The Trump administration recently announced plans for cutting roughly $700 million from the Cybersecurity and Infrastructure Security Agency's FY 2027 budget. This would translate to a net reduction of about $360 million after transfers and adjustments. The proposed reduction would target election security, workforce development, stakeholder engagement and infrastructure protection efforts.
The timing of the announcement seems equal parts troubling, curious and, ultimately, strategic. The proposed cuts coincide with a joint announcement from the agency and other leading law enforcement and intelligence organizations citing concerns over Iranian hackers targeting U.S. manufacturing and critical infrastructure entities, including energy providers and water treatment plants.
Additionally, a focus on workforce reduction funding seems to fly in the face of numerous reports outlining the need for, and shortage of, trained cybersecurity professionals. In other words, there are more threats against critical U.S. assets and more people are needed to help combat them.
CISA’s chemical security program is also on the chopping block, which would cut more than 200 positions tied to inspections and oversight of high-risk facilities. However, an estimated $300 million and hundreds of people from the DHS’s Countering Weapons of Mass Destruction office would be transferred into CISA to help manage the load.
The aforementioned "stakeholder engagement functions" is another way of allocating financial resources towards working with any and all private and public sector organizations around the world. These efforts assist in gaining information and response strategies to combat threats that are evolving faster than defense mechanisms.
However, it's the remaining area addressed by the cuts that offers some interesting perspective.
A primary target of CISA's budget reductions would be the elimination of the agency's election security program. Fallout from the 2020 election included President Trump's dismissal of the agency's first director, Chis Krebs, after he attested to the security of the election that removed Donald Trump from office. Many feel this is the root of the administration's frustrations with CISA.
Potential political vendettas aside, the elimination of the Elections Infrastructure Information Sharing and Analysis Center, or EI-ISAC could provide a pathway to bigger issues. This is the office that collects and distributes threat intelligence and incident response data for state and local election officials in combating ransomware attacks, phishing campaigns and subversive efforts from foreign adversaries.
The Road Ahead
The cuts still need congressional approval, and they could follow the same path as last year when the Trump administration attempted to reduce CISA's funding by nearly $500 million. Lawmakers pushed back and the cuts were minimized. The agency is currently headed by acting director Nick Anderson. He is filling the role after Madhu Gottumukkala transitioned to a different role within the Department of Homeland Security.
The proposed cuts and seeming lack of support from the Trump administration have been supported by some who feel CISA has strayed from its initial mission of protecting federal networks and critical infrastructure. Others feel excessive government hand-holding could actually be preventing the private sector from doing more on its own to address cybersecurity deficiencies that have emboldened hackers and fueled more attacks.
Matthew Hartman, Chief Strategy Officer at Merlin Group, and former Deputy Executive Assistant Director for Cybersecurity at CISA, offered the following thoughts. "Cutting $707 million from CISA would be a strategic mistake at exactly the wrong moment. CISA is the connective tissue for federal civilian cyber defense and a key partner to critical infrastructure owners and operators.
"Weakening CISA weakens the entire ecosystem. Among other threats, we are facing PRC pre-positioning on critical infrastructure and a growing use of AI to accelerate zero-day discovery and exploitation. That’s not an environment for belt-tightening – it’s a call to invest."
John Bambenek, President at Bambenek Consulting, seemed to echo these sentiments, stating that, "It appears that the White House wants CISA to focus solely on protecting the federal government’s computer systems and to leave states, local governments, and private industry to fend for themselves.
"At a time when there are increased nation-state threats, that means less (or no) federal government help to protect society from hostile foreign governments. Note that the fourth item on the administration's National Cyber Strategy was to secure critical infrastructure. It’s unclear how that can be done with less funds and little engagement by the federal government."
