The beleaguered Cybersecurity and Infrastructure Security Agency faces a big test in 2026, with pressure mounting on the agency to clarify its approach to a wide range of security challenges.
As it reels from workforce cuts, lost resources and weakened partnerships, CISA will need to revitalize its support for critical infrastructure operators, craft an incident-reporting mandate that walks a tightrope of competing interests and develop a strategy to confront the Chinese government’s increasing aggression in cyberspace. The agency will also need to fix a morale crisis that threatens to further erode its operational readiness, as well as decide how much it intends to help state and local governments secure the upcoming midterm elections.
That many priorities would strain even a healthy agency, and since President Donald Trump took office a year ago, CISA has been anything but healthy.
“Losing 30 percent of your people in an unstructured drawdown is clearly a bad idea and this will hurt in every area,” said Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation.
From infrastructure protection to employee recruitment to whatever assignments it receives in Trump’s new cyber strategy, CISA enters 2026 fighting an uphill battle, with a lot riding on whether it can turn itself around.
“We want CISA to succeed,” said former senior agency employee Lauren Zabierek, “because their success strengthens our national security.”
CISA’s acting director, Madhu Gottumukkala, said the agency has “sharpened its mission” under the Trump administration.
“We will continue to work shoulder-to-shoulder with our trusted partners to improve federal network defense, empower small and medium businesses and critical infrastructure across the country to build resilience, and share timely and actionable threat information to assist in safeguarding the systems and networks Americans rely on every day,” Gottumukkala said in a statement.
Here are the seven biggest challenges that CISA faces this year.
1. Protecting critical infrastructure with slim resources.
The biggest challenge CISA faces in 2026 is supporting critical infrastructure companies and state and local governments after losing thousands of employees and several key collaboration tools.
CISA has lost staffers focused on regional outreach, infrastructure security and strategic planning, making it harder for the agency to connect with infrastructure operators, deliver security services and guidance to them and collaborate with them on countering future threats.
“Our capacity to deliver our technical services has been significantly reduced in the past 11 months due to the cuts in programs and contracts, and we have to do more with less,” said one CISA employee, who, like other staffers interviewed for this story, requested anonymity to speak freely.
Several of the agency’s infrastructure partners agreed. “The essential mechanisms CISA needs to support critical infrastructure partners have been hollowed out,” said Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center. If a cybersecurity crisis hits healthcare or any other sector, he predicted, CISA’s “vital lifeline of coordination, support, and resource triage will be severely constrained, if not entirely severed.”
Prior to the cuts, CISA had been trying to increase its support for the education sector, a community often overlooked in discussions about critical infrastructure despite weathering some of the most disruptive attacks. But “current events have absolutely set us back,” said Doug Levin, national director of the K12 Security Information eXchange. Schools have noticed a stark difference, Levin said, “in state [and] regional [CISA] offices where personnel are simply not available to provide services anymore.”
The agency’s partnerships have also suffered as a result of the Trump administration both shuttering the Critical Infrastructure Partnership Advisory Council, which facilitated sensitive discussions, and eliminating funding for the Multi-State Information Sharing and Analysis Center, which provides vital intelligence and services to state and local governments. Cyber experts and industry leaders urged the government to reverse both moves.
The cuts have “created a dangerous void” and left U.S. critical infrastructure “fundamentally more vulnerable,” Weiss said.
The recent changes have also eroded CISA’s reputation as a reliable partner for the critical infrastructure community.
“The people that CISA should be supporting don’t trust us, and right now they’re absolutely right in that position,” said a second CISA employee.
By cutting staff, collaboration forums and travel allowances, “DHS seems to be making it as hard as possible for CISA employees to have contact with the private sector,” said Michael Daniel, president of the Cyber Threat Alliance, an industry collaboration group. “Over time, these restrictions will degrade CISA’s effectiveness, reduce its understanding of the broader environment, and make its products … less relevant.”
The Trump administration has said that the cuts at CISA are part of reorienting the agency toward its core protective mission. But infrastructure representatives rejected that framing. “You can’t simply ‘refocus’ CISA on core defense without acknowledging that defense relies entirely on those external relationships,” Weiss said.
2. China’s aggressive cyber and geopolitical ambitions.
The looming potential of an armed conflict between the U.S. and China over Taiwan has further elevated the stakes of CISA’s critical infrastructure protection mission.
Companies look to CISA for early warnings of threat activity and guidance on thwarting China-linked hackers, while policymakers rely on the agency to identify and prioritize critical national assets that need protection, such as the railways and ports used to mobilize military equipment. Those responsibilities will put CISA at the center of any conflict over Taiwan, given that China is expected to open such a conflict by hacking U.S. infrastructure to delay an American response to the invasion. But many experts are pessimistic about CISA’s current readiness to prevent or respond to those attacks.
A Chinese invasion of Taiwan “will be the geopolitical crisis of our time,” but CISA is “ill-prepared” to play its part, said Brian Harrell, a former assistant director for infrastructure security at CISA. “I question current relationships and information sharing mechanisms.”
China-linked infrastructure hacks are “akin to putting a gun to our head,” said Suzanne Spaulding, who led CISA’s predecessor at DHS for six years. “We need to take the bullets out of that gun by working to reduce the likelihood that China’s cyber efforts will have the impact they seek.”
3. Balancing the regulatory challenges of CIRCIA.
CISA is also racing to finalize a regulation requiring critical infrastructure operators to report cyber incidents to the agency. The 2022 Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) required CISA to publish the final version of the rule by October 2025, but CISA extended that deadline to this May. Companies and their lawyers are closely watching CISA’s process of drafting what has become known as the CIRCIA regulation, which will be the U.S.’s first comprehensive cyber incident reporting requirement.
Currently, the vast majority of cyberattacks in the U.S. go unreported. The CIRCIA rule is expected to dramatically increase the government’s awareness of cyber threat activity facing critical infrastructure companies. “It’s essential, not just for CISA but for our security, to get CIRCIA in a working state,” said Jeff Greene, a former executive assistant director for cybersecurity at the agency.
But CISA faces a difficult balancing act: preserving the rule’s core information-gathering purpose while addressing businesses’ complaints that the Biden administration’s draft regulation is too onerous, broad and vague. Industry representatives say the draft rule overburdens companies in the middle of chaotic incidents, and some question CISA’s ability to effectively use the ocean of data it will receive.
“The agency is likely going to be under pressure to make the reporting system as minimalist as possible,” said Daniel, who served as President Barack Obama’s cyber adviser.
CISA will do its best to produce a rule that generates useful reports without impeding businesses, Greene said, but “you’re not going to get something that everyone thinks is great and well-crafted.”
The contours of the final CIRCIA rule will define CISA’s relationship with the private sector in the coming years. “It is critical that CISA gets the implementing regulation right,” said John Miller, a top executive at the Information Technology Industry Council.
4. Uncertainty over CISA’s commitment to product security.
CISA’s transformation over the past year has raised questions about its commitment to a major pressure campaign aimed at improving the security of the digital ecosystem.
During the Biden administration, CISA launched a “Secure by Design” initiative to encourage companies to build security into their products from the beginning and turn on secure features by default. Hundreds of companies have signed a pledge to make improvements in seven specific areas. But the key figures behind the initiative left CISA at the beginning of the Trump administration, and CISA has done nothing publicly with the project since then, raising questions about its fate.
Zabierek, one of the project’s now-former leaders, said she hoped the Trump administration recognized its value and kept it alive, because “preventing cyberattacks through more secure technology is the most sustainable path to national cyber safety in the long run.”
Secure by Design could dovetail with the Trump administration’s unconventional political strategy, either through heavy-handed pressure on tech companies often criticized by conservatives or through praise of participating businesses as conscientious stewards of public safety. But either approach would require resources, staff and open communication with industry — all things the administration has taken from CISA.
Greene said CISA was “starting to have [a] real effect” with Secure by Design during the Biden administration. “We’re starting to see companies go through the cycle that we had hoped to see.”
5. Election cybersecurity.
With the midterm elections looming, security experts predict a resurgence in foreign influence operations designed to sow chaos and sway voters. In past election cycles, CISA helped state and local officials rebut misinformation and coordinated closely with the FBI and the intelligence community to track and disrupt foreign interference. But CISA’s anti-misinformation activities prompted reprisals from the new Trump administration, casting doubt on the agency’s attitude toward election security this year.
Trump “has weakened the nation’s preparedness” for election threats, Jena Griswold, Colorado’s Democratic secretary of state, told Cybersecurity Dive.
Caitlin Durkovich, a White House homeland-security official during the Biden administration, said the Trump team “has signaled that collecting on, exposing, and disrupting increasingly sophisticated hostile — or aspiring — foreign state actors will not be a priority.”
Even if the White House allows CISA to reengage on the issue, staffers will likely be reluctant to take part in a mission that the administration considers radioactive. And whatever effort CISA does make will encounter skepticism from state and local officials who have lost trust in the agency. “Many no longer see CISA as an honest broker,” Spaulding said. “This is devastating and will take many years to recover.”
6. Overcoming the agency’s internal morale crisis.
CISA won’t be able to achieve any of its goals, experts said, without addressing its crippling morale crisis and refilling hundreds of vital positions. In addition to firing many workers, the Trump administration has forced out others by sending them to other Department of Homeland Security agencies, sometimes in unrelated roles across the country.
“Successful efforts to traumatize the federal workforce have decimated CISA,” Spaulding said.
CISA has announced ambitious plans to fill critical gaps in its workforce this year, but the administration’s attacks on CISA and the broader federal workforce will make it very difficult for the agency to recruit new employees and retain current staffers.
“It will take a long time to hire their way out of all firings and departures,” Greene said. “Almost everyone I know who left is making more money and working fewer hours, so getting those people to come back … is not going to be super easy.”
CISA might be able to find new workers in the months ahead, Greene said, but the hiring process is so slow that the agency may not see the benefits for a long time.
In the meantime, some employees say they’re trying to make due with the agency’s remaining capacity.
“We’ve got to pick up the pieces and still do our jobs,” said a third CISA employee. “A lot of people are still committed to the mission, but it’s going to be tough sledding.”
7. Leadership vacuum.
CISA will struggle to improve morale, confront China and reestablish its trusted public presence without a permanent director. Trump’s nomination of Sean Plankey to lead CISA expired at the end of 2025, and it is unclear if Trump will renominate him.
“Getting a CISA director confirmed is absolutely critical,” Montgomery said. “No defense agency — whether it’s CISA or NSA — should … go without a permanent leader for more than 10 days, much less 10 months.”
Agencies without leaders struggle to make big changes and to advocate for themselves in strategy and budget meetings with the White House and other agencies. “The ability to put longer-term plans in place is really hamstrung,” said Trey Herr, senior director of the Atlantic Council’s Cyber Statecraft Initiative.
The mid-level officials currently steering CISA won’t want to make big decisions on CIRCIA, election security and other issues without a director in place. That could force CISA to watch as other agencies take the initiative on cybersecurity.
Harrell said he admired the people currently running CISA, “but they need the autonomy and flexibility to lead without doing ‘Mother, may I’ to the DHS front office for every issue.”