March 4, 2026
Iran's hackers surge as CISA runs on 800 furloughed-down staff
Congress''s funding lapse leaves CISA at 31% staff as Iran targets U.S. infrastructure
🔒Digital Rights🛡️National Security🏛️Government
CISA was operating with approximately 800 of its 2,540 employees as of March 4, 2026 — roughly 31% of its full workforce. The rest were furloughed under the DHS funding lapse. A federal agency running at 31% capacity during a period of elevated nation-state cyber threat represents a direct national security gap.
CISA's website had not been updated since February 17, 2026 — more than two weeks. The agency publishes threat advisories, vulnerability alerts, and critical infrastructure warnings. A two-week blackout of those communications means the private sector is flying partially blind on new Iranian cyber tactics.
CISA's acting director had been reassigned to a cost-cutting review role inside DHS the previous week. The agency was simultaneously losing staff to furloughs and losing its acting leadership to a DOGE-style efficiency review — a double degradation of its operational capacity.
Cybersecurity experts told CNBC that Iranian state-sponsored hacking groups — including APT33 (Refined Kitten) and APT34 (OilRig), both attributed to Iran's Islamic Revolutionary Guard Corps — were increasing targeting of U.S. businesses and critical infrastructure sectors including energy, water, and financial services.
On March 3, 2026, Amazon Web Services confirmed that its data center in Bahrain was damaged by a nearby drone strike and that two of its UAE data centers had been 'directly struck' by Iranian drones. All three facilities were offline. Iran's state news agency Fars News attributed the attacks to Amazon's support for 'U.S. military and intelligence activities.'
The AWS strikes marked the first time a major U.S. tech company's physical infrastructure was explicitly targeted by a foreign power in connection with a U.S. military operation. Amazon is a major contractor for the CIA, NSA, and DoD through its AWS GovCloud and classified services. The strikes blurred the line between civilian tech infrastructure and military targets.
CISA was created by Congress in 2018 specifically to serve as the national coordinator for cybersecurity across government and critical infrastructure sectors — including the 16 critical infrastructure sectors that the federal government has designated as essential to national security, public health, and safety. Its degraded capacity comes precisely as one of those threats materializes.
The CIRCIA incident reporting rule — which would require private-sector companies to report cyber incidents to CISA within 72 hours — had already been delayed to May 2026 before the furloughs. The combination of a delayed reporting rule and a degraded CISA means the federal government's ability to detect, share, and respond to cyber incidents is significantly reduced.
CISA's 2025 DOGE cuts had already reduced its workforce before the furloughs. Earlier in the year, the Trump administration had reorganized CISA's internal structure, eliminating its election security program and cutting election grants 40% — changes that critics argued politicized the agency's priorities.
The scenario — a congressionally-funded DHS lapse, a furloughed CISA, and an active Iranian cyber campaign — illustrates a systemic vulnerability: the government's cyber defense capacity is directly tied to appropriations politics, meaning foreign adversaries can time cyberattacks to coincide with domestic budget fights.
🔒Digital Rights🛡️National Security🏛️Government
People, bills, and sources
Sean Plankey
CISA Acting Director (reassigned to DHS cost-cutting review)
Kristi Noem
Secretary of Homeland Security
Amazon Web Services (AWS)
U.S. tech company, major defense contractor
IRGC cyber units (APT33 / APT34)
Iranian state-sponsored hacking groups
Congressional appropriators
House and Senate members responsible for DHS funding
Elon Musk / DOGE
Department of Government Efficiency leadership
What you can do
1
civic action
Contact your senators to demand immediate DHS funding to restore CISA
CISA is the primary federal body responsible for protecting critical infrastructure — power grids, water systems, financial systems — from cyberattacks. Running it at 31% capacity during an active Iranian cyber campaign is a direct national security choice. Senators who vote against DHS funding are voting to keep CISA degraded.
Hello, I am [NAME], a constituent from [CITY/STATE]. I'm calling about CISA's degraded capacity during the Iran war.
Key concerns:
- CISA is running at 31% capacity — 800 of 2,540 staff — due to the DHS funding lapse
- Iranian hackers (APT33/APT34) are actively increasing targeting of U.S. critical infrastructure in response to Operation Epic Fury
- Amazon Web Services lost three data centers to Iranian drone strikes on March 3, the first direct attack on U.S. tech infrastructure in a military conflict
Questions to ask:
- Will Senator [NAME] support emergency DHS funding to restore CISA to full operational capacity?
- Does Senator [NAME] believe running CISA at 31% during an active Iranian cyber campaign is acceptable?
Specific request: I am asking Senator [NAME] to vote for immediate DHS funding legislation to end the furloughs and restore CISA's full workforce.
Question: What is Senator [NAME]'s position on the DHS funding lapse and its impact on CISA?
Thank you.
2
research
Monitor CISA threat advisories and infrastructure alerts
CISA publishes threat advisories and vulnerability alerts for businesses, government agencies, and the public. Tracking when alerts stop being published — as they did after Feb. 17 — is itself a measure of the agency's operational capacity. Citizens can sign up for CISA alert emails to monitor this directly.