The US government shutdown will severely deplete federal cybersecurity capabilities, with the Cybersecurity and Infrastructure Security Agency (CISA) set to lose around 65% of its workforce.
An estimated 1651 CISA employees out of its 2540-strong workforce are set to be furloughed, leaving just 889 remaining in post, according to an official Department for Homeland Security (DHS) planning document published ahead of the shutdown.
This is despite DHS expecting to retain 91% of its total workforce during the shutdown.
CISA, which operates under the DHS, is responsible for cybersecurity protection across all levels of the federal government. In addition, it provides guidance and threat intelligence sharing with states, the private sector and international partners.
This includes funding and support for the Common Vulnerabilities and Exposures (CVE) program, a reference for publicly-disclosed vulnerabilities.
No details have been provided on the types of job roles that will be furloughed.
Additionally, CISA’s website will not be actively managed until an agreement is reached on a budget in the US Senate, enabling federal funding to be resumed.
A notice on the website reads: “This website was last updated on September 30, 2025 and will not be updated until after funding is enacted. As such, information on this website may not be up to date. Transactions submitted via this website might not be processed and we will not be able to respond to inquiries until after appropriations are enacted.”
CISA is not the only cyber-related agency to be impacted. The Department of Commerce estimates in its shutdown plan that the National Institute of Standards and Technology (NIST) will retain just 34% of its workforce.
NIST develops a range of cybersecurity standards and frameworks, which are used globally by organizations to help protect their networks.
This includes the NIST Cybersecurity Framework (CSF) and Post Quantum Cryptography Standards.
Like CISA, NIST’s website currently carries a notice that it is not being updated due to a “lapse in annual appropriations.”
Shutdown Carries Severe Cyber Risks
The prospect of CISA and NIST activities being curtailed have raised fears that cybercriminals will be able to exploit critical security gaps to launch attacks.
This includes the government’s ability to respond to attacks on its networks, such as patching critical vulnerabilities.
Another issue is federal agencies may be forced to suspend contracts with third-party vendors, including those providing cybersecurity services to the government.
Additionally, US businesses and local authorities will not be receiving the usual notifications and recommendations from CISA and NIST, including alerts around new types of threats and vulnerability exploits.
Brandon Potter, CTO at ProCircular, warned that both financially motivated cybercriminals and nation-state actors are likely to increase attacks to exploit the situation.
“Expect to see an increase in ransomware attacks targeting critical infrastructure vendors during this time; however, they’ll likely shift to only data exfiltration and extortion to amplify political tensions even more,” he commented.
“It’s a long game with low and slow persistence. If I am a nation-state threat actor with a reasonable foothold on the network, my goal would be to continue deeper penetration and establish multiple forms of persistence to increase mission longevity and success,” Potter added.
Experts also predict that furloughed federal workers will be a target for various fraud and social engineering attacks.
“The opportunity for exploitation risks will spike related to phishing that targets credentials. Especially those targeting furloughed workers due to the number of sporadic logins and websites they’ll be working through for official HR and benefits communications. Expect coordinated attacks against both work and personal email accounts of these workers,” noted Potter.
The cybersecurity impact on the US is likely to last well beyond the shutdown period, Gary Barlet, public sector CTO at Illumio commented.
“When the shutdown ends, IT doesn’t simply switch back on. Work has piled up and slowed down, projects underway or just starting have been stalled, and funding pauses have thrown off timelines. Such delays ripple across planned cyber and IT efforts,” Barlet said.
Longer-term cybersecurity projects are likely to be pushed to one side, as staff will be under pressure to prioritize immediate fixes.
How Long Could the Government Shutdown Last?
The shutdown took effect at midnight EST on Wednesday, October 1, after President Donald Trump’s Republican party was unable to pass a spending bill funding government services following a dispute with Democrat representatives in the Senate.
In a press briefing on October 1, White House press secretary Karoline Leavitt warned that federal workers could be laid off within two days.
The Congressional Budget Office (CBO) estimates that 750,000 federal employees will be furloughed in total.
It is unclear how long the shutdown could last. The current record of 35 days from December 2018 to January 2019, took place during President Trump’s first term in office.
Furloughed staff will face unpaid leave but are entitled to backpay once the budget for government spending has been passed.
