CISA is operating at roughly 40% capacity after furloughs and approximately 1,000 departures since January 2025. Three critical functions - threat sharing, on-site incident response, and the federal vulnerability catalog - are all running degraded. Adversaries are not pausing while Washington sorts out its staffing dispute.
What CISA Does That Nobody Else Replicates
Three CISA functions have no true equivalent in the federal government or private sector.
Automated Indicator Sharing pushes machine-speed threat intelligence to hundreds of critical infrastructure operators. Hunt and Incident Response Teams deploy on-site when a water utility or election system gets breached - serving organizations that cannot afford a $300K private incident response contract. The Known Exploited Vulnerabilities catalog drives mandatory patching timelines across civilian federal networks, tracking over 1,000 actively exploited vulnerabilities.
All three are running at reduced capacity. Automation handles known threats, but the human analysts who triage novel attack chains and coordinate cross-sector response are the roles hit hardest. When a supply chain attack hits healthcare and energy simultaneously, who is connecting those dots at 40% staffing?
Three Gaps That Keep Experts Up at Night
Emergency advisories that once shipped within 24 to 72 hours of critical vulnerability discovery now face longer timelines. State and local governments without dedicated security teams are losing planning support they depend on.
The sleeper risk is talent attrition. A senior CISA analyst earning $140K can walk into a remote role at a major tech firm for double that. Once institutional knowledge leaves, reopening job requisitions will not bring it back. Organizations should audit against NIST CSF 2.0 and diversify threat intel sources now rather than waiting for Congress to act.
