As the United States experiences its latest government shutdown, most of the daily operations of the federal government have ground to a halt. This includes much of the day-to-day work done by federal information technology and cybersecurity employees, including those at the nation’s leading civilian cybersecurity agency, the Cybersecurity and Infrastructure Security Agency.

CISA is among the entities that will see the deepest staffing reductions during the shutdown that began Oct. 1, 2025, according to Department of Homeland Security documentation. Only about one-third of its employees remain on the job after federal employees were furloughed. As if cybersecurity wasn’t challenging enough, fewer CISA employees are being asked to do more and more work protecting American cyberspace during the shutdown. And they’ll be working with the promise of getting paid for their efforts at some date in the future once the shutdown ends.

The current CISA situation is grim, from my vantage point as a cybersecurity researcher and former industry practitioner. The agency was already experiencing deep cuts to its staff and resources before the shutdown. And now, coinciding with the shutdown, a key law that enabled the agency to facilitate information-sharing with the private sector has expired.

Taken together, the cyberdefense agency is being hobbled at a time when the need for its services has never been greater, from the ongoing China-led Salt Typhoon attack on U.S. telecommunications networks to ransomware, data........

© The Conversation