← May 1, 2026
politics power

CISA Lost a Third of Its Staff. Cyber Partnerships Are at a Standstill. The Midterms Are Six Months Away.

CISA Lost a Third of Its Staff. Cyber Partnerships Are at a Standstill. The Midterms Are Six Months Away.
Nextgov/FCW

What happened

CISA, the federal agency responsible for protecting US critical infrastructure and election systems, has lost roughly one-third of its workforce since January 2025, including nearly half the staff in its Stakeholder Engagement Division. The House passed a DHS funding bill this week that allocates $2.6 billion to CISA, $300 million below its FY2025 budget. At back-to-back congressional hearings, state election officials from Michigan and Georgia testified that CISA's drawdown has 'destroyed' operational relationships built over years of joint security coordination. The Trump administration has also redirected CISA's election security function toward Director of National Intelligence Tulsi Gabbard, an expansion of executive control over the process.

The US just dismantled its primary election security and critical infrastructure protection agency six months before a consequential midterm election, and the new funding bill locks in the cuts.

The Hidden Bet

1

Cutting CISA is about reducing government bloat

CISA's Stakeholder Engagement Division does not regulate anything. It coordinates threat intelligence sharing between federal agencies and private sector operators of critical infrastructure: power grids, water systems, hospitals. Cutting that division does not reduce regulation; it reduces the government's ability to warn the private sector before attacks happen. Calling this efficiency is like cutting the dispatcher at a fire station and calling it leaner government.

2

State and local governments can substitute for CISA coordination on their own

The state officials who testified at congressional hearings were not complaining about ideological differences. They were describing broken operational pipelines: threat feeds that stopped coming, joint exercises that were cancelled, liaison staff that disappeared. These are coordination functions that cannot be duplicated by state IT departments with no classified access and no federal threat intelligence.

3

Moving election security oversight to the DNI office is a neutral administrative change

CISA's election security work was built on the principle that election infrastructure protection should be non-partisan and at arms length from political leadership. Moving it to Gabbard's office puts a politically appointed official accountable to the President in charge of defining what counts as interference in the elections where that President's party competes.

The Real Disagreement

The genuine fork is between two readings of what CISA actually is. One view: CISA was a well-intentioned but overreaching federal agency that inserted itself into state and local election administration, creating federal dependency and ideological mission creep. The other: CISA was one of the few functioning public-private coordination mechanisms protecting infrastructure that private companies own but the public depends on, and dismantling it creates gaps that nation-state adversaries will exploit. Both readings are coherent. The difference turns on whether you think the federal government's coordination role in cyber defense produces positive net outcomes or whether the cost in autonomy and political risk outweighs the security benefit. I lean toward the latter view: the historical record of CISA's threat intelligence having prevented real attacks on power and water systems is stronger than the evidence that it distorted elections. Dismantling it six months before an election is the wrong timing regardless of the policy debate.

What No One Is Saying

Russia, China, and Iran all ran influence and infrastructure intrusion operations targeting the 2022 midterms, which CISA helped detect and partially disrupt. The question of whether adversaries will probe the 2026 midterms more aggressively because the coordination structure has been dismantled is not being asked in any public forum.

Who Pays

State and local election administrators

Immediate, ongoing through November 2026 elections

Lost access to CISA's threat intelligence sharing and joint exercise programs. Now responsible for cyber defense with no federal coordination and no classified threat feeds

Operators of critical infrastructure

Ongoing

Water utilities, power grids, and hospital networks that relied on CISA's Sector Risk Management function for early warning of coordinated attacks now receive fragmented or no coordination

Voters in competitive districts with underfunded local election IT

October-November 2026

If election systems in under-resourced jurisdictions are successfully attacked or disrupted before November, there is no federal coordination mechanism to respond in real time

Scenarios

Quiet Midterms

No major election infrastructure attack occurs. CISA's reduced footprint is not tested. The administration argues the cuts proved the agency was oversized. The capability loss is invisible because nothing went wrong.

Signal Watch for the absence of any significant reported breach or disruption to election systems in the October-November period.

Infrastructure Probe

A nation-state actor conducts a probing attack on election infrastructure or critical systems in October. CISA's diminished coordination capacity means detection is slower and private-sector notification is delayed. The incident surfaces publicly only after the election.

Signal Watch for DHS or FBI reports of foreign cyber activity targeting election infrastructure in the September-October timeframe.

Congressional Reversal

Bipartisan pressure from state election officials forces a supplemental appropriation or executive order restoring some CISA capacity before November. The administration frames it as a targeted election security measure rather than admitting the cuts were wrong.

Signal Watch for Republican governors or secretaries of state in competitive states to publicly request CISA assistance, which would force the administration's hand.

What Would Change This

A confirmed foreign adversary attack on election infrastructure in a competitive state before November would immediately reverse the political calculus. At that point, the cost of the CISA cuts would be visible and attributable.

Sources

Federal News Network — CISA's Stakeholder Engagement Division lost 96 of 189 staff since January 2025; cyber partnerships with private sector described as at a 'standstill'
Nextgov/FCW — State officials from Michigan and Georgia warn at House hearing that CISA drawdown has 'destroyed' trust and coordination before November midterms
Government Technology — House passed DHS funding bill with $2.6 billion for CISA, $300 million below FY2025, continuing the agency's staffing decline
PYMNTS — Experts say cuts have opened door to threats and slowed private sector coordination; White House announced CISA cyberdefense unit cuts earlier in April

Topics

CISA cybersecurity elections DHS midterms infrastructure

Related

power

The SAVE Act Is Not About Noncitizens. It Is About Who Controls the Voter List.

 power

Trump Is Purging Voter Rolls Inside the 90-Day Window. The Courts Keep Saying No. He Keeps Going.

 power

Trump Signed a Mail Voting Order. 23 States Sued Within Hours. The Midterms Are in 6 Months.

 power

The SAVE Act Would Disenfranchise 21 Million People. Speaker Johnson Says That's the Point.