Another Round of Deep Cuts Proposed for CISA
The Trump administration has unveiled a federal budget proposal that would slash hundreds of millions of additional dollars from the Cybersecurity and Infrastructure Security Agency (CISA), the United States government's primary civilian cybersecurity body. The proposed reduction comes on the heels of earlier workforce actions that furloughed approximately 62% of CISA's workforce in early 2026, leaving the agency operating at significantly reduced capacity.
Top congressional Democrats immediately criticized the proposal, describing both its scale and its structural approach as deeply misguided at a time when adversary nations are conducting unprecedented cyber campaigns against US infrastructure.
Background: CISA's Diminished State Entering 2026
CISA entered 2026 already severely weakened. The DHS shutdown earlier in the year resulted in the furlough of roughly 1,500 CISA employees — nearly two-thirds of the agency's total workforce. Critical programs paused or reduced during that period included:
- Vulnerability management and KEV catalog updates — the Known Exploited Vulnerabilities catalog saw delays in new additions
- Critical infrastructure coordination — CISA's relationships with energy, water, and financial sector operators were disrupted
- Threat information sharing — real-time threat intelligence sharing with state and local governments slowed significantly
- Election security programs — with state and local elections upcoming, election infrastructure security support was curtailed
The new budget proposal, if enacted, would compound these reductions with permanent funding cuts rather than temporary shutdown-related furloughs.
Congressional Response
The top congressional Democrat cited in CyberScoop's reporting criticized not just the size of the proposed cuts, but their nature — arguing that reducing CISA's capabilities is functionally equivalent to unilateral disarmament in the face of active adversary campaigns from Russia, China, Iran, and North Korea.
Key criticisms include:
- Timing: The cuts are proposed during a period of historically high nation-state cyber activity against US targets
- Compounding effect: The new reductions stack on top of an agency already depleted by workforce furloughs
- Program elimination risk: Deep budget cuts of this magnitude typically result in permanent program cancellations, not temporary pauses — institutional knowledge and contractor relationships that take years to rebuild can be lost quickly
- Critical infrastructure exposure: CISA coordinates protection for 16 designated critical infrastructure sectors; reduced capacity creates gaps that adversaries will exploit
What CISA Does — and What Is at Stake
| CISA Function | At-Risk Impact |
|---|---|
| Known Exploited Vulnerabilities (KEV) catalog | Delayed advisories mean slower federal patching cycles |
| Critical infrastructure security coordination | Degraded information sharing with energy, water, healthcare sectors |
| Cybersecurity advisories and alerts | Reduced frequency and depth of public threat warnings |
| Pre-election security support | State and local election officials lose federal cybersecurity assistance |
| Incident response coordination | Slower federal response to major cyberattacks affecting multiple sectors |
| Vulnerability scanning (CISA's free scanning services) | Free external attack surface monitoring for agencies and critical operators curtailed |
CISA also runs programs like the Cyber Hygiene (CyHy) vulnerability scanning service, which provides free attack surface monitoring to federal agencies and critical infrastructure operators — a program whose value far exceeds its cost by preventing exploitable vulnerabilities from going undetected.
The Geopolitical Context
The proposed cuts arrive against a backdrop of escalating adversary activity:
- Salt Typhoon (Chinese APT) conducted prolonged operations against US telecommunications providers in 2025, with Senate testimony in early 2026 confirming the full scope was larger than initially disclosed
- Russian hacktivist groups have coordinated attacks targeting election-adjacent infrastructure across NATO nations
- Iranian threat actors breached the FBI Director's personal email and conducted wiper attacks against US targets in early 2026
- North Korean group UNC1069 successfully compromised the widely-used Axios npm package in a supply chain attack affecting thousands of downstream applications
Each of these campaigns represents exactly the type of threat that CISA was established to monitor, coordinate against, and help the private sector defend from.
Historical Context: CISA Funding and Mission
CISA was created in 2018 under the Cybersecurity and Infrastructure Security Agency Act, consolidating cybersecurity functions previously spread across DHS and other agencies. Its budget has grown from approximately $1.7 billion in FY2019 to over $3 billion in recent years, reflecting the expanding scope of cyber threats.
Critics of the proposed cuts argue that the agency has never been better positioned to justify its budget than in 2026, given the documented scale of adversary operations. Proponents of the cuts, aligned with the administration's broader fiscal reduction agenda, argue that the agency has grown too large and that private sector cybersecurity capabilities have matured sufficiently to reduce the government's role.
What Comes Next
The budget proposal must pass through Congress before taking effect. Given bipartisan concern over critical infrastructure security — particularly in the Senate — the proposal is likely to face significant opposition. However, even the debate over cuts creates institutional uncertainty at CISA that can accelerate departures of experienced personnel who have other options in the private sector.
Organizations that rely on CISA services — including free vulnerability scanning, threat intelligence sharing, and incident response coordination — should not assume that current service levels will be maintained through 2026 regardless of the budget outcome.
Key Takeaways
- Proposed cuts are on top of the 62% workforce furlough CISA already experienced in early 2026
- Congressional Democrats oppose the cuts on both scale and structural grounds, citing active adversary campaigns
- Critical infrastructure coordination is the highest-stakes function at risk — energy, water, healthcare, and election security all depend on CISA
- Institutional knowledge loss is a long-term risk that cannot be reversed quickly if experienced staff depart during funding uncertainty
- Private sector organizations should reduce reliance on CISA as a primary security resource given these risks, while still engaging where the agency provides value