in its commitment to protect our federal networks from malicious cyber threat actors despite the multi-week government shutdown” of Homeland Security.
Looking Ahead
The situation at CISA remains fluid, dependent on both the resolution of the government shutdown and the confirmation of a permanent director. The Senate is scheduled to revisit Plankey’s nomination in early March, according to congressional aides. Until these issues are addressed, the agency will continue to operate under significant constraints, raising questions about the nation’s ability to effectively defend against evolving cyber threats.
This is a developing story. Share your thoughts and concerns in the comments below.
