
Getty Images
US cyber agency CISA faces stiff budget cuts
CISA is one of several US agencies facing drastic budget cuts under the Trump administration.
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) is likely to have its funding cut by approximately $495m and may have to lay off around 1,000 employees later this year, according to budget proposals unveiled by President Trump’s administration.
In a written statement, the White House said Trump was “laser-focused on eliminating … weaponised rot” in the American government as he laid out a series of cuts to multiple agencies.
“The Budget eliminates CISA’s disinformation offices and programmes that functioned as a hub in the censorship industrial complex, conspiring against the First Amendment rights of President Trump and his supporters,” the statement reads.
The First Amendment to the Constitution, which dates back to 1791, guarantees freedom of assembly, the press, religion and speech in the US.
“CISA was more focused on cooperating with big tech to target free speech than our nation’s critical systems,” said the White House. “Even CISA’s own systems have fallen prey to attacks. Under President Trump’s leadership, CISA will protect our critical infrastructure instead of censoring Americans. The budget refocuses CISA on its core mission – federal network defence and coordinating with critical infrastructure partners – while eliminating weaponisation and waste. The budget also streamlines the agency by consolidating redundant security advisors and programmes.”
Besides the elimination of its work countering “disinformation”, the budget cuts money from CISA’s government network and critical infrastructure protection operations, and its provision of support and services to companies and local government bodies in America. CISA will also have to take an axe to divisions that work to analyse and predict future threats, among other things.
Other planned cuts potentially affecting the US’ cyber security mission include proposals to trim the budget allocated to the FBI, which deals with cyber crime in the US, and a unit at the Department of Energy that deals with threats to CNI.
A globally recognised force
Officially established during Trump’s first administration, with origins dating back to 2007 when the US established the National Protections and Programs Directorate within the Department of Homeland Security (DHS), CISA has grown into one of the leading western cyber security agencies working alongside the likes of the UK’s National Cyber Security Centre (NCSC) and counterparts in Australia, Canada, Europe and New Zealand.
It frequently leads on multilateral advisories and alerts on cyber matters including cyber crime and ransomware and nation state threats, and its Known Exploited Vulnerabilities (KEV) catalogue is a globally recognised resource.
However, leadership had clashed with Trump in the past – CISA’s founding director Chris Krebs was given his marching orders after the 2020 Presidential Election.
Gabrielle Hempel, security operations strategist and threat intelligence researcher at the Exabeam TEN18 unit, described a “strategic deprecation” of America’s cyber defence capabilities at a time when threat actors were only widening the scope of their activities.
“Gutting critical programmes … doesn’t ‘refocus’ the mission – it hollows it out. These teams drive cross-sector collaboration, provide threat modeling to CNI operators and build resilience in a space where private-sector entities own the vast majority of the target surface,” said Hempel.
“If the intent of these cuts is to ‘focus on core mission’, the question is: whose definition of core? Threat visibility, regional coordination, intelligence sharing, and vulnerability analysis are core to a functional national cyber strategy.
“The reality is, we don’t get to pick when or where the next attack happens – but we do decide whether we’ll be ready. Bluntly, this plan is guaranteeing that we won’t be,” she said.
Hempel also lamented the proposed elimination of election security funding at a time when threat actors both within and without the US are actively working to undermine democratic processes.
Read more about US tech policy
- The DOGE effect on security is a complex issue. Pursuit of efficiency might be a legitimate goal, but experts caution it can conflict with cyber security defenses.
- As the budget reconciliation bill awaits Senate approval, Medicaid agencies must assess how they'll handle massive Medicaid cuts.
- House Republicans proposed a 10-year moratorium on state AI rules, reflecting a concern among tech companies about the growing patchwork of state AI and data privacy measures.