CISA's latest budget proposal includes $707 million in cuts, in a move some are calling a 'strategic mistake at exactly the wrong moment.'
CISA does have a considerable number of vacant positions. By the start of 2026, nearly 1,000 people (about a third of CISA’s workforce) had left the agency due to budget and policy changes, some ordered by the back-and-forth policies of the Department of Government Efficiency (DOGE). In 2026, even more former leaders in the agency have voluntarily stepped away from their roles, like the former Chief Information Officer, Bob Costello, the leader of the Pre-Ransomware Notification Initiative (PRNI), David Stern, and the former Acting Cybersecurity Associate Director, Shelly Hartsook.
Adding to the organizational chaos of CISA, the most important position remains vacant since Jen Easterly stepped down with the administration change. Despite being nominated by Trump to be the Director of CISA in March 2025, one year later, Sean Plankey has still not been confirmed to lead the nation’s top cyber agency. New calls for an investigation into a possible conflict of interest during Plankey’s time as a Senior Advisor to the Secretary may delay his confirmation even further. For most of 2025 and the start of 2026, CISA’s Acting Director was Madhu Gottumukkala. After a series of challenges, including a polygraph scandal, Gottumukkala left for another position in DHS as the Director of Strategic Implementation. Nick Andersen, the current Acting Director of CISA, has only been in the position since the end of February 2026.
The justification’s claim that “these reductions do not affect mission-critical functions, allowing the agency to maintain its core responsibilities while improving efficiency” is reminiscent of the position of the former Secretary of Homeland Security, Kristi Noem. In her confirmation hearing, Noem said that “CISA needs to be much more effective, smaller, more nimble, to really fulfill their mission, which is to hunt and to help harden our nation’s critical infrastructure,” in reference to the conservative-contested initiatives from CISA fighting misinformation and disinformation during elections. Since her confirmation, CISA ended an initiative helping state and local officials with cybersecurity during elections and put several members of the election security team on administrative leave.
Now, with the new budget, CISA might provide next to no help with election security. The proposed plan would completely end CISA’s election security program and stop CISA’s backing of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Membership with the center (no longer free due to their loss of federal funding) offers threat intelligence, incident response, forensic, and cybersecurity services. Election-related programs are not the only items on the chopping block, unfortunately. CISA’s Cybersecurity Division is set to lose $15.2 million, which could impact their threat hunting and vulnerability management initiatives. CISA’s regional operations may lose $42 million, likely limiting their ability to support local governments in improving their cybersecurity and infrastructure defenses. Altogether, the proposed changes would terminate 867 roles and $368 million in funding.
The budget changes also include some notable funding relocations. While the rest of the Stakeholder Engagement Division (SED) is being closed, one SED team would be moved to another area outside of CISA and gain $6.6 million to support their work on half of the 16 critical infrastructure sectors. The National Risk Register received $5 million, and the Continuous Diagnostics and Monitoring program received $66 million more. There are also some new roles being added to the SED and 53 new Cybersecurity State Coordinators acting as state liaisons for the 50 states alongside Puerto Rico, Guam, and the Virgin Islands. While CISA’s own chemical security program with 200 roles might be terminated, the DHS’s Countering Weapons of Mass Destruction Office will move several roles and $300 million from their organization into CISA.
The proposed budget has already received some pushback. The chief strategy officer for cyber investment at Merlin Group, Matthew Hartman called the cuts a “strategic mistake at exactly the wrong moment. CISA is the connective tissue for federal civilian cyber defense and a key partner to critical infrastructure owners and operators. Weakening CISA weakens the entire ecosystem.” Seemant Sehgal, the CEO of BreachLock, a cyberdefense company, criticized the administration’s move: “You don’t cut the fire department and then wonder why buildings burn. CISA isn’t the bureaucratic overhead; for practitioners it’s the lifeline between government intelligence and the private sector running the infrastructure this country depends on. Cutting its budget by $707 million, on top of what’s already been cut, is a gift to every nation-state actor that's been quietly targeting U.S. critical infrastructure.”
With the tenuous ceasefire US-Israel war on Iran, attacks from nation-state actors are only becoming a bigger concern. CISA released an advisory earlier this week stating that “Iranian-affiliated APT targeting campaigns against US organizations have recently escalated, likely in response to hostilities.” While the budget is not intended to direct CISA until next year, hopefully the conversation around the proposal will inspire more about investing into the agency, especially during the DHS shutdown.