What is CISA and what does it do?

CISA, the Cybersecurity and Infrastructure Security Agency, is a U.S. federal agency responsible for protecting the nation's critical infrastructure from physical and cyber threats. It acts as the lead for federal cybersecurity, works with state and local governments, and partners with the private sector to improve national cyber resilience.

Why are these potential budget cuts so significant?

Significant cuts to CISA's budget could severely weaken the nation's ability to defend against cyberattacks. It would impact critical programs that protect federal networks, reduce support for state and local governments who rely on CISA's help, and hamper partnerships designed to protect essential services like energy, water, and healthcare.

What specific CISA programs could be affected by budget cuts?

Past proposals have targeted key programs like Continuous Diagnostics and Mitigation (CDM), which provides real-time security monitoring for federal agencies, and proactive threat hunting initiatives that actively search for hidden adversaries on government networks. Funding for partnerships and information sharing would also likely be at risk.

Is this an official budget proposal for the next fiscal year?

No. The concerns are based on the final budget proposal from the Trump administration in 2020 for FY2021, which sought a $100 million cut, and statements from allies suggesting even deeper cuts could be pursued in a future administration. It is not a current, formal budget request.

Trump budget proposal signals deep cuts to CISA, raising national security alarms

The Specter of Austerity

Concerns are escalating within the national security community over the potential for deep funding cuts to the nation's premier cyber defense agency. A past budget proposal from the Trump administration, coupled with suggestions from allies for even deeper reductions, has raised alarms about the future of the Cybersecurity and Infrastructure Security Agency (CISA). According to a report from CyberScoop, Rep. Bennie Thompson (D-Miss.), a leading Democrat on the House Homeland Security Committee, has sharply criticized the prospect of slashing CISA's budget by "hundreds of millions," a move he deems "unacceptable" given the rising tide of global cyber threats.

To be clear, this is not a formal budget request for the upcoming fiscal year. Rather, it reflects the Trump administration's final budget proposal in 2020 for Fiscal Year 2021, which sought a $100 million reduction for the agency. The current anxiety stems from the possibility that a future administration could revisit these cuts and expand upon them. CISA, which currently operates with an enacted budget of roughly $3 billion for Fiscal Year 2024, serves as the operational lead for federal cybersecurity, a critical partner for state and local governments, and the primary risk advisor for the nation's critical infrastructure. A significant reduction in its funding could have profound consequences for national resilience.

What's on the Chopping Block?

Unlike a technical vulnerability with a specific CVE number, a budget cut is a policy decision with far-reaching, systemic implications. The previous proposal targeted specific, high-impact programs, offering a preview of what could be at risk. Two key initiatives historically in the crosshairs were the Continuous Diagnostics and Mitigation (CDM) program and proactive threat hunting operations.

The CDM program is a cornerstone of federal network defense. It provides federal departments and agencies with automated tools to gain near real-time visibility into their own networks. Think of it as a comprehensive security system that constantly scans for vulnerabilities, misconfigurations, and unauthorized devices. Weakening CDM would be akin to turning off security cameras and motion detectors in a high-security facility, leaving federal networks partially blind to emerging threats and ongoing intrusions.

Threat hunting, another targeted area, represents a shift from reactive to proactive defense. Instead of waiting for an alarm to sound, threat hunters actively search for signs of sophisticated adversaries who may have already bypassed traditional defenses. These highly skilled analysts look for subtle indicators of compromise that automated systems might miss. Reducing funding for these teams means allowing skilled attackers more time to dwell inside networks, steal data, and prepare for destructive attacks. Other vital CISA functions, such as the Joint Cyber Defense Collaborative (JCDC) which coordinates defense planning with the private sector, would also likely face significant strain under an austerity budget.

A Cascade of Consequences: The Real-World Impact

The impact of gutting CISA's budget would not be confined to federal agencies in Washington, D.C. It would create a cascade of risks affecting every level of government and the private sector, ultimately threatening the stability of services Americans rely on daily.

Critical Infrastructure at Risk: CISA is the lead federal agency for protecting 16 critical infrastructure sectors, including energy, water, healthcare, and financial services. Major incidents like the 2021 Colonial Pipeline ransomware attack demonstrated the fragility of these systems. CISA provides these sectors with tailored threat intelligence, vulnerability assessments, and incident response support. Budget cuts would hamper these public-private partnerships, leaving our power grid, hospitals, and supply chains more exposed to nation-state and criminal actors.
State and Local Governments Abandoned: Many state, local, tribal, and territorial (SLTT) governments lack the funding and expertise to build sophisticated cybersecurity programs. They lean heavily on CISA for grants, threat information, and direct assistance during attacks. Slashing CISA's budget would disproportionately harm these smaller entities, creating a patchwork of security across the country where under-resourced communities become easy targets for ransomware gangs and other adversaries.
A Weaker Federal Defense: Since its establishment in 2018, CISA has become indispensable in coordinating federal cyber defense, issuing binding operational directives, and leading the response to major incidents like the SolarWinds supply chain attack. Reducing its capacity would mean slower detection of intrusions, a less coordinated response, and a greater overall risk to sensitive government data and operations.
Brain Drain: The federal government already struggles to compete with the private sector for top cybersecurity talent. A CISA perceived as unstable or underfunded would likely see an exodus of its most skilled analysts and leaders, further degrading the nation's defensive capabilities.

How to Bolster Defenses in an Uncertain Climate

While the future of CISA's funding is a matter of political debate, organizations and individuals cannot afford to be passive. A potential reduction in federal cybersecurity support underscores the need for self-reliance and proactive security measures.

For Businesses and Critical Infrastructure Operators:

Invest in Internal Capabilities: Do not assume federal assistance will always be immediately available. Build and invest in your own internal security operations center (SOC), incident response teams, and threat intelligence capabilities.
Embrace Public-Private Collaboration: Actively participate in your sector's Information Sharing and Analysis Center (ISAC). The threat intelligence shared among peers is invaluable and becomes even more important if centralized government information flows are reduced.
Stress-Test Your Defenses: Regularly conduct penetration testing, tabletop exercises, and vulnerability assessments to identify and remediate weaknesses before they can be exploited. Assume a breach is not a matter of if, but when.

For State and Local Governments:

Forge Regional Alliances: Collaborate with neighboring jurisdictions to pool resources, share expertise, and establish mutual aid agreements for cybersecurity incidents.
Maximize Existing Resources: Take full advantage of all currently available CISA programs and grants. Harden your systems now while these resources are still robustly funded.

For Individuals:

Practice Rigorous Cyber Hygiene: National security starts with individual security. Use strong, unique passwords for all accounts, enable multi-factor authentication (MFA) everywhere possible, and be vigilant against phishing attempts.
Secure Your Communications: When using public Wi-Fi, your data can be exposed to snooping. Using a reputable VPN service encrypts your internet traffic, providing a critical layer of privacy protection against local threats.

The debate over CISA's budget is more than a line item in a federal ledger; it is a referendum on our national commitment to cybersecurity. In an environment where cyber threats are growing in sophistication and frequency, reducing the capabilities of our primary defensive agency is a gamble with stakes that are simply too high.