Warner Raises Alarm on CISA Workforce and Budget Cuts That Are Leaving Our Country Vulnerable to Threats

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, pressed the Cybersecurity and Infrastructure Security Agency’s (CISA) Acting Director Nick Andersen on the Trump administration’s reduction of CISA staff and the drastic cuts to CISA’s proposed fiscal year 2027 budget. The senator is deeply concerned that these actions are leaving our nation’s cybersecurity and critical infrastructure vulnerable to attacks from adversaries and criminals armed with artificial intelligence-enabled tools. Since January 2025, the Trump administration has purged nearly one-third of CISA’s workforce – primarily senior career officials – characterizing the losses as necessary to returning the agency to its original mission. Sen. Warner is worried that the administration is intentionally curtailing CISA’s core functions and capabilities in an effort to punish the agency of employees and offices who worked on election security in 2020 and that these cuts have weakened the federal government’s ability to respond to legitimate threats to cybersecurity in the future. State and local officials and industry leaders have reported reduced responsiveness and support from CISA. As cyber threats to critical infrastructure continue to increase, Sen. Warner is committed to ensuring the federal government, states, territories, and Tribes have all the tools and support they need to defend our national security, economy, public health, and safety, including a strong and engaged CISA. In a letter, Sen. Warner wrote, “While your efforts to restore some of CISA’s staffing are welcome, they appear insufficient given the scale of threats facing our nation’s cybersecurity and critical infrastructure, particularly at the state level. The experience, institutional knowledge, and trusted relationships built by career staff are irreplaceable assets and vital to supporting states and critical infrastructure owners and operators to defend against cyberthreats. States and industry have reported that the staffing turbulence at CISA has disrupted its service delivery and operations.” “In recent press reporting, the CISA spokesperson advised: ‘[s]tate and local governments seeking assistance are encouraged to contact our CISA regional teams who can help assess risk, strengthen defenses, enhance resilience, and respond immediately to incidents.’ At present, five of the 10 CISA regional directors are serving in an ‘acting’ capacity, and one of the regional websites appears to misspell the name of the acting director. High turnover and persistent vacancies plague CISA’s headquarters leadership as well. Without permanent leadership, sufficient staffing, or adequate funding at the headquarters and regional levels, the shaken confidence of state, local, territorial, and Tribal leaders reflects a foreseeable erosion of the federal-state trust that effective cybersecurity depends on. Restoring that trust requires, at minimum, an honest accounting of where the agency stands,” Sen. Warner continued. Sen. Warner concluded the letter requesting data on the current state of CISA’s staff and regional operations. He requested a response by June 26, 2026. This letter follows Sen. Warner’s introduction of the Guaranteeing Universal Access to Cybersecurity Act , legislation that would fund MS-ISAC after former-DHS Secretary Kristi Noem terminated the program’s funding and banned federal grant funding from being used by states, localities, Tribes, and territories and other organizations for membership in MS-ISAC. Sen. Warner also sent a letter to DHS Secretary Markwayne Mullin urging DHS to prioritize CISA and to fund MS-ISAC, and a letter to every governor in the country explaining the risk facing critical infrastructure and the hazards caused by the Trump administration’s politically-motivated sabotage of CISA, as well as advocating for steps the governors can take to protect our national security, economy, and public health. Read the full letter here and below. Dear Acting Director Andersen: I recently introduced the Guaranteeing Universal Access to Cybersecurity Act, a bill designed to restore funding to the Multi-State Information Sharing and Analysis Center (MSISAC). This bill is necessary to ensure states, localities, territories, Tribes, and other organizations can access real-time threat information, support, training, and resources to defend against cybersecurity threats to critical infrastructure. The Trump administration’s dramatic reduction of Cybersecurity & Infrastructure Security Agency (CISA) staff, defunding of the MSISAC, and cutting over $700 million in CISA’s proposed fiscal year 2027 budget demonstrates a dangerous underestimation of the threats facing our nation from adversaries and criminals who seek to destabilize our national security, economy, public health, and safety. Governors, mayors, city and county executives, state chief information officers, school district leaders and education advocates, law enforcement, and cybersecurity experts have expressed grave concern at the state of CISA and its ability to function since the Trump administration curtailed CISA’s core functions and capabilities. While your efforts to restore some of CISA’s staffing are welcome, they appear insufficient given the scale of threats facing our nation’s cybersecurity and critical infrastructure, particularly at the state level. The experience, institutional knowledge, and trusted relationships built by career staff are irreplaceable assets and vital to supporting states and critical infrastructure owners and operators to defend against cyberthreats. States and industry have reported that the staffing turbulence at CISA has disrupted its service delivery and operations. In recent press reporting, the CISA spokesperson advised: “[s]tate and local governments seeking assistance are encouraged to contact our CISA regional teams who can help assess risk, strengthen defenses, enhance resilience, and respond immediately to incidents”. At present, five of the 10 CISA regional directors are serving in an “acting” capacity, and one of the regional websites appears to misspell the name of the acting director. High turnover and persistent vacancies plague CISA’s headquarters leadership as well. Without permanent leadership, sufficient staffing, or adequate funding at the headquarters and regional levels, the shaken confidence of state, local, territorial, and Tribal leaders reflects a foreseeable erosion of the federal-state trust that effective cybersecurity depends on. Restoring that trust requires, at minimum, an honest accounting of where the agency stands. Accordingly, to assess the current state of CISA’s regional leadership and capacity, please respond to the following interrogatories by June 26, 2026: Provide a CISA headquarters and regional organizational chart as it existed on January 20, 2025. Please specify the status of regional directors and deputy directors and their capacities. Please enumerate any vacancies at the regional level. Provide a CISA headquarters and regional organizational chart as it existed on October 1, 2025. Please specify the status of regional directors and deputy directors and their capacities. Please enumerate any vacancies at the regional level, as well as any added billets. For vacancies that occurred between January 20 – October 1, 2025, please specify the cause of the vacancy, including if the employee was fired, transferred to a different CISA billet, resigned, retired. Specify if the employee who vacated the billet accepted the Deferred Resignation Program (DRP). Provide a CISA headquarters and regional organizational chart as it exists today. Please specify the status of regional directors and deputy directors and their capacities. Please enumerate any vacancies at the regional level, as well as any added billets. For vacancies that occurred between October 2, 2025 – today, please specify the cause of the vacancy, including if the employee was fired, transferred to a different CISA billet, resigned, retired. Specify if the employee who vacated the billet accepted the DRP. Provide a breakdown of security services provided to state and local authorities by region annually from January 2023 to present. Include vulnerability scans, incident response, and risk assessments. Include the number of service requests received, the number fulfilled, and average response time. Has CISA conducted a gap analysis or internal assessment of capability gaps resulting from staffing reductions since January 2025? If not, why not? If so, please provide the analysis. Of the approximately 200 job offers CISA is extending, how many are for regional positions specifically? How many are backfilling departed staff versus new billets? What is the average experience level of incoming hires compared to those who left? ###