What happened
Homeland Security Secretary Markwayne Mullin told lawmakers that CISA has been constrained by the absence of a Senate-confirmed director since January 2025.
Speaking at a House Appropriations Committee subcommittee hearing, Mullin said the president has met with the likely nominee for the CISA director role, though he did not name the person during the hearing.
Mullin said CISA needs roughly 600 new hires and argued that the agency cannot rebuild at full speed until a new director is confirmed and able to hire a team.
The agency previously lost about one-third of its workforce through layoffs tied to the administration’s effort to shrink the federal government. Democrats have argued that those cuts weakened CISA’s ability to work with state governments and industry.
Acting CISA Director Nick Andersen has said the agency has already begun hiring and expects to add about 300 new employees in the coming months.
Mullin said CISA does not need to rehire everyone it lost, reportedly about 1,000 employees. Instead, he said the agency needs to bring in talented people who understand the work and can build partnerships with state and local officials.
Mullin said rebuilding CISA will probably take a year, though he believes the agency can make significant progress in the first three months once leadership is in place.
He also raised concerns about cyber and data privacy threats from China, saying CISA will play a major role because major technology companies cannot be expected to defend against those threats on their own.
Mullin also said Congress needs to provide new clarity on how far CISA can go in addressing these threats.
Who is affected
CISA is directly affected because the agency remains without a Senate-confirmed director and is working to rebuild after major workforce cuts.
Federal agencies, state and local governments, and private-sector partners are also affected because CISA plays a central role in coordinating cybersecurity support, vulnerability guidance, incident response, and public-private collaboration.
Critical infrastructure operators may also be affected if staffing and leadership gaps reduce CISA’s ability to provide timely support, technical guidance, and coordination during cyber incidents.
Why CISOs should care
This development matters because CISA is a key partner for federal agencies, state governments, local officials, and industry during major cyber incidents. Leadership uncertainty and staffing gaps can affect the agency’s ability to coordinate quickly and support defenders at scale.
For CISOs, the workforce issue is especially important. CISA’s ability to engage with state, local, and private-sector partners depends heavily on experienced personnel who understand both cybersecurity operations and interagency coordination.
The emphasis on China-linked cyber and data privacy threats also signals where DHS expects CISA to play a larger role. CISOs should expect continued focus on nation-state activity, critical infrastructure defense, and public-private coordination.
The request for congressional clarity is also significant. If Congress defines or expands CISA’s authorities, it could affect how the agency supports industry, shares information, coordinates response, and engages with technology providers.
3 practical actions
- Monitor CISA leadership and staffing changes: Mullin said the agency needs a confirmed director and roughly 600 new hires. CISOs should track how leadership changes affect CISA guidance, incident coordination, vulnerability programs, and sector-specific outreach.
- Maintain direct relationships with government cyber partners: CISA’s rebuilding process may take about a year. Organizations should strengthen relationships with sector risk management agencies, ISACs, state cyber offices, and local cyber contacts rather than relying on one channel during an incident.
- Prepare for greater focus on nation-state and infrastructure threats: Mullin specifically raised concerns about China-linked cyber and data privacy threats. CISOs should review exposure in critical systems, cloud environments, identity platforms, third-party vendors, and data repositories that may interest nation-state actors.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.