Government layoffs are making us less safe in cyberspace, experts fear

When the Trump administration took office in January, it inherited a precarious cyber threat environment in which years of investments in defense had failed to curb the threat from Russia, China and other U.S. adversaries. 

Six months later, challenges faced by federal agencies are far worse — the result of a wave of layoffs and voluntary separations instigated by the Department of Government Efficiency, or DOGE, which has dramatically impaired the government’s ability to defend itself in cyberspace, according to former officials and experts.

The exits mark the first time in the digital era that the government’s cyber defense has grown worse rather than better, they say, endangering not just federal agencies but a trove of critical industry sectors that rely on cyber assistance from the U.S. government. 

The cuts also come at a time when the nation’s adversaries are eager to attack in cyberspace — both to take advantage of federal government mayhem and to settle scores over U.S. actions, such as harsh tariffs on Chinese goods and the bombing of Iranian nuclear facilities. 

“We have measurably increased our cyber risk as a country,” said Michael Daniel, who served as White House cyber czar during the Obama administration and is now president of the Cyber Threat Alliance, a coalition of tech firms that share cyber threat information. 

Mass exodus

About one-third of employees at the government’s top cyber agency, the Cybersecurity and Infrastructure Security Agency, or CISA, have left government since the start of the Trump administration, through a combination of buyouts, early retirements and layoffs. That’s roughly 1,000 cyber defenders off the job. Those that remain are facing a nearly insurmountable set of challenges, shouldering ever more responsibilities, working under the constant threat of additional downsizing and budget cuts and triaging a new set of threats created by the Trump administration’s insistence on speeding up the pace of government. 

“A lot of good people have left. Those that [remain] have fewer resources to do things the right way. Fewer hands doing defense means we’re less safe,” said a former senior cyber official who exited government during the Trump administration and requested anonymity to speak candidly about the government’s cyber risks.

There have also been cyber exits at the FBI and other federal agencies, though precise numbers are less clear. 

The FBI declined to disclose how many employees have exited its cyber division in response to a Nextgov/FCW query or to comment on the effects of the departures on its cyber mission. 

In response to a Nextgov/FCW query about the effects of CISA’s employee exodus, Public Affairs Director Marci McCarthy said the agency “is laser-focused on securing America’s critical infrastructure and strengthening cyber resilience across the government and industry.” 

“We are proud to be the nation's cyber defense agency and remain steadfast in our mission,” McCarthy said.

DOGE never specifically targeted cyber workers for layoffs. The CISA departures come primarily from voluntary buyouts and, to a lesser extent, the elimination of CISA offices dealing with election integrity and diversity. But the result is the same. The president’s proposed 2026 budget would cut CISA funding by nearly $500 million if adopted into law, making re-filling those positions highly unlikely. 

“I’m hearing from folks that have remained that they’re down 30 to 40 percent in some mission critical areas. Those kinds of deficits in talent and expertise really do impact the mission,” a former Homeland Security Department cyber official who now advises federal agencies on cyber protections, said. 

“If you’re a foreign adversary, you’re like, ‘This is a field day. We couldn’t hope for a better series of outcomes,’” said the former official who also requested anonymity to speak candidly. 

Reversing course

The mass staff exodus and proposed budget cuts represent a massive course reversal for government cyber efforts. CISA was founded with about 1,000 employees in 2018. Within five years, that number had more than tripled to nearly 3,200 full-time employees. During roughly the same time period, the agency’s budget approximately doubled to nearly $3 billion. 

That growth was commensurate with the broadening scope of the threat during a period that saw massive criminal and nation state-backed hacks targeting government agencies and critical infrastructure, such as pipelines, ports and hospitals. 

The government also dramatically expanded its cyber support for critical infrastructure during this period, including a massive push to help secure election systems against hacking — assistance that’s now in jeopardy. 

“Everyone I talk to [in industry] says it’s radio silence from CISA and there’s a sharp decrease [in communications] from the FBI,” Daniel said.

The backsliding with industry is particularly concerning for former officials because the government has spent years trying to convince companies that it’s in their best interest to cooperate with the federal government on cyber challenges, including by sharing threat information. 

That has been an uphill battle for two big reasons. First, companies fear getting attacked by privacy advocates over concerns that they’re turning over customer data to the government. Second, they argue that government processes for declassifying cyber threat information are so onerous that information the government shares back often isn’t very actionable. 

“Industry’s willingness to continue to be patient with government and share what it can is something that, I worry, is going to head in the wrong direction,” said Megan Stifel, chief strategy officer at the Institute for Security and Technology think tank and formerly a top National Security Council cyber official during the Obama administration.

Trump released an executive order in March suggesting that some cyber responsibilities now managed by the federal government, such as cooperating with industry, should devolve to the states. That proposal dangerously underestimates the severity and complexity of the cyber threat, which states, with their comparatively meager cyber and IT budgets, are ill-equipped to handle, experts say. 

“States don’t have the capability to handle the risk coming at them,” said Tarah Wheeler, a longtime cyber professional who is now senior fellow for global cyber policy at the Council on Foreign Relations. “They don’t have the capability to handle North [expletive] Korea.”

Fewer people, more vulnerabilities and insider threats

Experts and former officials highlighted three major categories of cyber risk facing government in the wake of the DOGE cuts. 

First, there’s the basic loss of manpower. 

“If a system is designed to be operated with a certain number of people to ensure security, then, without that number of people, it’s either going to fail quietly or fail loudly,” Wheeler said. “We know what systems are failing loudly now. We don’t know which ones are failing quietly.”

Second, there’s the cyber risk created by DOGE’s efforts themselves, including a slapdash approach to handling sensitive government data and a history of skipping security protocols. 

Many of those security vulnerabilities were discovered relatively quickly, such as a custom-built server installed at the Office of Personnel Management to send mass emails to federal employees that hadn’t undergone required privacy checks. But many other vulnerabilities may remain undiscovered.    

DOGE’s staff has shrunk significantly since its leader, billionaire Elon Musk, left government in May, though several dozen DOGE staffers remain in government, mostly focused on technical modernization efforts rather than layoffs. 

Finally, there’s the risk that disgruntled employees who remain in government will retaliate by mishandling classified information — perhaps by passing it to a foreign adversary or by swiping and potentially releasing information aimed at damaging the Trump administration. Disgruntled employees with high-level access to government computer systems could also sabotage those systems or destroy their data.

Such insider threats are a perennial concern for government and industry, spurred by high profile examples from the military and intelligence community such as Chelsea Manning, Edward Snowden and Reality Winner. But those concerns spike during periods of mass layoffs and other organizational stresses.

Organizations that study insider threats, including Carnegie Mellon University’s Software Engineering Institute, have routinely found a link between layoffs and increased insider threat risk in industry. 

“Disgruntled employees are one of the biggest insider threat risks,” said Matthew Bunn, a Harvard professor focused on national security and co-editor of a book-length study on insider threats produced by Harvard’s Belfer Center for Science and International Affairs. “If you’re laying off thousands of people, you’re creating thousands of negative work events and lots of potentially disgruntled employees.”

DOGE’s callous approach to federal employees, including strong-arming top officials and erroneously firing and then rehiring employees at the National Nuclear Security Administration and other agencies, is likely to increase the insider threat risk, Bunn said. 

“They’re not remotely following best practices,” Bunn said. “I’m not sure I have great advice for a situation where you’re wielding a pretty sharp axe and cutting a lot of people at once — some of whom may be the people you need for spotting insider threats and other threats to the organization. That’s going to be a risky situation no matter what.”

Former officials pointed to an additional insider threat risk within DOGE itself, which, during its heyday, was staffed primarily by government outsiders, some of whom had links to Musk’s private companies. DOGE staffers were given broad access to sensitive digital systems at the Social Security Administration, the Office of Personnel Management and other agencies, but it’s unclear what security and background checks they went through. 

One risk is that a DOGE staffer who was insufficiently vetted might have released classified government data to an adversary. Another is that government employees who feared the damage the new efficiency teams could do to their careers could have been easily conned by hackers impersonating DOGE. In both cases, the results of those breaches could remain undetected for months or years. 

“If an email arrives with a spoofed DOGE address with a request for records and it’s your job [on the line] if you don’t do it, that’s a heightened environment for spear phishing campaigns,” said Tarah Wheeler, a senior fellow for global cyber policy at the Council on Foreign Relations. Spear phishing is a form of digital attack in which hackers send a message specifically tailored to fool its target into releasing secret information or unknowingly downloading malicious software. 

A recruiting nightmare

The effects of the government’s cyber purge will likely be even more damaging down the road. 

The federal government has spent years trying to recruit cyber workers away from the private sector, where salaries are typically much higher. Those efforts included special rules that allow for higher pay for cyber workers and programs that encourage those in industry to take short-term government rotations. Agencies also touted the benefits of government work, including better job stability than the private sector. 

After the past few months, however, government work is looking like a far riskier bet. 

“People work for the government because of mission and, in some cases, because the government provides more stability. Both those reasons have been undercut. The federal government's commitment to the mission seems less, and the stability is gone,” Phil Reitinger, a former Homeland Security Department cyber official who now leads the Global Cyber Alliance, a nonprofit that provides free cybersecurity tools, said. 

When the government’s current cyber staffing proves unsustainable and recruiting is difficult, the government is likely to turn to contractors to fill the gaps. That’s an option that will not only be costlier than retaining experienced government cyber defenders but is unlikely to replace the institutional knowledge lost during the past few months because contractors typically move in and out of positions more frequently, a former long-serving government cyber contractor said.

“As government employees take off, either through retirement or through layoffs, those doing the threat analysis are stretched thinner, with less mature guidance, and are left to FITFO,” said the former contractor, who requested anonymity, using an acronym for “figure it the [expletive] out.” 

“The disruptions that have happened over the past six months are going to take years to address,” Daniel said. “We’re looking at an extended period of time when the U.S. government will have reduced cyber capabilities. That gives our adversaries an opportunity.”