CISA's Effectiveness Erodes - ASIS

CISA’s Effectiveness Erodes

On a day when the U.S. Cybersecurity and Infrastructure Security Administration (CISA) issued an urgent emergency announcement that many federal networks could be vulnerable to a threat targeting certain Cisco systems, CyberScoop also reported more broadly on the agency under a headline of “CISA is in trouble.”

The emergency announcement was clearly important—CISA’s counterparts in Canada and the United Kingdom put out similar announcements—but the erosion of CISA during the second Trump administration may be the more dire news.

“It’s been a little more than one year into the second Trump administration and there’s a large consensus, if not total unanimity, among those who have worked with and for [CISA]: It has suffered significantly during that time,” CyberScoop reported.

During the past year, CISA has lost a third of its staff and closed entire divisions.

“Observers across the political spectrum told CyberScoop for this story that even on its core missions, like coordinating with industry and protecting federal networks, the agency is significantly diminished.”

It’s notable that the first Trump administration birthed the U.S. Department of Homeland Security's CISA, creating an agency that centralized responsibilities that had been spread wide and far throughout different offices, agencies, and departments in the federal government. The result was a highly functioning federal agency that notched many successes. *Security Management *has reported on CISA guidance numerous times over the years, including:

Attacks on Cloud Services(2021)How K-12 Schools Can Design Effective Reporting Mechanisms(2023)Protecting People and Infrastructure From Vehicle Ramming Incidents(2024)Guidance for Owners and Operators of Venues on How to Mitigate the Security Challenges They Face(2024)Stadium Screening Runs on Partnerships, People, and Technology(2025)

Security Management also covered CISA’s election security guidance issued in 2020. CISA’s connections to election security was one of the areas CyberScoop reported as a reason for the agency’s erosion: U.S. President Donald “Trump has harbored animosity toward CISA since 2020, when it contradicted his false claims related to widespread electoral fraud.”

One of the primary successes since CISA’s formation has been its ability to forge public-private partnerships, as well as foster collaboration between federal, state, and local governments. However, Cyberscoop noted a report that almost all of the staff in CISA’s Stakeholder Engagement Division have been laid off—gutting a key section devoted to public-private partnerships. In addition, CISA slashed the budget of the Muti-State Information Sharing and Analysis Center (MS-ISAC), which supports cybersecurity operations of state and local governments.

“A bunch of regions are really grappling with the loss of really key personnel who were the ones that were establishing and maintaining these relationships, and really trying to build the trust between the agency and the private sector, and especially in critical infrastructure,” an anonymous source told CyberScoop. “Not having as many people to help do that national coordinating function that CISA is supposed to do is a real issue.”

And CyberScoop quoted sources from the business community also described the changes: “One industry source said they used to meet regularly with top officials, but now can’t get a response. ‘We’ve got really good engagement elsewhere in government. We really would like the opportunity to do the same thing with CISA,’ they said. ‘Some of the trust that had been built up has been eroded.’”

A different corporate source told CyberScoop: “I do feel like that when people, if organizations, want to reach out to CISA, it’s not clear who’s there… If we got into a major conflict, let’s say, with China, and they start triggering Volt Typhoon-related malware, are we organized and ready to roll? I don’t think so.”

Since Trump fired then CISA Director Christopher Krebs in 2020 for not validating the president’s claims that the 2020 election was rife with fraud and insecurity, the agency's areas concerned with election security have been hit with massive cuts in budget and personnel, eroding the trust election partners had built with the agency, according to election news service Votebeat.

Though an off-year election in 2025, for the first time in years, CISA did not initiate its Election Day situation room. The situation room previously served as “a centralized hub for monitoring and communicating about threats nationwide,” Votebeat described.

Gabriel Sterling, the former top elections official in the U.S. state of Georgia who is now vying to be the Republican candidate for Georgia secretary of state, told Votebeat praised how CISA operated previously, but said, “Now, I have no idea what the goal is. I don’t think anyone really understands the mission. I don’t think *they *even understand the mission.”

Votebeat also reported that “election technology companies have since begun pulling back from sharing sensitive information with CISA. Votebeat spoke to three technology companies that confirmed this, though none would speak publicly for fear of reprisal. Some fear data on vulnerabilities could be exposed or used against them in a more politicized environment.”

Compounding the issues with CISA, the agency has operated with an acting director since the start of Trump’s second term. Several U.S. senators blocked Trump's initial nomination of Sean Plankey for the director role in 2025. Trump renominated Plankey in January 2026, but there is no resolution on the stalemate on the horizon.

And Congress passed all appropriations for the entire government other than CISA’s parent department, DHS, in February. As the partial shutdown reaches the two-week mark, the strain on the already stressed agency is palpable.

“The result is a demoralized work force concerned about the agency’s ability to ward off threats, according to former agency officials,” The New York Times reported.