The Cybersecurity and Infrastructure Security Agency (CISA) is legally prohibited from carrying out core activities such as stakeholder outreach during the ongoing Department of Homeland Security (DHS) shutdown, even as cyber threats from nation-state actors persist, a top agency official told lawmakers Thursday.
Testifying before the House Appropriations Homeland Security Subcommittee, CISA acting Director Nick Andersen said the shutdown has sharply limited what the agency is allowed to do – particularly its ability to engage with partners critical to defending U.S. infrastructure.
“A lot of those preparatory activities within the environment, a lot of the outreach that we would typically be able to do, that’s simply not possible or legally allowed during the period of a shutdown,” Andersen said. “We’re doing everything that we can.”
The restrictions come as CISA continues to track threats from adversaries, including Iran-affiliated actors. Andersen noted that CISA released a joint advisory last week, which urged organizations to “urgently review” their networks for signs of compromise from Iran-affiliated threat actors targeting U.S. critical infrastructure.
The advisory said that Iranian-affiliated targeting campaigns against U.S. organizations have recently increased, likely in response to hostilities between Iran, Israel, and the United States.
Andersen acknowledged that the agency’s ability to counter those threats has been constrained.
“Given our current situation, I’ll be honest with you and tell you it is more limited than I would like,” he told lawmakers.
In addition to legal limitations on outreach and coordination, CISA has also been operating with a significantly reduced workforce during the shutdown.
Andersen said staffing levels have dropped to about 40%, creating what he described as “detrimental capacity impacts” on mission delivery.
However, Secretary of Homeland Security Markwayne Mullin recalled furloughed staff to work last week, offering some near-term relief.
Andersen told lawmakers that CISA is planning to recruit nearly 330 people to fill key cybersecurity roles on its “critical hires list,” including those that would work to secure critical infrastructure.
That hiring initiative comes after Andersen told lawmakers last month that CISA is losing workers as the DHS shutdown continues.
“In a single day, just a couple of weeks ago, we received six resignation notices from the highly technical subject matter experts we have in places like our threat [hunting team],” Andersen said.
“That’s not a sustainable model going forward,” he added.