Democrats demand CISA explain how it’s supporting election offices

In a letter Monday addressed to leaders of the Cybersecurity and Infrastructure Security Agency, Democratic lawmakers demanded to know why the agency hasn’t responded to their recent inquiries about the level of support the agency is providing state and local election offices.

Ranking members Rep. Joseph D. Morelle and Sen. Alex Padilla wrote that they’re seeking “urgent updates” to the status of numerous election security policies and programs offered by CISA under previous administrations. The letter, which is addressed to CISA acting Director Madhu Gottumukkala and Mona Harrington, assistant director of CISA’s National Risk Management Center, demands a “comprehensive briefing” on CISA’s operations and personnel before July 21.

“CISA’s repeated failure to respond to our requests for information while undertaking a significant reshaping of the agency’s personnel and mission is unacceptable,” the letter reads. “We remain deeply troubled by the lack of information CISA has provided to congressional oversight committees and the lack of substantive responses to our questions.” 

The lawmakers reference their roles in protecting elections infrastructure via the Committee on House Administration and the Senate Committee on Rules and Administration, as well as three past attempts to obtain information about CISA’s operations via letters sent to the agency in February, March and April. CISA did not immediately respond to an email from StateScoop requesting an explanation for its lack of communication. 

News of Monday’s letter was first reported by Democracy Docket.

Morelle and Padilla write that they’re especially concerned with rumors of additional funding cuts and personnel cuts within the agency, which under former President Joe Biden and the first administration of Donald Trump provided or brokered numerous services designed to protect election systems. They note the widely reported figures of 1,300 potential cuts from the full-time CISA workforce and 40% of its contractors.

“[W]e have heard complaints that CISA staff may be afraid to work with state and local election officials and vendors for fear of retribution. If accurate, this is a very serious issue,” the letter reads. “… Furthermore, it is our understanding that many employees have already begun the process of leaving CISA—or have already departed—and that restructuring may already be underway. The agency’s continued failure to provide any modicum of transparency to Congress and the public is unacceptable.”

The letter contains a list of more than 20 questions, as broad as “What is the status of CISA’s reorganization?” and as detailed as “How many requests for physical security assessments has CISA received from election officials since January 2025, and how many physical security assessments have been conducted?” They ask whether CISA is still providing vulnerability scanning services, and whether CISA is doing anything to advertise the availability of its offerings to state and local agencies.

Many current and former election officials have told StateScoop that they’re alarmed about the prospects of keeping the nation’s election systems secure, particularly in light of threats from adversarial nation-state actors, after CISA not only saw its own staff shrink, but after it cut funding this year from two information-sharing organizations: the Elections Infrastructure Information Sharing and Analysis Center and the Multi-State ISAC.

After the Center for Internet Security, the nonprofit that runs both organizations, lost support for the EI-ISAC last February, secretaries of state drafted a letter to Homeland Security Sec. Kristi Noem requesting that her department continue providing essential security services, like penetration testing and Albert sensors. In March, the National Association of Secretaries of State said it received a response from Noem encouraging states to take advantage of CISA’s security advisers and the services of the MS-ISAC.

“This includes cyber and physical security assessments, incident response planning resources, and tabletop exercises you highlight in your letter,” Noem’s letter read.

In statements to StateScoop around the time of the cuts, CISA explained that funding at the information-sharing groups was cut because the services were duplicative with services CISA was already providing. The Center for Internet Security told StateScoop last April that it will provide gap funding for the MS-ISAC, which lost about $8.5 million in federal funding, so that it can continue to support state and municipal cybersecurity efforts.