DOGE-led cuts sparked mass firings, including significant layoffs at CISA - but a new ruling requires some of these former employees to be rehired.
The first two months of President Trump’s second term have been marked by wide-reaching cuts to federal agencies, typically coordinated by the new Department of Government Efficiency (DOGE), led by tech billionaire Elon Musk. The cuts have spawned anger and confusion as federal workers first saw extensive program freezes which were then rescinded, then were encouraged to resign in the ‘deferred resignation’ initiative that was later limited to only certain agencies, all before federal workers were asked to share five things they did in the previous week, with Musk saying a non-response would “be taken as a resignation” over social media. Again, certain agencies were told to ignore the DOGE-ordered request, with the Department of Health and Human Services citing security concerns.
According to some reports, over 105,000 workers have been fired from federal agencies since inauguration day. This extraordinary number includes several employees from the Cybersecurity and Infrastructure Security Agency (CISA), which has experienced an around 10 percent loss of their workforce while they look to new leadership. CISA’s shrinking payroll may not appear remarkable in the context of other federal cuts, but the agency has received special attention from the new Secretary of the Department of Homeland Security, Kristi Noem. Noem said that “CISA needs to be much more effective, smaller, more nimble, to really fulfill their mission, which is to hunt and to help harden our nation’s critical infrastructure,” at her confirmation hearing. While her comments alluded to limiting the agency’s work to stop misinformation and disinformation around elections, the cuts have extended far past election security.
In what has been dubbed the “Valentine’s Day Massacre”, nearly 25,000 federal probationary employees were fired during Valentine’s Day weekend, without warning or evidence of poor performance. According to the Washington Post, some employees had even recently received positive reviews of their performance or hadn’t worked there long enough to be evaluated. During this event, CISA lost 130 probationary employees (including threat hunters, disabled veterans and employees and incident response team members), accounting for more than 4% of the workforce. The cut came after the previous director, Jen Easterly shared that the agency hired more than 2,000 employees over the past 3 and a half years, which fell in line with the Biden-Harris Administration’s National Cyber Workforce and Education Strategy (NCWES). The plan was created to address the cyber skills gap and strengthen the federal workforce.
The mass firings caused anxiety for more than just the axed workers. Rob Joyce, the former special US liaison at the National Security Agency (where he also led the cybersecurity division for three years), denounced the action with “grave concerns” in a hearing on Chinese cyber threats. Joyce said that the “aggressive threats to cut U.S. government probationary employees will have a devastating impact on the cybersecurity and our national security.” Considering the depth and sophistication of the recent attacks by China-sponsored threat actors, like the Salt Typhoon hack that compromised the infrastructure of at least eight large US telecommunication firms and may have allowed cyber criminals to listen into live phone calls from top officials, scaling down the cybersecurity agency seems counterproductive to those who are familiar with the persistence of cyber campaigns against the US.
Now, about a month after the Valentine’s Day firing event, a federal judge has ruled the mass firings of the probationary workers was unlawful and ordered their return. CISA issued a short press release acknowledging the reinstatement decision the day following the ruling, March 18, 2025. While release currently only directs the affected employees to contact CISAHR@mail.cisa.gov, an earlier version reportedly asked them to email a “password protected attachment that provides your full name, your dates of employment (including date of termination), and one other identifying factor such as date of birth or social security number.” The original request also directed the former employees to send the password to the same mailbox. If this is true, this would be a critical security risk - but it would not be the first that arose from DOGE actions.
The probationary workers have technically been given their jobs back, but they are currently on paid leave as the legal issues continue. The judge’s order is only temporary - so it’s possible that after more litigation, the probationary workers may be fired again in what would only be one chaotic story in a largely tumultuous period in government. At the same time of this limbo that has limited CISA’s abilities, Trump released a National Resilience Strategy that includes some of a cyber agenda. Hopefully, the disarray does not look like an invitation to foreign adversaries who are unlikely to wait for the dust to clear.