The Department of Homeland Security estimated over the weekend that it would send home about two-thirds of employees at the Cybersecurity and Infrastructure Security Agency in the event of a government shutdown.

It’s the first time that the second Trump administration has released its contingency plan in response to what would happen if Congress doesn’t keep the government funded after Oct. 1 — something that looks likely at the moment. The furlough of two-thirds of CISA employees is also relatively close to the last time the Biden administration produced shutdown guidance in 2023.

According to the DHS document, 889 of CISA’s 2,540 personnel would keep working through a government funding lapse. That workforce estimate is from May, and could be smaller now. In 2023, DHS anticipated that it would keep 960 of its then-3,117 employees at work.

The Biden administration said that year that it would have had the ability to recall another 790 CISA employees if needed. The latest DHS guidance doesn’t include any information on recallable employees, and CISA didn’t immediately respond to a request for that figure Monday.

Furloughs of cyber personnel could have a whole host of potentially negative consequences, government officials and outside cyber experts have warned. Those consequences could be even worse as the Trump administration slashes the federal workforce, some say.

A temporary reduction could invite more attacks on the federal government; slow down patching, cyber projects and regulations; prompt permanent departures from workers disillusioned about the stability of federal cyber work; hinder cybercrime prosecutions; and freeze cyber vulnerability scans.

The latest CISA furlough estimates are “scary,” one cyber researcher wrote on the social media platform Bluesky. The White House has also instructed agencies to plan for mass firings in the event of a shutdown.

At other agencies, some federal cybersecurity-related personnel are likely to continue working during a federal funding lapse, because the law deems some government functions as “excepted,” such as those focused on missions like national security, law enforcement or protection of property and human safety. For example, at the Health and Human Services Department, the fiscal year 2026 contingency plan states that “HHS estimates that 387 staff (excluding those otherwise authorized by law) will be excepted for the protection of computer data.”

Unlike in past years, agencies are hosting contingency plans on their websites on a case-by-case basis, rather than on the website of the Office of Management and Budget. Some plans that have been published, such as those for the Department of Defense, don’t specify figures for cyber personnel.

Hundreds of thousands of federal workers could be furloughed, in total.

Two major cybersecurity laws, one providing legal protections for cyber threat data sharing and another providing state and local grants, are also set to expire in mere days. A House-passed continuing resolution would’ve temporarily extended them, but the legislation didn’t advance in the Senate.

The post Two-thirds of CISA personnel could be sent home under shutdown appeared first on CyberScoop.

Department of Government Efficiency practices at three federal agencies “violate statutory requirements, creating unprecedented privacy and cybersecurity risks,” according to a report that Senate Homeland Security and Governmental Affairs Committee Democrats published Thursday.

The report — drawn from a mix of media reports, legal filings, whistleblower disclosures to the committee and staff visits to the agencies — concludes that the Elon Musk-created DOGE is “operating outside federal law, with unchecked access to Americans’ personal data.” It focuses on DOGE activity at the General Services Administration (GSA), Office of Personnel Management (OPM) and Social Security Administration (SSA).

One previously unreported whistleblower claim is that at the SSA, a June internal risk assessment found that the chance of a data breach with “catastrophic adverse effect” stood between 35% and 65% after DOGE uploaded a computer database file known as Numident, containing personal sensitive information without additional protections against unauthorized access. The potential implications included “widespread PII [personally identifiable information] disclosure or loss of data” and “catastrophic damage to or loss of agency facilities and infrastructure with fatalities to individuals,” according to the assessment.

“DOGE isn’t making government more efficient — it’s putting Americans’ sensitive information in the hands of completely unqualified and untrustworthy individuals,” Michigan Sen. Gary Peters, the top Democrat on the committee, said in a news release. “They are bypassing cybersecurity protections, evading oversight, and putting Americans’ personal data at risk. We cannot allow this shadow operation to continue operating unchecked while millions of people face the threat of identity theft, economic disruption, and permanent harm. The Trump Administration and agency leadership must immediately put a stop to these reckless actions that risk causing unprecedented chaos in Americans’ daily lives.”

The report recommends stripping all DOGE access to sensitive personal information until agencies certify that the initiative is in compliance with federal security and privacy laws such as the Federal Information Security Management Act, and recommends that DOGE employees complete the same kind of cybersecurity training as other federal employees.

It describes the three agencies blocking access to specific offices or otherwise obstructing access. For example, it says that DOGE installed a Starlink network at GSA, but wouldn’t let staff view it. Starlink is the Musk-owned satellite internet service, and the report concludes that Starlink might have allowed DOGE staffers to circumvent agency IT oversight. Data sent over the network “could be an easy target for foreign adversaries,” the report states.

The report also expands upon an alleged attempt at SSA to create a “master database” that would pool data from multiple federal agencies. According to whistleblower disclosures, former SSA DOGE employee John Koval inquired about uploading agency data into a cloud environment to share with the Department of Homeland Security. He was “rebuffed,” the report states, but later worked at DHS and the Justice Department, where SSA data surfaced in some projects, raising further privacy concerns. 

It revisits concerns about DOGE staffer Edward “Big Balls” Coristine having access to sensitive agency data despite reports that he had been fired from an internship at a cybersecurity company for leaking company information to a competitor, and arrives at further conclusions about the risk posed by the ability of Coristine and others “to move highly sensitive SSA data into an unmonitored cloud environment.”

“It is highly likely that foreign adversaries, such as Russia, China, and Iran, who regularly attempt cyber attacks on the U.S. government and critical infrastructure, are already aware of this new DOGE cloud environment,” the report states.

Two of the agencies that were the subject of the report took issue with its conclusions.

“OPM takes its responsibility to safeguard federal personnel records seriously,” said a spokeswoman for the office, McLaurine Pinover. “This report recycles unfounded claims about so-called ‘DOGE teams’ that simply have never existed at OPM. Federal employees at OPM conduct their work in line with longstanding law, security, and compliance requirements.

“Instead of rehashing baseless allegations, Senate Democrats should focus their efforts on the real challenges facing the federal workforce,” she continued. “OPM remains committed to transparency, accountability, and delivering for the American people.”

The SSA pointed to Commissioner Frank Bisignano’s letter to Congress responding to questions about Numident security concerns. 

“Based on the agency’s thorough review, the Numident data and database — stored in a longstanding secure environment used by SSA — have not been accessed, leaked, hacked, or shared in any unauthorized fashion,” a SSA spokesperson wrote, adding, “The location referred to in the whistleblower allegation is actually a secured server in the agency’s cloud infrastructure which historically has housed this data and is continuously monitored and overseen — SSA’s standard practice.”

The SSA spokesperson emphasized there are no DOGE employees at SSA, only agency employees. 

The GSA did not immediately respond to Scoop News Group requests for comment on the Democratic report.

Miranda Nazzaro contributed reporting to this story.

The post Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules appeared first on CyberScoop.

Federal agencies are increasingly incorporating artificial intelligence into the cyberdefenses of government networks, and there’s more still to come, acting Federal Chief Information Security Officer Michael Duffy said Thursday.

“We’re at an exciting time in the federal government to see that we’re not only putting AI in production, but we’re finding ways to accelerate emerging technology across the government, across all missions and all angles,” Duffy said at FedTalks, produced by Scoop News Group. In his “role overseeing federal cybersecurity policy,” he said, he is “able to see these at the ground level, as agencies bring excitement and enthusiasm and hope for what they can optimize through artificial intelligence.”

Cyber attackers are moving faster than ever, and on a much larger scale than before, he said. They’re also using technology in new ways. But it’s not all “doom and gloom” when it comes to the cybersecurity of federal networks, especially because of feds’ move toward AI, Duffy said.

“I’m pleased to say that the advancements that we’ve made over the past decade in the federal government have brought us to this point: Agencies are poised now, postured, positioned, to take advantage of new capabilities, bring them into federal agencies and make them work for the mission,” he said.

The next decade is important, and needs a “clear vision” of the available technologies and the threat landscape, “and how AI-interconnected digital ecosystems will both strengthen and strain that defensive posture,” Duffy said.

The focus now is on protecting sensitive information and making sure the government has efficient and secure interactions with the general public, he said. That includes “leveraging AI to identify vulnerabilities at scale,” Duffy said.

He said that will require the government to update a key document on federal information security, the Office of Management and Budget Circular A-130. A Biden administration executive order from January ordered an update within three years, and a June Trump executive order retained that requirement, albeit with fewer specifications about what the update would entail.

But Duffy noted the document had not been updated since the onset of large-scale AI adoption; its last update was in 2016.

In coordination with the federal chief information officer, Duffy said his office was undertaking a review of AI to measure its strengths and limitations. That includes several steps, among them evaluating the best methods of swiftly adopting AI but with safeguards for proper use.

“We’ll assess the existing cyber defense capabilities within agencies and explore cyber-centric AI use cases,” he also said.

“We’re working with CISOs to rationalize their cybersecurity tool stack to ensure individual agencies are well-postured for the evolving threat environment, while identifying opportunities to eliminate redundant and ineffective systems and capabilities to leverage enterprise-wide capabilities and programs — shared services to gain efficiencies and scale, successful AI pilots occurring within agencies,” he said.

And “we’re working with agencies to increase operational resilience as well, and our collective capacity to respond to AI incidents,” Duffy said.

The post Agencies increasingly dive into AI for cyber defense, acting federal CISO says appeared first on CyberScoop.

A top official at the Cybersecurity and Infrastructure Security Agency on Thursday rejected concerns that personnel and program cuts at CISA have hindered its work.

Nick Andersen, who just began serving as executive assistant director of cybersecurity at CISA this month, said he’s seen the agency function at a high level from both the outside and inside.

“There’s been an awful lot of reporting recently about CISA and the potential for degraded operational capabilities, and I’m telling you, nothing can be further from the truth,” he said at the Billington Cybersecurity Summit. “It is just a fantastic opportunity to see the high-level output and throughput that this team has.

“There is not a single instance where I can think of that somebody reaches out — whether it’s in our remit or not, we are connecting them with the right level of resources, and we are helping them to make themselves right, whether it’s incidents that we see affecting a state/local partner, small- or medium-sized businesses or the largest critical infrastructure owner/operators,” he continued.

The Trump administration has cut or plans to cut more than 1,000 personnel at the agency, a third of its total full-time employees, and has sought nearly half a billion dollars in funding reductions.

CISA’s shuttering of an array of programs has drawn widespread criticism from many in industry as well as from state and local governments who have partnered with the agency, not to mention concerns from Capitol Hill.

But Andersen said CISA has full support from President Donald Trump, who clashed with agency leadership in his first term, and Department of Homeland Security Secretary Kristi Noem.

“We have exceedingly strong relationships with” other government agencies and the private sector, Andersen touted. “The level of commitment within this team is second to none, and we’re just going to continue to hone and focus [on] that operational mission of what CISA should be delivering on. We’re going to continue to sort of separate out the fluff, but we are going to take every single dollar, every single resource, every single manpower hour to deliver an even sharper focus on those core capabilities in keeping with what President Trump identified as our administration priorities.”

Those priorities, Andersen said, include fortifying federal networks. “Raising the collective bar across the dot gov is a big one,” he said.

It also includes strengthening relationships with critical infrastructure owners and operators. “We want to be able to work very closely with our critical infrastructure partners on focused resilience efforts, be able to raise the bar in a sprint between now and 2027 as we prepare for the potential of China making good on its promise … to take Taiwan,” he said, so that “our critical infrastructure is not going to be held hostage.”

And it includes strengthening partnerships with other federal agencies as well as state and local governments, Andersen said.

The post CISA work not ‘degraded’ by Trump administration cuts, top agency official says appeared first on CyberScoop.

The United States needs a “new, coordinated strategy” to counter its cyber adversaries and “shift the burden of risk in cyberspace from Americans to them,” National Cyber Director Sean Cairncross said Tuesday.

“Collectively, we’ve made great progress in identifying, responding to and remediating threats, but we still lack strategic coherence and direction,” he said at the Billington Cybersecurity Summit. “A lot has been done, but it has not been sufficient. We’ve admired the problem for too long, and now it’s time to do something about it.”

The Biden administration produced its first cybersecurity strategy in 2023, with its Office of the National Cyber Director leading the writing of that document. It was part of a broader Biden administration approach to shift the cyber burden from individuals to more powerful institutions like the private sector. 

“The Trump administration will drive a new coordinated strategy that will advance U.S. interests and thwart our adversaries in cyberspace,” Cairncross said in a speech that marked his first public remarks since his confirmation in August. “America has the best talent, the most innovative private sector, the brightest research universities, broad academic resources and powerful government capabilities.

“We have all the tools, and now we have the political will in place to address these challenges,” he said. “We must work together, using all of our nation’s cyber capabilities, to shape adversary behavior and, most importantly, shift the burden of risk in cyberspace from Americans to them.”

The United States needs to “create an enduring advantage” over China, he said. China and other U.S. cyber adversaries that Cairncross called “brittle authoritarian regimes” simultaneously have to expend resources tracking dissidents and maintaining control, but also have the advantage of being able to “integrate instruments of power more seamlessly than we can.”

Cairncross said of cyberspace that “for too long, our adversaries have operated in this environment with near impunity. For too long, we have foregone the chances to set conditions for sustained security and stability. Our action or inaction today holds tremendous implications for our future.”

In separate remarks at another event Tuesday, Cairncross said he also wants to help international allies, particularly nations in the Five Eyes intelligence alliance, combat China’s efforts. 

“There’s many partners around the world who are looking for help as China attempts to export a surveillance state across planet Earth, country by country, continent by continent,” he said at an event hosted by Politico. “We have to engage to help fight that.” 

At the Politico event, he also said he expects the office to be more streamlined with the National Security Council and Cybersecurity and Infrastructure Security Agency, adding that the White House has been focused on what Cairncross referred to as eliminating the “turf wars and bureaucratic nonsense” of prior administrations.   

“The United States hasn’t had an overarching cyber policy strategy that’s set in coordination from offense all the way through to end-user defense, to state, local and tribal governments, working together in putting tactical operations and policies in place that support and feed into that strategy,” he said. “That is what we are going to do.”

In the shorter term, Cairncross mentioned three priorities. One is passage of legislation to reauthorize a law expiring this month that provides legal protections to companies for sharing cyber threat data with the government and within the private sector, the Cybersecurity Information Sharing Act of 2015.

Another is for “the federal government to get our own house in order,” he said.

“Our federal systems need rapid modernization,” Cairncross said, and the Trump administration is working on policies to “update our technologies and ensure that we’re prepared for a post-quantum future.”

And third, industry needs to focus on securing its products and protecting privacy at the outset, during the design process — and the administration will work to streamline cybersecurity regulations on industry’s behalf, he said.

Cairncross said it was a priority of the first Trump administration, and would continue to be in the second, to develop the cybersecurity workforce. Under Trump, however, the administration has pushed to dramatically slash personnel and funding for CISA.

Greg Otto contributed to this report. 

The post National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries appeared first on CyberScoop.