Governance & Risk Management
,
Government
,
Industry Specific
Acting Director Says Furloughs And Cuts Limit Proactive Cyber Defense
The acting director of the U.S. Cybersecurity and Infrastructure Security Agency cited staffing shortages and paused operations to warn House lawmakers on Wednesday that an ongoing Department of Homeland Security shutdown is driving up cyber risks across federal networks and critical infrastructure.
See Also: New Trend in Federal Cybersecurity: Streamlining Efficiency with a Holistic IT Approach eBook
Acting Director Nick Andersen told the House Homeland Security committee that the funding lapse has forced CISA into a reactive posture, with roughly 60% of its workforce furloughed and the remaining personnel focused almost entirely on mission-essential functions.
“The remaining personnel are carrying out mission essential functions without pay while facing increasing pressure from nation-state and criminal actors targeting our nation’s critical infrastructure,” Andersen told lawmakers.
Andersen said the agency is maintaining core capabilities, including its 24/7 operations center, vulnerability and incident information sharing, and emergency response support. But he warned those efforts represent a narrowed version of CISA’s mission. The current state of play is insufficient to reduce systemic risk over time, he added.
“These are necessary functions, but they are not sufficient to get ahead of the threat,” Andersen said. “Delays in issuing binding operational directives, reduced coordination with industry partners and constrained incident response capacity all create openings for our adversaries.”
The operational constraints extend across nearly every part of CISA’s portfolio. Andersen said proactive cybersecurity services, stakeholder engagement and long-term planning efforts have been scaled back or paused, limiting coordination with private sector operators, state and local governments and other federal agencies.
Those disruptions are already affecting policy efforts, Andersen said, with work on already-delayed cyber incident reporting rules paused and the temporary cancellation of multiple planned town halls. The shutdown has slowed the development of a framework intended to improve national visibility into cyberattacks and ransomware activity, the acting director said.
The strain could have longer-term consequences. Andersen told lawmakers that CISA currently has roughly 1,000 vacancies and warned that retention challenges are sharply increasing, including a recent instance in which six members of a highly technical threat hunting and incident response team resigned in a single day.
He said the shutdown is likely to damage CISA’s ability to recruit and retain cyber talent over time – although although Anderson also reportedly obtained sign off this week from DHS higher-ups to replenish depleted staff with 329 new hires.
Leadership uncertainty has also added to those pressures: The agency has operated without a Senate-confirmed director for over a year (see: No Vote, No Leader: CISA Faces 2026 Without a Director).
Earlier this year, CISA leadership told lawmakers the agency was working to stabilize after losing roughly a third of its staff and expected to maintain a workforce of about 2,400 employees, even as it tried to get back on its mission following a period of cuts and organizational change.
Andersen said the timing of the shutdown is concerning given the elevated threat environment and a series of high-profile events on the horizon, including preparations tied to the America 250 celebration and the FIFA World Cup – both of which require extensive coordination for cyber and physical security.
“At some point, the compounding risk within this dynamic threat landscape is going to cause real damage to the American people,” Andersen said, warning that each additional day of the shutdown increases the likelihood that adversaries will exploit gaps created by reduced federal cybersecurity capacity.