According to sources speaking with Cyberscoop’s Tim Starks, the US Cybersecurity and Infrastructure Agency (CISA) has suffered greatly following layoffs and cuts resulting from the Trump administration’s first year in power, with roughly a third of staff being axed, while hundreds of other staff were reassigned to assist with other Department of Homeland Security agencies.
The agency is reportedly operating at around 38 per cent of its staff levels since the government shutdown that began on 14 February last year, and has been without a permanent director since Trump took office.
Realistically, CISA has had a unique target on its back since 2020, after Trump blamed the agency for his loss in the 2020 election, citing claims of electoral fraud. For Project 2025, Trump recommended that CISA be dismantled, which, combined with a distaste for the agency among Republicans who backed Trump’s election claims, meant that the agency is in dire straits.
“Year one was a tough year for the agency,” said House Homeland Security Committee chairman Andrew Garbarino, R-NY, who added that a “lot of the best and brightest have left the agency”.
“The amount of cyber attacks that our nation is seeing every day, both on the private side and on the federal government side – you want your best people there fighting against it, and if they’re somewhere else, it definitely leaves us all vulnerable.”
According to Cyberscoop sources, CISA staff are looking to jump ship, and morale is low among the agency’s ranks.
“It’s tough to have a robust entity when you cut the money … we are weaker because of CISA’s lack of manpower,” said Mississippi’s Bennie Thompson.
“CISA wasn’t politicised for the most part, until the Trump administration came along and accused them of somehow contributing to his [election] loss.”
CISA was also established in 2018, under the first Trump administration, where it saw massive initial growth.
According to former agency director of legislative affairs and acting chief external affairs officer Kate DiEmidio, following this point, the agency did need reshaping, but not in the way it’s happening now.
“As with any organisation, the first few years are growth years, and after a while, the agency needed to re-evaluate how it was operating and meeting its statutory authorities,” she said.
“There was a need for the agency to refocus.”
The current state of CISA has raised concerns about its capacity. If major cyber attacks hit the US, some are questioning whether it will be capable enough to keep those actors at bay.
“I do feel like that when people, if organisations, want to reach out to CISA, it’s not clear who’s there … If we got into a major conflict, let’s say, with China, and they start triggering Volt Typhoon-related malware, are we organised and ready to roll? I don’t think so,” said one industry source speaking with Cyberscoop.
James Lewis, from the Centre for European Policy Analysis’ tech policy program, said of CISA that “overall, the impression is it’s a much weaker entity than it was a year ago”.
Following the Cyberscoop report, CISA has announced that its acting director, Madhu Gottumukkala, will be replaced.
His time at CISA was critiqued, highlighting his blunders, including where sensitive government documents were uploaded to ChatGPT, according to TechCrunch.
However, in a statement, CISA spokesperson Marci McCarthy said that Gottumukkala had done a “remarkable job”, adding that he would be shifted to the position of director of strategic implementation within the Department of Homeland Security.
Gottumukkala will be replaced by Nick Andersen, who previously served as a top official at CISA . However, a permanent director is yet to be appointed.
According to McCarthy, the Trump administration has chosen Sean Plankey to be the permanent director of CISA, but this requires a majority Senate approval to take place.
