As the government shutdown continues, it could be a good time for hackers, cyber criminals, and even America’s adversaries, warned cybersecurity experts. The situation may not improve once the government opens again, as the Cybersecurity and Infrastructure Agency (CISA) is among the offices that may be permanently downsized.
CISA, which is a branch of the Department of Homeland Security (DHS), is the nation’s leading civilian cybersecurity agency.
It was founded just seven years ago, growing out of the DHS National Protection and Programs Directorate (NPPD). CISA is responsible for coordinating cybersecurity programs with the U.S. states, providing cybersecurity and infrastructure protection at all levels of government, and improving the government’s cybersecurity against private and nation-state threats.
The agency has already been stretched thin due to significant budget cuts, staffing reductions, and political redirection of its mission. This year, more than 1,000 CISA employees exited the agency. It could be further reduced thanks to the ongoing political standoff.
CISA Facing Deeper Cuts Due to the Shutdown
Before the shutdown began on October 1, CISA planned to keep just 889 workers, or roughly 35% of its workforce, on the job until lawmakers could reach a compromise, with the remaining 65% furloughed. There are concerns that many of the sidelined staffers could face layoffs instead.
Reductions in Force (RIFs) notices began last week, and there are concerns that a significant portion of CISA’s workforce of 2,540 could be reduced, along with thousands more throughout the federal government.
The Office of Management and Budget Director Russ Vought has defended the actions to streamline the agency, with OMB officials stating it will allow CISA to get “back on mission” and reduce a bloated staff.
Among the departments within CISA already being targeted is the Stakeholder Engagement Division (SED), which coordinates national and international partnership efforts, as well as the Infrastructure Security Division (ISD), a core unit of the agency. It is charged with protecting critical infrastructure, including power grids and water treatment plants, from hacks and other cyber threats. The ISD was already facing budget cuts, which included cutting its Chemical Security subdivision earlier this year. That subdivision was tasked with leading the nation’s efforts to secure America’s high-risk chemical facilities and prevent certain chemicals from being accessed for nefarious purposes.
Politics At Play
It would seem that support for CISA would be bipartisan, given its role. Still, it has received the ire of some lawmakers, who see its efforts to combat misinformation and disinformation, notably on social media and online forums, as censoring Americans’ free speech.
The claims began during the COVID-19 pandemic and following the 2020 election.
However, cybersecurity experts warn that this isn’t the time to politicize an agency that is critical to the national defense.
“CISA plays a pivotal role in safeguarding the digital backbone of the U.S. government. It coordinates defense against cyber threats, shares actionable intelligence across federal and private sectors, and leads response efforts when breaches occur,” said Ensar Seker, chief information security officer at cybersecurity provider SOCRadar.
Seker told ClearanceJobs that any reduction in its capacity, especially during a time of rising nation-state and ransomware activity, creates real risk.
“When cybersecurity teams are furloughed or downsized, adversaries are more likely to exploit blind spots, and the federal government’s ability to detect, respond, and recover from attacks is weakened. Even temporary disruptions can have long-term implications for national resilience.”
