According to sources speaking with Cyberscoop’s Tim Starks, the US Cybersecurity and Infrastructure Agency (CISA) has suffered greatly following layoffs and cuts resulting from the Trump administration's first year in power, with roughly a third of staff being axed, while hundreds of other staff were reassigned to assist with other Department of Homeland Security agencies.
The agency is reportedly operating at around 38 per cent of its staff levels since the government shutdown that began on February 14 last year, and has been without a permanent director since Trump took office.
Realistically, CISA has had a unique target on its back since 2020, after Trump blamed the agency for his loss in the 2020 election, citing claims of electoral fraud. For Project 2025, Trump recommended that CISA be dismantled, which combined with a distaste for the agency amongst republicans who backed Trump's election claims, meant that the agency is in dire straits.
“Year one was a tough year for the agency,” said House Homeland Security Committee Chairman Andrew Garbarino, R-N.Y,” who added that a “lot of the best and brightest have left the agency.”
“The amount of cyberattacks that our nation is seeing every day, both on the private side and on the federal government side — you want your best people there fighting against it, and if they’re somewhere else, it definitely leaves us all vulnerable.”
According to the Cyberscoop sources, CISA staff are looking to jump ship and there is low morale amongst the agency’s ranks.
“It’s tough to have a robust entity when you cut the money…we are weaker because of CISA’s lack of manpower,” saod Mississippi’s Bennie Thompson.
“CISA wasn’t politicized for the most part, until the Trump administration came along and accused them of somehow contributing to his [election] loss.”
CISA was also established in 2018, under the first Trump administration, where it saw massive initial growth.
According to former agency director of legislative affairs and acting chief external affairs officer Kate DiEmidio, following this point, the agency did need reshaping, but not in the way it's happening now.
“As with any organization, the first few years are growth years and after a while, the agency needed to reevaluate how it was operating and meeting its statutory authorities,” she said.
“There was a need for the agency to refocus.”
The current state of CISA is one that people are worried about the capacity of. If major cyber attacks hit the US, some are questioning whether it will be capable enough to keep those actors at bay.
“I do feel like that when people, if organizations, want to reach out to CISA, it’s not clear who’s there… If we got into a major conflict, let’s say, with China, and they start triggering Volt Typhoon-related malware, are we organized and ready to roll? I don’t think so,” said one industry source speaking with Cyberscoop.
James Lewis, from the Centre for European Policy Analysis’ tech policy program said of CISA that “overall, the impression is it’s a much weaker entity than it was a year ago.”
Following the Cyberscoop report, CISA has announced that its acting director, Madhu Gottumukkala, will be replaced.
His time at CISA was crittiqued, highlighting his blunders including where sensitive governemnt documents were uploaded to ChatGPT, according to TechCrunch.
However, in a statement, CISA spokesperson Marci McCarthy said that Gottumukkala had done a “remarkable job”, adding that he would be shifted to the position of director of strategic implkementation within the Department of Homeland Security.
Gottumukkala will be replaced with Nick Anderson, who was previously a top official for CISA. However, a permanent director is yet to be appointed.
According to McCarthy, the Trump administration has chosen Sean Plankey to be the permanent director of CISA, but this requires a majority senate approval to take place.
Daniel Croft