When Agencies Disappear: DOGE, CISA, and the Security of Federal Infrastructure

Executive Summary

Reductions in force and reorganization at CISA, combined with the sidelining of the National Cyber Director, have left visible operational gaps in federal cyber defense coordination. This article identifies which CISA functions are most exposed and what state, local, and private partners should plan to backstop.

The Department of Government Efficiency's mandate to reduce federal spending and eliminate what it identified as wasteful programs has resulted in the closure, consolidation, or severe reduction of several agencies and offices that played direct or indirect roles in federal cybersecurity. The changes have been implemented with a speed that outpaced the ability to transfer functions, preserve institutional knowledge, or maintain operational continuity. The security implications are substantial and will persist for years.

CISA and the Civilian Cyber Defense Mission

The Cybersecurity and Infrastructure Security Agency was established in 2018 to consolidate civilian federal cybersecurity responsibilities that had been fragmented across multiple departments. CISA's role includes operating the Einstein intrusion detection system, managing the Continuous Diagnostics and Mitigation program, coordinating incident response for civilian agencies, publishing security advisories, and operating the Secure Domain Name System resolver.

Under DOGE-directed reductions, CISA's workforce was cut by approximately one third. The cuts fell unevenly, but they affected operational components including the hunt and incident response teams, the vulnerability management program, and the advisory publishing pipeline. Several senior technical leaders departed, and the agency's ability to coordinate with state and local partners was reduced.

The risk is not that CISA disappears entirely. It is that CISA's capacity to respond to multiple simultaneous events is degraded at a time when adversary activity is increasing. The federal civilian government has experienced major intrusions in the past, including SolarWinds and the Microsoft Exchange campaign. Those responses required hundreds of personnel working across agencies, contractors, and the private sector. A smaller CISA has less surge capacity and fewer relationships with the cleared contractors who provide emergency support.

USAID and the Development-Security Connection

The United States Agency for International Development was not a cybersecurity agency, but its closure removed a significant channel through which the United States invested in digital security in developing nations. USAID funded programs that built network monitoring capacity in allied countries, trained foreign law enforcement in cybercrime investigation, and supported election security in fragile democracies. Those programs are now ended or suspended.

The security consequence is indirect but real. Countries that lose U.S. support for their cyber capacity often turn to alternative providers, including providers whose interests do not align with the United States. The global security architecture that the U.S. helped build is eroding, and the adversaries who benefit from that erosion are not constrained by American political cycles.

The National Cyber Director's Office

The Office of the National Cyber Director, created by Congress in 2021 to coordinate federal cybersecurity strategy across agencies, was effectively sidelined and then its mandate was reduced. The office had been building a federal cyber workforce strategy, a zero trust implementation plan, and supply chain security guidance. Those efforts stalled when the office lost staffing and authority.

The absence of coordinated strategy means that agencies are now making independent decisions about security investments without a central reference point. Some will invest well. Others will not. The inconsistency creates gaps that adversaries can exploit, particularly in the shared services and federated identity systems that connect agencies.

The Federal Cyber Hiring Pipeline

Multiple programs that fed the federal cybersecurity workforce were terminated or suspended. The CyberCorps Scholarship for Service program, which placed students in federal cyber roles in exchange for tuition support, saw funding delays and placement freezes. Federal cyber internships were reduced. The hiring authorities that allowed agencies to bring in technical talent at competitive salaries were curtailed.

The pipeline effect will not be visible in workforce statistics for several years. Students who would have entered federal service through these programs in 2026 and 2027 will instead enter the private sector or leave the field. The federal government will face a recruiting cliff in 2028 and 2029 that it is not currently planning for.

What Adversaries Are Seeing

Open source intelligence on federal cyber capacity is not difficult to obtain. Congressional hearings, inspector general reports, Freedom of Information Act releases, and the public statements of current and former officials all provide signals. Adversary intelligence services synthesize these signals into assessments of targeting opportunity.

The current environment sends several signals that are favorable to adversaries. Federal cyber teams are smaller. Institutional knowledge is thinner. Coordination mechanisms are weaker. The agencies that would normally detect, attribute, and respond to intrusions are themselves disrupted. These are not permanent conditions, but they are real conditions, and they will shape adversary behavior in the near term.

The Path Back

Rebuilding will require more than reversing the reductions. It will require restoring trust in federal employment as a career choice for technical talent, rebuilding the coordination mechanisms that were disrupted, and reinvesting in the programs that develop the next generation of federal defenders. That work will take years and will require sustained budget authority. The question is whether the political will exists to begin it before a major incident forces the issue.

Sources and Citations

1. CISA strategic plan and budget justifications, fiscal year 2024 and 2025.
2. Office of the National Cyber Director, organizational and budget filings, 2024 and 2025.
3. Government Accountability Office, Cybersecurity High Risk reports, 2024 and 2025.
4. Cyberspace Solarium Commission and CSC 2.0 implementation reports, 2023 through 2025.
5. Center for a New American Security and Atlantic Council research on federal cyber organization, 2024 and 2025.