The reassignment of the cyber workforce does not mean that CISA is shutting down, but coordination is definitely expected to slow down. It may result in some of the key cybersecurity roles going unfilled.
“The first thing to suffer is threat hunting, as it is highly specialized and resource-heavy. So it is usually scaled back first. Next is vulnerability management and scanning, then threat monitoring. Incident response is protected as long as possible, but without enough people, surge capacity gets hit quickly during major events,” said Amit Jaju, senior managing director at Ankura Consulting.
In place of multiple detailed alerts in a week, you may see only one alert, Dhar said. “Low-priority vulnerabilities may pass through easily, and when advisories are delayed, patching schedules also don’t get updated on time, for both government departments and industry. This is how small security gaps turn into large-scale incidents.”