In brief: The Trump administration’s fiscal year 2027 budget proposes cutting $707 million from CISA, completely eliminating the agency’s election security program, and eliminating 860 positions, a dramatic escalation that would reduce the country’s top civilian cybersecurity agency to a $2 billion operation after a year already defined by layoffs and massive DOGE-fueled departures.
America’s central civilian cybersecurity agency has lost about a third of its workforce in the past 14 months. Their red team has been disbanded. Dozens of employees working in election security, incident response and continuous monitoring were laid off by the Department of Government Efficiency in early 2025, then partially reinstated by court order, and then placed on paid leave in legal limbo. In that context, the The Trump administration released its fiscal year 2027 budget request on April 7, 2026proposing to cut another $707 million from the Cybersecurity and Infrastructure Security Agency, a reduction that the White House views as a long-overdue refocusing on the agency’s core mission and that critics describe as an act of deliberate dismantling.
The proposed cuts amount to approximately $700 million in program eliminations, resulting in a net reduction of about $360 million once internal transfers and targeted new hires are taken into account. If enacted, CISA’s operating budget would fall to about $2 billion, down from the roughly $3 billion it received when the current administration took office. The budget also projects the elimination of about 867 positions, partially offset by transfers to the agency, for a net workforce reduction of about 860 positions.
that would disappear
The most politically visible cut is the complete elimination of CISA’s election security program. The proposal would end CISA funding for the Election Infrastructure Information Sharing and Analysis Center, known as EI-ISAC, which serves as the primary hub for sharing cyber threat intelligence, ransomware alerts, and incident response resources with state and local election offices. It would also eliminate dedicated election security advisors stationed across the country and end the information-sharing support that CISA has provided to state and local election officials since the agency’s founding in 2018. Those advisors have been the first point of contact for county clerks and election administrators facing phishing attacks, foreign investigations of registration databases and disinformation campaigns targeting election infrastructure.
The đź’ś of EU technology
The latest rumors from the EU tech scene, a story from our wise founder Boris and some questionable AI art. It’s free, every week, in your inbox. Register now!
Beyond the elections, the proposal would substantially reduce CISA’s stakeholder engagement function, eliminating offices responsible for coordinating with private sector infrastructure operators and managing the agency’s international affairs partnerships. Workforce development programs and what the budget characterizes as “duplicated” state and local cyber funding streams would also be cut. The proposal transfers more responsibility for certain infrastructure security and emergency communications programs directly to state and local governments, although it does not specify additional funds for those governments to absorb the transfer.
The White House argument
The administration’s budget justification is clear in its language. The document states that “CISA focused more on censorship than protecting the nation’s critical systems, putting them at risk due to mismanagement and inefficiency, as well as a focus on self-promotion.“The proposed reductions, he argues, “refocus CISA on its core mission”to protect the federal civilian network and help critical infrastructure operators defend against cyber attacks and physical threats.
The censorship framework primarily refers to CISA’s now-disbanded counterdisinformation work, including a unit that coordinated with social media companies to moderate election-related content during the 2020 and 2022 election cycles. That work was shut down after Republican criticism and subsequent litigation. Sean Plankey, Trump’s nominee to lead CISA, addressed the issue directly during his confirmation hearings. “It is not the task of CISA, nor is it within its authorities, to censor or determine the truths” Plankey said, adding that the agency would not carry out that work under his leadership. Plankey also pledged to “rebuild and refocus” CISA, emphasizing that his goal would be to “empower operators to operate“, referring to private sector entities responsible for critical infrastructure. Plankey has not yet been confirmed by the Senate.
A year already defined by cuts
The FY27 proposal lands at an agency that spent last year contracting sharply. When Trump returned to office in January 2025, CISA had approximately 3,300 employees. By December 2025, that number had fallen to approximately 2,400, a loss of nearly 900 people. The departures came through a combination of voluntary departures during the deferred resignation program, layoffs of probationary staff, and direct action by DOGE. In late February and early March 2025, DOGE terminated contracts and laid off staff in waves that eliminated CISA’s entire red team, more than 80 employees working on continuous monitoring, and between 30 and 50 incident response staff. A federal judge subsequently ordered the reinstatement of the probationary employees, but the reinstated staff were placed on paid administrative leave rather than returning to active duties.
The red team cuts caused particular alarm among security professionals, as red team exercises, in which agency personnel simulate real-world attacks against government networks to identify vulnerabilities before adversaries do, are among the most operationally consequential work undertaken by any cybersecurity organization. Eliminating that capability not only reduces CISA’s staff; It eliminates a specific function that cannot simply be assumed by the rest of the staff. Governance of AI-assisted cybersecurity tools across critical infrastructure has become a defining challenge for 2026, and the debate over CISA’s role is at its center: the agency was positioned to set standards and share threat intelligence precisely when those questions become most consequential.
The rejection of Congress and its limits
The proposed $707 million cut represents a sharp escalation from the administration’s FY26 request, which sought approximately $490 million in reductions. Congressional resistance at that stage, including from Republican committee members who considered the cuts excessive, eventually reduced the actual reductions to between $130 million and $300 million. It is unclear whether that resistance will continue in the current budget environment.
The strongest opposition came from the Democratic side of the aisle. Rep. Bennie Thompson, Democrat of Mississippi and ranking member of the House Homeland Security Committee, rejected both the scale of the proposed cuts and the administration’s framework. “Like the president’s cyber strategy, the president’s CISA budget reflects his complete lack of understanding of the urgency of the cyber threats we face and how to mobilize the government to help confront them,” Thompson said in a statement. Citing the threat environment that has intensified in recent months, Thompson added: “There is nothing to justify a reckless $700 million cut to CISA, particularly at a time of crisis. Increased tensions with Iran. and an increasingly aggressive China.”
Thompson said it was “Committed to working with colleagues to address these cuts.” and to ensure that the government can protect federal and critical infrastructure networks. Furthermore, bipartisan legislation introduced in early 2026 would require CISA to maintain “enough” staffing levels, although the bill has not advanced to a vote.
What you buy with 2,000 million dollars and what you don’t
The cuts do not eliminate CISA. Under the proposed budget, the agency would retain its core federal network security functions, its role supporting critical infrastructure operators, and some coordination capacity with the private sector. The Einstein intrusion detection system and the Continuous Diagnostic and Mitigation program for federal civilian networks are expected to survive. What the budget eliminates is the outer, partnership-intensive layer of CISA’s operations: the work with state and local governments, the election security apparatus, the international engagement, and the stakeholder advisory infrastructure that has grown since the agency’s founding.
The commercial cybersecurity sector is watching closely. Historically, CISA has been an important source of free threat intelligence, vulnerability advisories, and incident response support for smaller organizations and local governments that cannot afford enterprise-grade security tools. As AI-driven threat landscape expansion accelerated through 2025.Agency advisories about vulnerabilities in industrial control systems and critical infrastructure became more, not less, trusted by operators responsible for power grids, water systems, and financial networks. The proposed cuts do not formally end that advisory role, but an agency operating with $2 billion and 860 fewer employees will inevitably produce fewer warnings, respond to fewer incidents and reach fewer operators than it was designed to serve.
The budget is a proposal, not a law. Congress must still allocate the funds, and experience from FY26 suggests the final figure will likely be lower than requested. However, what has already happened at CISA does not require a vote to reverse: a third of the workforce is gone, the red team no longer exists, and election security advisers have been resigning since early 2025. The budget fight now largely hinges on whether what’s left gets even smaller.
