my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

CISA Is Running on Fumes While Threats Keep Piling Up

John Z Black Mar 16, 2026 Policy, Law & Governance #cisa #doge #policy #government #workforce #cybersecurity #institutional-risk

There’s a version of cybersecurity risk that doesn’t involve hackers. It involves gutting the people and institutions that make defense possible.

That’s what’s happening at CISA right now.

The agency has lost roughly a third of its workforce. It’s operating at about 38% staff during a government shutdown that started in February and hasn’t ended. There’s no permanent director. The counter-ransomware initiative got disrupted. Election security staffers were placed on leave. Hundreds of cyber staffers got temporarily reassigned to immigration enforcement.

And the proposed FY2026 budget would cut even deeper, from 3,292 employees to 2,324.

Why You Should Care (Even If You’ve Never Heard of CISA)

CISA publishes the Known Exploited Vulnerabilities catalog. That’s the closest thing the U.S. has to a national “patch this now” list. They coordinate incident response across federal agencies. They run critical infrastructure protection programs for water utilities, hospitals, power grids, and elections. SOC teams across the country use their threat advisories for prioritization.

Cut a third of that workforce and some of those functions don’t slow down. They stop.

Then There’s the DOGE Problem

A whistleblower alleges a former DOGE staffer accessed two sensitive Social Security Administration databases and planned to share the data with their private employer. The SSA’s Inspector General opened an investigation.

This follows months of DOGE personnel gaining access to Treasury payment systems, personnel databases, and other sensitive federal data with limited oversight. Courts got involved. More whistleblowers emerged. The basic question still hasn’t been answered: who authorized this access, and what happens when people leave?

So the agency defending federal networks is losing capacity at the same time the mechanisms governing access to sensitive systems are breaking down. That combination is what makes this an institutional risk story.

What to Watch

Forget the policy announcements. Watch the output. Is the KEV catalog still getting updated at the same pace? Are joint advisories with the FBI and NSA still coming? If hospitals and water utilities start reporting their CISA liaisons are gone, that’s the canary.

This isn’t partisan. An agency running at 38% during a period of intensifying nation-state threats is below what the threat environment requires. Full stop.

Read the full story: https://gnerdsec.com/blog/cisa-staffing-cuts-doge-data-us-cyber-defense-capacity-erosion/