The Cybersecurity and Infrastructure Security Agency is expected to initiate efforts aimed at significantly reducing its workforce in the coming days, including vast cuts to its industry contracting teams, according to four people familiar with the moves.
Every unit of the agency — which sits within the Department of Homeland Security — may be affected, said two of the people, who, like others, were granted anonymity to speak openly about the planned cutbacks. Reduction-in-force notices and additional offers for staff to take a deferred resignation from the agency are expected to be extended early next week, one of the people added. The reduction-in-force notices, or RIFs, are considered official agency layoffs, and offer federal workers additional recourse following large-scale terminations.
Another source said that the cyber agency may be ending all threat hunting contracts with the private sector and said multiple contracts have already been cut. The additional reductions across the board, which may impact around 1,300 people, could also include internal agency staff handling threat hunting and vulnerability management, which significantly expands the focus of these reductions beyond previous cuts that focused on election security and disinformation, the source said.
The same source added that there are no plans on the administration’s part to provide funding to the private sector to help fill gaps left behind by the reduction of government workers within the agency. CISA is tasked with defending over a dozen critical infrastructure sectors defined by the U.S. government, which include transportation networks, nuclear reactors, election systems and government facilities.
Staff from CISA’s administration division that are attached to various offices across the agency are expected to receive RIF notices, one of the people said. A different person said that one mission support office in the agency would be reduced by around 90%, leaving few workers left to handle day-to-day operations.
The firings “are actually harming national security on a daily basis — this goes well beyond disruption and is actually destabilization,” said Mark Montgomery, who leads the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. The moves also “weaken public-private collaboration, which is the critical lynchpin to building a resilient cyber defense,” he added.
The planned reductions inside the cybersecurity agency were first reported by CBS news on Friday.
“The cuts were a lot deeper than we expected,” one source told Nextgov/FCW. “I’m not quite sure how we are even going to do our statutory mission.”
Administration officials, including Homeland Security Secretary Kristi Noem, have vowed to downsize CISA amid complaints that the cyber agency’s effort to call out online disinformation have targeted conservative voices, though the planned moves appear to go beyond just those areas of the agency.
“We are not going to comment on this,” a CISA spokesperson said Saturday.
Last month, the agency was working to contact certain employees affected by layoffs based on their employment status, after federal judges ruled the Trump administration must reinstate fired workers across several agencies as those terminations were deemed unlawful.
Elon Musk’s Department of Government Efficiency has had eyes on CISA for some time. Edward Coristine, a 19-year-old staffer in DOGE with a reported history of interacting with hacking groups, was given physical access to agency facilities in February, Nextgov/FCW first reported.
CISA was created in November 2018, when a law signed by President Donald Trump transformed the National Protection and Programs Directorate in DHS into a component with more broad authority for handling cybersecurity threats and infrastructure security. Its first director, Chris Krebs, was fired by Trump after Krebs declared that the 2020 presidential election was secure.
Throughout the COVID-19 pandemic and leading into the 2020 election, CISA had regular contact with social media platforms to inform them of misinformation- or disinformation-laced content, crafted or amplified by foreign adversaries or other home-grown entities. But it began chilling communications following a July 2023 Missouri-originated lawsuit alleging that the Biden administration’s efforts to flag disinformation violated First Amendment rights and suppressed politically conservative voices.
Amid those censorship concerns, Noem, even before she was confirmed to her role leading DHS, suggested a broad reevaluation of CISA’s spending priorities.
“CISA needs to be much more effective, smaller, more nimble, to really fulfill their mission, which is to hunt and to help harden our nation’s critical infrastructure,” she said in January, noting that the agency’s work should be “refocused” away from tapering mis- and dis-information online.
A DHS spokesperson did not immediately respond to a request for comment.
