Sen. Mark Warner, D-Va., is pressing the Cybersecurity and Infrastructure Security Agency for records on staffing levels and vacancies across its regional offices, warning that workforce cuts over the last year may have weakened the agency’s ability to support state and local governments facing cyber threats.
In a Tuesday letter to acting CISA Director Nick Andersen that was first shared with Nextgov/FCW, the vice chairman of the Senate Intelligence Committee asked the agency to provide both headquarters and regional organizational charts from January 2025, October 2025 and the present day, along with details on vacancies and explanations as to why employees left their posts.
The letter also asks CISA for data going back to January 2023 on services provided to state and local governments, including how many requests the agency received and fulfilled, as well as how quickly it responded.
The request comes after Warner introduced the Guaranteeing Universal Access to Cybersecurity Act — legislation first reported by Nextgov/FCW — that would restore funding for the Multi-State Information Sharing and Analysis Center, or MS-ISAC, a key cyber intelligence-sharing hub used by many state and local governments.
“The Trump administration’s dramatic reduction of Cybersecurity & Infrastructure Security Agency (CISA) staff, defunding of the MS-ISAC, and cutting over $700 million in CISA’s proposed fiscal year 2027 budget demonstrates a dangerous underestimation of the threats facing our nation from adversaries and criminals who seek to destabilize our national security, economy, public health, and safety,” the senator wrote.
CISA is working to hire around 330 employees in the coming months, Andersen said last week. The agency has lost a significant share of its workforce over the past year after the Trump administration moved to reduce and restructure the cyber shop through a mix of layoffs, early retirement offers, transfers and program cuts. Some 180 job offers are expected by the end of June.
Warner said efforts to boost staffing are “welcome” but “they appear insufficient given the scale of threats facing our nation’s cybersecurity and critical infrastructure, particularly at the state level.”
His letter asks CISA to respond by June 26. The agency did not immediately respond to a request for comment.
The letter flags concerns from governors, mayors, state chief information officers and others about CISA’s ability to provide services. State and local officials, cybersecurity groups and former officials have repeatedly warned that reductions in federal support leave smaller governments more vulnerable to cyberattacks, especially with midterm elections coming in November.
CISA has encouraged state and local governments to seek help from its regional teams, though half of the agency’s 10 regional directors are serving in an acting capacity, the letter adds. One CISA regional website also appears to misspell the name of its acting director, Warner wrote, referring to the spelling of Region 2 Director Mohamed Telab, whose first name is written as “Mohammed.”
Cybersecurity has long drawn bipartisan support in Washington, but CISA has become a recurring target of GOP scrutiny over its past work countering election-related disinformation. Since last year, Trump administration officials have sought to “refocus” the agency’s mission, arguing that CISA had strayed too far from its core tasks.
Last week, the House Appropriations Committee approved some $2.35 billion for CISA in the coming 2027 fiscal year — around $253 million below its fiscal 2026 level and about $135 million below the Trump administration’s initial FY27 budget request.
