Mullin floats 2,800-worker CISA amid FY2027 cuts

The Cybersecurity and Infrastructure Security Agency’s field capacity is the operational risk in Mullin’s budget defense. At a June 3 House Homeland Security Committee hearing covered by Inside Cybersecurity, Mullin said the agency has authority to hire up to 3,400 people but is down to about 2,200. His working number was lower than that authority: CISA “probably” needs around 2,800 if it can rely on state partnerships and use grant money to invest with local and state municipalities. That shifts the question from headcount to service coverage for states, municipalities, small businesses and critical infrastructure operators.

The staffing numbers are service numbers. CISA has lost about one-third of its workforce during the second Trump administration, including senior officials, Inside reports. The fiscal 2027 request would cut CISA by $707 million and make major changes to stakeholder engagement. House appropriators released a Department of Homeland Security bill in line with CISA’s $2.4 billion request, with $31 million for “mission critical positions” to counter foreign adversaries such as China. That hiring line sits beside Acting Director Nick Andersen’s April statement that Mullin approved a “329 vacancy critical hires list,” including field personnel who provide services to districts and local communities.

Garbarino framed the concern in practitioner terms: CISA has to protect federal civilian networks and critical infrastructure while adversaries increasingly use artificial intelligence. Mullin answered that cyberattacks are getting stronger and hitting private partners the most, and said CISA would not fail its mission. For organizations that use CISA’s field services, the issue is whether a smaller agency, a critical-hire list and heavier reliance on public partnerships produce enough help for the small businesses, municipalities, states and infrastructure operators Mullin and Garbarino named.