America's Cyber Defense Agency Just Lost 62% of Its Staff Overnight

What Happened

On February 14, 2026, the Department of Homeland Security ran out of funding. The immediate casualty was CISA, the Cybersecurity and Infrastructure Security Agency, which serves as America's primary cyber defense organization.

Of CISA's 2,341 employees, only 888 were designated as "excepted" staff who continue working through the shutdown. The remaining 1,453, roughly 62% of the workforce, were furloughed. All of them work without pay.

Acting CISA Director Madhu Gottumukkala testified to House appropriators the week before: "When the government shuts down, cyber threats do not."

What Stopped Working

The shutdown did not just reduce capacity. It halted entire categories of cybersecurity work:

• Proactive vulnerability scanning of federal networks and critical infrastructure has stopped
• Security assessments for government agencies and critical infrastructure partners are suspended
• Cybersecurity guidance development, including advisories and best practice documents, is paused
• Training exercises and stakeholder engagements are canceled
• New technical capabilities cannot be developed or deployed
• CIRCIA implementation, the Cyber Incident Reporting for Critical Infrastructure Act, has been further delayed beyond its already extended May 2026 deadline

What Is Still Running

A skeleton crew maintains essential operations:

• The 24/7 operations center continues monitoring for imminent threats
• Emergency response to active cyber incidents proceeds on a limited basis
• Time sensitive vulnerability and threat information sharing continues
• Cybersecurity shared services for federal agencies remain online

But "limited basis" is doing heavy lifting in that sentence. Responding to incidents with 38% of your workforce means triaging harder, covering less ground, and inevitably missing things.

The Timing Could Not Be Worse

The shutdown comes at a particularly dangerous moment. CISA had already lost roughly one third of its staff over the past year through workforce reduction programs. Before the shutdown, the agency was already stretched thin. Now it is operating at a fraction of an already reduced capacity.

Meanwhile, the threat landscape is intensifying. In the weeks before the shutdown:

• Google patched an actively exploited Chrome zero-day
• Microsoft patched six zero-days being exploited in the wild
• State sponsored hackers from China, Iran, Russia, and North Korea were documented conducting coordinated operations against defense sector targets
• CISA itself issued an emergency order requiring federal agencies to patch exploited SolarWinds, Apple, and Microsoft vulnerabilities within weeks

Those patches still need to be verified across federal networks. But the people who do that verification are largely furloughed.

Why This Affects Everyone, Not Just the Government

CISA does not just protect federal agencies. It is the central coordinating body for cybersecurity across all critical infrastructure: energy, water, healthcare, financial services, transportation, and telecommunications.

When CISA publishes a vulnerability advisory, companies across every sector use it to prioritize patching. When CISA shares threat intelligence, security teams at hospitals, banks, and utilities adjust their defenses. When CISA conducts security assessments, it identifies weaknesses before attackers do.

All of that proactive work has stopped. The private sector still receives threat data from commercial providers, but CISA's role as a trusted, centralized clearinghouse for actionable intelligence has no substitute.

What You Can Do

Government shutdowns end eventually. But the gap in coverage creates windows that adversaries can exploit. During the shutdown:

• Stay on top of software updates yourself. Do not wait for government advisories to tell you what to patch.
• Monitor vendor security bulletins directly from Microsoft, Google, Apple, and other providers you use
• Follow CISA's Known Exploited Vulnerabilities catalog at cisa.gov/known-exploited-vulnerabilities-catalog, which remains available even during the shutdown
• Review your organization's incident response plan. If CISA cannot help coordinate during an incident, you need to know who else to call
• Enable automatic updates for browsers, operating systems, and security tools

The shutdown is a reminder that cybersecurity is ultimately a personal and organizational responsibility. Government agencies provide critical support, but they cannot be your only line of defense, especially when their own funding is not guaranteed.