America's Cyber Shield Just Lost Most of Its Staff
A partial Department of Homeland Security (DHS) shutdown, ongoing since February 14, 2026, has forced the Cybersecurity and Infrastructure Security Agency (CISA) to furlough 1,453 of its 2,341 employees — roughly 62% of the workforce. Only 888 "excepted" staff remain on duty, operating under severe constraints as the agency that coordinates cybersecurity across all US critical infrastructure runs on a skeleton crew.
The funding lapse comes at a particularly dangerous time: six actively exploited zero-days were patched in Microsoft's February Patch Tuesday, the Chrome browser's first 2026 zero-day is under active attack, and state-sponsored campaigns from China and Russia continue to target US infrastructure.
What Has Stopped
| Capability | Status | Impact |
|---|---|---|
| Vulnerability scanning of federal networks | Halted | Federal agencies lose proactive threat detection |
| Cybersecurity advisories and guidance | Paused | No new advisories, alerts, or best practices documents |
| Training exercises and drills | Cancelled | Readiness degrades across sectors |
| Stakeholder engagement | Suspended | State/local governments and private sector lose coordination |
| New technical capabilities | Frozen | No deployment of new defensive tools |
| Known Exploited Vulnerabilities (KEV) catalog updates | Delayed | Federal agencies may miss critical patching deadlines |
What Continues (With Reduced Capacity)
The 888 excepted employees are maintaining:
- US-CERT incident response for active federal network intrusions
- National Cybersecurity Protection System (EINSTEIN) operations
- Emergency communications coordination
- Chemical security inspections deemed critical
However, even these operations are degraded. Staff working through the shutdown are doing so without pay, and institutional knowledge gaps from furloughed specialists create blind spots in ongoing investigations.
The Timing Problem
The shutdown coincides with an unusually active threat period:
Active Exploits Requiring Federal Coordination
- CVE-2026-2441 — Chrome zero-day under active exploitation
- CVE-2026-1731 — BeyondTrust RCE with active exploitation confirmed
- CVE-2026-22769 — Dell RecoverPoint zero-day exploited by Chinese APT since mid-2024
- Six Microsoft zero-days patched in February Patch Tuesday, all with confirmed exploitation
- PromptSpy — First AI-powered Android malware discovered this week
Geopolitical Context
- Pro-Russian hacktivists are actively targeting 2026 Winter Olympics infrastructure
- ShinyHunters is conducting a sustained phishing and data theft campaign against major organizations
- China-nexus groups continue targeting US critical infrastructure
Former Officials Sound Alarm
"CISA doesn't just protect federal networks — it's the central nervous system for cybersecurity across energy, water, healthcare, financial services, transportation, and telecommunications. When CISA goes dark, the entire ecosystem loses its coordination layer." — Former CISA official
"Adversaries don't take furlough days. Every day this shutdown continues, our collective attack surface grows while our ability to detect and respond shrinks." — Former DHS cybersecurity advisor
Sector-by-Sector Risk
| Critical Infrastructure Sector | Risk During Shutdown |
|---|---|
| Energy | No CISA coordination for grid security threats |
| Healthcare | Ransomware advisories and support paused |
| Financial Services | Threat intelligence sharing degraded |
| Water/Wastewater | Small utilities lose their primary federal security resource |
| Transportation | Aviation and maritime cyber coordination reduced |
| Elections | State and local election security support suspended |
Historical Context
This is not the first time a government shutdown has impacted cybersecurity operations, but the scale and timing are unprecedented:
- The 2018-2019 shutdown (35 days) led to expired TLS certificates on federal websites and delayed security clearance processing
- The 2023 shutdown threat prompted CISA to develop contingency plans that are now being tested
- The current shutdown hits while CISA is simultaneously managing the aftermath of DOGE-related workforce reductions that had already trimmed the agency
What Comes Next
Congressional negotiations continue with no clear resolution timeline. Each additional day increases the backlog of:
- Unreviewed vulnerability reports
- Uncoordinated threat intelligence
- Unassisted state and local governments
- Uninvestigated anomalous activity on federal networks
When funding is restored, CISA will face a significant catch-up period as furloughed staff return and work through accumulated backlogs.
Key Takeaways
- 62% of CISA's workforce is furloughed — The agency is operating at barely a third of capacity
- Vulnerability scanning has stopped — Federal networks are flying blind on new threats
- Timing is terrible — Multiple active zero-days and campaigns require exactly the coordination CISA provides
- Critical infrastructure sectors are exposed — Without CISA, the coordinating body for US cybersecurity is effectively offline
- Recovery will take time — Even after funding resumes, backlogs will take weeks to clear
Sources
- SecurityWeek — CISA Navigates DHS Shutdown With Reduced Staff
- Nextgov — CISA to Furlough Most of Its Workforce Under Impending DHS Shutdown
- CyberScoop — Acting CISA Chief Says DHS Funding Lapse Would Limit, Halt Some Agency Work
- Federal News Network — How a DHS Shutdown Affects Different Components and Employees