The Cybersecurity and Infrastructure Security Agency, the federal government’s primary defender against digital threats to critical infrastructure, is facing what current and former officials describe as an existential crisis. A combination of mass layoffs, budget cuts, and political pressure has left the agency struggling to fulfill its core mission at a time when nation-state cyberattacks against American targets are intensifying.
According to a detailed report from TechCrunch, CISA has lost a significant portion of its workforce through a series of reductions that began shortly after President Trump returned to office. The cuts have affected teams responsible for election security, critical infrastructure protection, and threat intelligence sharing with the private sector—functions that cybersecurity experts consider essential to national defense.
A Workforce Hollowed Out by Successive Rounds of Cuts
The reductions at CISA have come in waves. The first round involved the termination of probationary employees, a move that swept across multiple federal agencies in early 2025 as part of the administration’s broader government efficiency initiative spearheaded by the Department of Government Efficiency, or DOGE. But the cuts at CISA went deeper than the initial probationary purge. Entire teams have been downsized or disbanded, and contractors who provided specialized technical expertise have seen their agreements terminated or not renewed.
Sources familiar with the agency’s internal operations told TechCrunch that morale within CISA has plummeted. Many of the agency’s most experienced cybersecurity professionals—analysts, incident responders, and threat hunters who spent years building relationships with private sector partners and allied intelligence services—have either been let go or have departed voluntarily, unwilling to work under conditions they describe as untenable. The institutional knowledge walking out the door is, by several accounts, irreplaceable in the short term.
Election Security Programs Bear the Brunt
Among the hardest-hit divisions is the election security team, which CISA built up significantly after Russian interference operations during the 2016 presidential election. The team had become a trusted resource for state and local election officials across the country, providing vulnerability assessments, incident response support, and information sharing about foreign threats targeting voting infrastructure. President Trump and his allies have long been critical of CISA’s election security work, dating back to the agency’s public statements in 2020 affirming that the presidential election was the “most secure in American history.” That declaration, made under then-CISA Director Chris Krebs, led to Krebs’s firing and set the stage for the political targeting of the program.
The dismantling of election security capabilities comes as the United States faces a growing array of foreign influence operations. Intelligence community assessments have repeatedly warned that Russia, China, and Iran continue to target American elections through cyber operations and information warfare. Without CISA’s coordination role, state and local officials are increasingly left to fend for themselves against sophisticated adversaries with nation-state resources.
Critical Infrastructure Protection Gaps Widen
The implications extend well beyond elections. CISA serves as the central coordinating body for cybersecurity across all 16 critical infrastructure sectors, including energy, water, healthcare, financial services, and transportation. The agency’s threat-sharing programs, particularly its Joint Cyber Defense Collaborative (JCDC), brought together government agencies and major private sector companies to coordinate responses to significant cyber incidents. Reports indicate that these collaborative programs have been scaled back or are operating at reduced capacity due to staffing shortages.
This retrenchment is occurring against a backdrop of escalating cyber threats. Chinese state-sponsored hacking groups, including the one known as Volt Typhoon, have been discovered pre-positioning themselves inside American critical infrastructure networks—water treatment plants, power grids, and telecommunications systems—in what U.S. intelligence officials have described as preparation for potential destructive attacks during a future conflict over Taiwan. The FBI and the National Security Agency have both warned publicly about the severity of this threat, making the reduction of CISA’s capabilities particularly alarming to national security professionals.
The DOGE Effect and the Broader Federal Cybersecurity Apparatus
CISA’s troubles are part of a larger pattern of disruption across the federal cybersecurity apparatus. The Department of Government Efficiency, led by Elon Musk, has pushed for dramatic reductions in federal headcount and spending, and cybersecurity agencies have not been exempted. Reports have surfaced of DOGE personnel gaining access to sensitive government systems at multiple agencies, raising concerns among security professionals about insider threat risks and the potential compromise of classified or sensitive data.
Former CISA officials have spoken out publicly about the damage being done. Several have warned that the cuts are not merely trimming bureaucratic fat but are instead eliminating operational capabilities that took years and significant investment to build. Cybersecurity, they argue, is not an area where the government can afford to operate with a skeleton crew. Threat actors do not pause their operations while agencies reorganize or rebuild, and the gaps created by these reductions represent windows of vulnerability that adversaries will exploit.
Private Sector Partners Sound the Alarm
The private sector, which depends heavily on CISA for threat intelligence and coordination during major cyber incidents, has also expressed concern. Industry groups representing technology companies, financial institutions, and critical infrastructure operators have noted that the flow of actionable threat information from CISA has slowed. During major incidents in the past—such as the SolarWinds supply chain compromise and the Microsoft Exchange Server vulnerabilities—CISA played a central role in coordinating the government’s response and communicating with affected organizations. There are serious questions about whether the agency, in its current diminished state, could mount a comparable response today.
Some cybersecurity firms have begun quietly stepping into the void, offering services to state and local governments and critical infrastructure operators that CISA previously provided at no cost. While the private sector has deep technical expertise, it lacks the authority and intelligence access that a federal agency brings to bear. The result is a fragmented and less effective national cyber defense posture.
Congressional Pushback Remains Limited
On Capitol Hill, reactions have been mixed. Some Republican lawmakers have supported the administration’s efficiency drive, arguing that CISA had expanded beyond its original mandate, particularly in areas like combating misinformation, which they viewed as government overreach and a threat to free speech. Democrats and some national security-focused Republicans have pushed back, calling for hearings and demanding detailed accounting of how the cuts are affecting CISA’s operational capabilities.
However, legislative action to restore funding or protect CISA’s workforce has been slow to materialize. The agency’s budget is subject to the broader appropriations process, which remains mired in political negotiations. In the meantime, the cuts continue to take effect, and the agency’s ability to recruit replacements for departed staff is severely constrained by hiring freezes across the federal government.
What Comes Next for America’s Cyber Defense
The situation at CISA raises fundamental questions about how the United States prioritizes cybersecurity at a moment when digital threats to the nation are arguably more severe than at any point in history. The agency was created in 2018 with bipartisan support precisely because lawmakers recognized that the federal government needed a dedicated civilian agency focused on protecting critical infrastructure from cyber threats. Less than a decade later, that consensus appears to have fractured along partisan lines.
Current and former national security officials warn that the consequences of hollowing out CISA may not be immediately visible but will become painfully apparent when the next major cyber incident strikes. Whether it is a ransomware attack that cripples a hospital system, a nation-state intrusion into the power grid, or a coordinated assault on election infrastructure, the United States will need a fully staffed and fully funded CISA to respond. The question now is whether that agency will still exist in a meaningful form when that day comes. As one former senior CISA official put it to TechCrunch, the damage being done today will take years to undo—if it can be undone at all.