CISA’s acting chief warns shutdown is increasing cyber risks, causing resignations
Summary
Acting CISA Director Nick Andersen told the House Homeland Security Committee that the Department of Homeland Security shutdown has left the Cybersecurity and Infrastructure Security Agency badly hampered. About 60% of CISA’s workforce is furloughed, the agency has roughly 1,000 vacancies, and a highly technical threat-hunting and incident-response team recently lost six staff who resigned in one day. Andersen said remaining staff are covering mission‑critical duties without pay, limiting CISA largely to responding to imminent threats, protecting life and property, sharing critical vulnerability and incident information, and keeping its 24/7 operations centre running. He warned that paused proactive work and reduced coordination create openings for nation‑state and criminal actors, and that the shutdown will have longer‑term recruitment and retention consequences for cyber talent.
Key Points
- Approximately 60% of CISA’s workforce is furloughed during the DHS shutdown.
- CISA currently has about 1,000 vacancies, intensifying capacity shortfalls.
- Six members of a technical threat‑hunting/incident‑response team resigned in a single day, highlighting retention strains.
- Remaining staff are doing mission‑essential work without pay; agency is mostly limited to imminent threat response and keeping the operations centre running.
- Proactive activities—assessments, planning, partnership and strategic initiatives—have been scaled back or paused, increasing systemic risk over time.
- Reduced coordination with industry, state/local partners and federal counterparts creates exploitable gaps for adversaries, especially ahead of major events (America 250, FIFA World Cup).
- Intelligence sharing continues but is increasingly strained; Andersen warned compounding risks could cause real harm to the public.
- Shutdowns damage CISA’s reputation as an employer in the competitive cyber workforce market, with likely downstream hiring and retention impacts.
Why should I read this?
Because this isn’t just bureaucratic drama — it’s a real warning that national cyber defences are creaking at a dangerous moment. If you work in security, run critical infrastructure, or hire cyber talent, this explains why incident response may be slower, why coordination is patchy, and why people are leaving. It’s short, sharp and worth your attention.
Author style
Punchy: Andersen’s testimony is a stark signal that the shutdown is doing tangible damage — operationally and to morale. If you care about national resilience, this is more than a headline; it’s a practical alarm bell.
Context and relevance
The piece matters because it ties immediate operational shortfalls to broader trends: shrinking public‑sector cyber capacity, competition for skilled staff with the private sector, and the compounded risk of notable public events that attract threat actors. For CISOs, vendors and policymakers, the article highlights why contingency planning, private‑public collaboration and talent pipelines are now higher priority. It’s also a reminder that repeated funding disruptions have lasting effects beyond the shutdown window.