A reckless, unnecessary government shutdown has gutted the nation’s frontline cyber defenders at the worst possible moment, leaving the Cybersecurity and Infrastructure Security Agency with only a fraction of its workforce on duty while threats accelerate. Documents show CISA will keep roughly 889 employees—about 35 percent of its recent headcount—on the job during the furlough, a crippling reduction that any responsible leader would find unacceptable. This is not abstract bureaucracy; it is a real hollowing out of the people who protect our electric grid, water systems, and the private companies that keep our economy running.
Even worse, the ten-year-old information-sharing framework Congress crafted to help companies and government swap threat intelligence quietly expired on September 30, and lawmakers left a crucial national-security tool on the floor. The Cybersecurity Information Sharing Act of 2015 provided liability and antitrust protections that encouraged companies to report attacks without fear of being sued or having their disclosures weaponized against them. Letting this statute lapse amid a funding fight was political malpractice from leaders in both chambers, but the consequence is straightforward: defenders will be less willing to share tips and indicators when Washington abandons them.
Meanwhile, the bad actors aren’t waiting for Congress to get its act together; they’re striking. Major incidents from mass extortion email campaigns hitting enterprise software customers to the confirmed breach of a Red Hat consulting GitLab environment have material consequences for private industry and national security, and CISA’s ability to coordinate responses is now drastically weakened. These attacks show how agile and brazen criminal groups and state-backed actors have become, and they thrive on confusion and gaps in coordination that a shutdown and expired law create.
Make no mistake: this mess is the product of political gamesmanship, not an unavoidable technical failure. A House-passed continuing resolution included reauthorization language to keep the information-sharing authorities in place, yet the Senate failed to act and leadership let the clock run out, turning commonsense cyber protections into collateral damage. Whether through obstructionism or an unwillingness to prioritize national security over partisan talking points, the end result is the same—America is more exposed because Congress punted.
Private-sector leaders have warned that without statutory shields they will pull back from sharing threat information, meaning the “collective defense” that has protected businesses and communities will fray. Trade coalitions and cybersecurity firms alike urged reauthorization for months, forecasting exactly this chilling effect; now corporations have to weigh legal risk against national security, and many will choose caution over coordination. If Washington wants robust cyber defenses, lawmakers must stop treating the issue like another bargaining chip and restore the legal and operational tools defenders need immediately.
Patriots in Congress should demand two things right now: reopen the government so essential national-security functions can operate at full strength, and reauthorize the information-sharing law without hostage-taking or partisan amendments that put American safety at risk. The alternative is clear—continued shutdown-driven furloughs, a hollowed-out CISA, and an invitation to our adversaries and criminal syndicates to exploit our weakness. Hardworking Americans deserve better than political theater; they deserve leaders who place country over caucus and security over spin.
