The Cybersecurity and Infrastructure Security Agency (CISA) has furloughed most of its workforce as part of the ongoing U.S. government shutdown. The timing is critical, as cyberthreats continue to intensify.

According to a planning document from the Department of Homeland Security, only 889 employees, around 35% of CISA’s workforce as of May, will remain to carry out essential functions.

The agency has confirmed that additional personnel will be mobilized in the event of critical emergencies. In its statement, CISA stressed that despite the interruption in operations, it remains dedicated to protecting the nation’s core infrastructure.

Expiry of Law That Enabled Shared Defense

Alongside staffing cuts, a key legislation that enabled public and private collaboration on cyberthreats has expired. Introduced in 2015, the law offered companies protection from antitrust liability when sharing attack data with each other or with the government.

Although its reauthorization was included in a continuing resolution passed by the House, the Senate’s refusal to pass the funding bill blocked the law’s renewal.

As a result, many corporate legal teams are now advising organizations to withdraw from intelligence-sharing groups until liability protections are restored.

Threat Landscape Grows More Hostile

These setbacks have come at a time of growing danger. Chinese cyber actors are acting with increasing boldness, while ransomware attacks remain active on multiple fronts.

Security experts caution that without legal protection, many companies will avoid reporting attacks or anomalies. This will reduce the collective visibility of threat patterns. Hugh Thompson, executive chairman of the RSA conference, warned that the lapse “could effectively turn the lights out on U.S. cyber intelligence.”

Tension Between Public and Private Sectors

The breakdown of formal safeguards has further strained trust between CISA and private firms. Industry leaders highlight that the agency’s reputation and capacity had already been weakened by budget cuts and leadership disruptions.

Before the shutdown, experts had noted that CISA’s relationship with corporate security teams was under pressure. The current inability to guarantee safe exchange of information has only deepened that divide.

A Precarious Moment in Cybersecurity

The United States is now exposed on two fronts: a reduced federal cyber defense agency and a legal gap that discourages the private sector from sharing threat intelligence.

The shutdown and the stalled legislation strike at a critical time, before the agency has been able to recover from prior staff reductions and strengthen its resilience.

The development is especially striking as it coincides with Cybersecurity Awareness Month, a period when public and private sectors usually join forces to raise awareness and intensify defense measures.