Lawmakers from both sides of the aisle continue to push back on the Trump administration’s cuts to the Cybersecurity and Infrastructure Security Agency.
Reps. Don Bacon (R-NE) and James Walkinshaw (D-Va.) agreed that CISA’s current workforce, funding and resource structure are a continued concern, especially in the wake of the use of artificial intelligence to discover previously unknown zero day attacks.
“Unfortunately, this administration has weakened CISA in the last year. I don’t think they realize the one-for-one output that they provide on defensive cyber for many of you in here, and so instead of cutting system, we should be expanding systems capabilities to protect our domestic, our non-military cyber systems,” Bacon said at the National Cyber Innovation Forum, sponsored by the National Security Institute at the George Mason University Antonin Scalia Law School.
Bacon is retiring at the end of his term.
Walkinshaw said he believes the Trump administration has intentionally diminished CISA’s capabilities.
“In terms of bipartisan areas of agreement here in Congress, restoring and expanding those capabilities and those partnerships right now should be a top priority,” he said.
At the same time, Rep. Bennie Thompson (D-Miss.), ranking member of the Homeland Security Committee, and Rep. Delia Ramirez (D-Ill.), ranking member of the Homeland Security Cybersecurity and Infrastructure Security subcommittee, highlighted similar concerns in a letter to acting CISA Director Nick Anderson.
Thompson and Ramirez are asking CISA for a briefing after reports that the agency made public administrative keys on GitHub. Krebs on Security reported earlier this week that a contractor for CISA “maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems.”
“We are concerned that this incident reflects a diminished security culture and/or an inability for CISA to adequately manage its contract support. Over the past year, the Trump administration has decimated CISA’s workforce, and it lost nearly 1,000 personnel,” Thompson and Ramirez wrote. “Previous Department of Homeland Security (DHS) and CISA leadership unleashed special government employees from the Department of Government Efficiency (DOGE) on the Department and CISA. It is unclear exactly what systems DOGE employees accessed, but we do know that they demonstrated gross disregard for basic security practices.”
Nextgov/FCW first reported the letter from Thompson and Ramirez.
CISA reviewing exposure
A CISA spokesperson said the agency doesn’t comment on letters from members of Congress and will respond directly to the lawmakers.
As for the GitHub incident, the spokesperson said, “CISA is continuing to investigate the reported exposure. Currently, there is no indication that agency mission data was compromised. Any sensitive or personally identifiable information (PII) exposed was that of the contractor. We hold our team members to the highest standards of integrity and operational awareness and are working to ensure additional safeguards are implemented to prevent future occurrences.”
Over the last 15 months, CISA has lost more than 1,000 employees and it hasn’t had permanent political leadership. The agency also had been under a hiring freeze for much of last year, while staff left the agency due to voluntary resignations and some layoffs.
Acting CISA Director Nick Andersen said in March the agency plans to hire 300 new employees this year. And more recently, CISA posted job announcements for new C-suite leaders, chief information officer and chief human capital officer. CISA also just hired Ryan Donaghy as its first-ever chief operating officer. In that role Donaghy will serve as the principal advisor to agency leadership on operations, business functions, financial and acquisition management, policy development and interagency efforts that support CISA’s strategic goals.
Senate and House legislators have been pushing back against CISA cuts for most of the past year. Senate Appropriations Committee leaders rejected the Trump administration’s proposed steep cuts to CISA funding in 2026. House Homeland Committee leaders also pressed CISA leaders about whether they had enough people and resources to meet their mission needs.
Thompson and Ramirez said the last 18 months have been difficult for the agency and that is leading to questions about CISA’s current capabilities to protect federal networks and work with the private sector.
“[W]e are committed to working with you to put it back on track to execute its federal network security and critical infrastructure missions. However, we need assurances that CISA is taking this incident seriously, and that you will do everything in your power to fully assess the security consequences of this lapse and to prevent anything like it from happening again,” the lawmakers wrote.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
