The White House’s proposed fiscal 2027 budget includes a $707 million reduction to CISA, significantly decreasing funding, building on earlier reductions, including a third of its workforce, and further scaling back the agency’s overall budget.
The budget outlines a shift in CISA’s focus toward federal network defense and critical infrastructure protection, while proposing cuts to programs related to external engagement, international affairs, and certain information-related initiatives. Previous proposals from the administration have also targeted reductions in staffing and program consolidation.
The White House’s 2026 budget tried to cut about $491 million from CISA’s spending, but Congress eventually only approved a reduction of approximately $135 million.
The new proposal will require approval from Congress, where funding levels and program priorities may be revised as part of the appropriations process.
Doc McConnell, Head of Policy and Compliance, Finite State serves up this insight:
“When CISA was created in 2018, it was built on a recognition that cybersecurity is a shared problem that no single organization can solve alone. CISA’s value lies in the connective tissue it creates, early warning of emerging threats, coordinated vulnerability assessment, and remediation, and partnerships with state and local governments and critical infrastructure operators that bolster our national resilience.
“That mission is more urgent than ever. Nation-state adversaries are actively and strategically exploiting weaknesses in U.S. cyber defenses, and sophisticated threat actors are targeting critical infrastructure with increasing persistence. While manufacturers bear responsibility for the cybersecurity of their products, including proactively identifying and remediating vulnerabilities and managing supply chain risk. Those efforts are most effective when backed by a strong government cybersecurity function. Now is the time to strengthen our collective ability to detect and respond to threats, not reduce it.”
Aaron Colclough, VP of Operations, Suzu Labs adds this comment:
“The FY2027 budget proposal ties CISA to a refocus away from weaponization and waste, which tracks with a lot of this administration’s stated priorities for the term. The examples in the text stay high-level, so it is still unclear what exactly would be cut; nothing maps dollars to line items. That vagueness overlaps with functions or offices that were already reduced, so we’re not in a position to say what is net-new from the wording alone. This looks like the president’s usual high opening bid before Congress settles the real numbers.”
John Carberry, Solution Sleuth, Xcape, Inc.:
“The proposed $707 million reduction to CISA signals a retreat from the public-private partnership model, effectively ending the agency’s role as a primary intelligence collaborator for the commercial sector. By eliminating the Stakeholder Engagement Division and the Joint Cyber Defense Collaborative (JCDC), the administration is forcing enterprise security teams to manage nation-state threats without a centralized federal clearinghouse. This shift places the entire burden of national collective defense onto individual firms at a time of unprecedented geopolitical volatility.
“Security leaders must immediately de-risk their dependency on CISA for threat telemetry and sector-specific alerts, instead prioritizing deeper involvement in private Information Sharing and Analysis Centers (ISACs) and direct vendor partnerships. Since CISA will pivot its remaining resources almost exclusively toward federal network defense, organizations should also prepare for more aggressive compliance enforcement on federal contractors rather than collaborative support.
“It turns out “Shields Up” was a limited-time offer.”
Seemant Sehgal, Founder & CEO, BreachLock had this comment:
“You don’t cut the fire department and then wonder why buildings burn. CISA isn’t the bureaucratic overhead, for practitioners it’s the lifeline between government intelligence and the private sector running the infrastructure this country depends on. Cutting its budget by $707 million, on top of what’s already been cut, is a gift to every nation-state actor that’s been quietly targeting U.S. critical infrastructure.”
This is a pretty dumb idea from the White House. Though I am not shocked by this as this is how this administration rolls. And I suspect it will not take long for this administration to figure out how dumb this idea is.
Related
This entry was posted on April 6, 2026 at 4:17 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
White House budget proposal would cut $707 million from CISA
The White House’s proposed fiscal 2027 budget includes a $707 million reduction to CISA, significantly decreasing funding, building on earlier reductions, including a third of its workforce, and further scaling back the agency’s overall budget.
The budget outlines a shift in CISA’s focus toward federal network defense and critical infrastructure protection, while proposing cuts to programs related to external engagement, international affairs, and certain information-related initiatives. Previous proposals from the administration have also targeted reductions in staffing and program consolidation.
The White House’s 2026 budget tried to cut about $491 million from CISA’s spending, but Congress eventually only approved a reduction of approximately $135 million.
The new proposal will require approval from Congress, where funding levels and program priorities may be revised as part of the appropriations process.
Doc McConnell, Head of Policy and Compliance, Finite State serves up this insight:
“When CISA was created in 2018, it was built on a recognition that cybersecurity is a shared problem that no single organization can solve alone. CISA’s value lies in the connective tissue it creates, early warning of emerging threats, coordinated vulnerability assessment, and remediation, and partnerships with state and local governments and critical infrastructure operators that bolster our national resilience.
“That mission is more urgent than ever. Nation-state adversaries are actively and strategically exploiting weaknesses in U.S. cyber defenses, and sophisticated threat actors are targeting critical infrastructure with increasing persistence. While manufacturers bear responsibility for the cybersecurity of their products, including proactively identifying and remediating vulnerabilities and managing supply chain risk. Those efforts are most effective when backed by a strong government cybersecurity function. Now is the time to strengthen our collective ability to detect and respond to threats, not reduce it.”
Aaron Colclough, VP of Operations, Suzu Labs adds this comment:
“The FY2027 budget proposal ties CISA to a refocus away from weaponization and waste, which tracks with a lot of this administration’s stated priorities for the term. The examples in the text stay high-level, so it is still unclear what exactly would be cut; nothing maps dollars to line items. That vagueness overlaps with functions or offices that were already reduced, so we’re not in a position to say what is net-new from the wording alone. This looks like the president’s usual high opening bid before Congress settles the real numbers.”
John Carberry, Solution Sleuth, Xcape, Inc.:
“The proposed $707 million reduction to CISA signals a retreat from the public-private partnership model, effectively ending the agency’s role as a primary intelligence collaborator for the commercial sector. By eliminating the Stakeholder Engagement Division and the Joint Cyber Defense Collaborative (JCDC), the administration is forcing enterprise security teams to manage nation-state threats without a centralized federal clearinghouse. This shift places the entire burden of national collective defense onto individual firms at a time of unprecedented geopolitical volatility.
“Security leaders must immediately de-risk their dependency on CISA for threat telemetry and sector-specific alerts, instead prioritizing deeper involvement in private Information Sharing and Analysis Centers (ISACs) and direct vendor partnerships. Since CISA will pivot its remaining resources almost exclusively toward federal network defense, organizations should also prepare for more aggressive compliance enforcement on federal contractors rather than collaborative support.
“It turns out “Shields Up” was a limited-time offer.”
Seemant Sehgal, Founder & CEO, BreachLock had this comment:
“You don’t cut the fire department and then wonder why buildings burn. CISA isn’t the bureaucratic overhead, for practitioners it’s the lifeline between government intelligence and the private sector running the infrastructure this country depends on. Cutting its budget by $707 million, on top of what’s already been cut, is a gift to every nation-state actor that’s been quietly targeting U.S. critical infrastructure.”
This is a pretty dumb idea from the White House. Though I am not shocked by this as this is how this administration rolls. And I suspect it will not take long for this administration to figure out how dumb this idea is.
Share this:
Like this:
Related
This entry was posted on April 6, 2026 at 4:17 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.