SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Threat intelligence
#
Cyber Threats

CISA budget cut sparks security fears among experts

Thu, 5th Jun 2025
Author image
By Kaleah Salmon, Journalist

President Donald Trump's latest budget proposal for the 2026 fiscal year has sparked considerable debate in the cybersecurity sector, with plans to slash funding for the Cybersecurity and Infrastructure Security Agency (CISA) by USD $495 million, effectively eliminating nearly 30% of positions at the agency. The proposed cuts have prompted concern among industry experts, who have highlighted CISA's pivotal role in safeguarding the nation's critical infrastructure and facilitating cooperation between the public and private sectors.

CISA, established to protect essential national assets from ever-evolving cyber threats, has been instrumental in promoting cross-sector collaboration and providing critical intelligence to private sector operators who oversee much of the country's digital infrastructure. With the proposed budget reduction, the future of several key CISA initiatives, including the Stakeholder Engagement Division and the National Risk Management Centre, remains uncertain.

Kevin Kirkwood, Chief Information Security Officer at Exabeam, expressed reservations about the proposed cuts and the lack of clarity on alternative strategies for national cyber defence. "CISA was created to protect the nation's critical infrastructure. It was also created because the nation still has no national security strategy ... CISA still does a critical role in testing infrastructure to find and correct the gaps that were discovered," said Kirkwood, emphasising CISA's ongoing relevance.

Kirkwood also highlighted the agency's function as a bridge between the public and private sectors. "There is a gap in the communications between public and private sectors and CISA has been a good agency to connect the dots. That is something that many of us in the private sectors have come to rely on. We actually need the information that CISA provides," he added.

Criticising the absence of context behind the budget reductions, Kirkwood questioned whether sufficient analysis had been conducted to justify the cuts. "I positively hate hearing about cuts without context. Budgeting is truly a numbers game, but the numbers must tell the story. Are we not getting the protection that we need? Is the infrastructure so well protected that we don't need the agency and can reduce the spend?" He argued that if resources were to be redirected, they should be invested in shaping a comprehensive national cybersecurity strategy led by a dedicated group of experts.

Gabrielle Hempel, Security Operations Strategist and Threat Intelligence Researcher for the Exabeam TEN18 Team, described the proposed USD $495 million cut as a "strategic deprecation of U.S. cyber defence capability in a moment where threat actors are accelerating, not retreating." Hempel warned that reducing funding for critical programs, such as the Stakeholder Engagement Division and the National Risk Management Centre, would significantly diminish the nation's ability to manage cybersecurity risks across sectors.

"Gutting critical programs ... doesn't 'refocus' the mission—it hollows it out. These teams drive cross-sector collaboration, provide threat modelling to CI operators, and build resilience in a space where private-sector entities own the vast majority of the target surface," Hempel said. She also voiced particular concern over the proposed elimination of funding for election security, arguing that it would jeopardise the integrity of democratic processes at a time when both foreign and domestic actors are attempting to undermine them. "Pulling the plug on the nation's technical lead for election integrity isn't just disengaging, it's giving tacit permission to interfere," she warned.

Hempel challenged the rationale behind the cuts, questioning which aspects of CISA's operations are being considered 'core' and warning against the dangers of diminished threat visibility, regional coordination, intelligence sharing, and vulnerability analysis. "We don't get to pick when or where the next attack happens—but we do decide whether we'll be ready. Bluntly, this plan is guaranteeing that we won't be," she concluded.

The proposed CISA budget reduction awaits congressional review. Still, industry stakeholders continue to debate whether the plan will leave the United States less prepared to confront an increasingly complex threat environment. As discussions unfold, the future direction of national cybersecurity strategy and inter-agency collaboration remains a contentious and closely watched issue.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cloud security gaps widen as AI threats outpace defences
Portnox & CrowdStrike team up for real-time access control
AI accelerates ransomware threat as attacks surge globally
Retail cyber-attacks surge as weak defences lure criminals
Mary Yang appointed Chief Marketing Officer at SquareX
Top stories
Healthcare faces surge in cyberattacks & AI-driven threats
Cobalt unveils platform updates to streamline pentesting workflows
Too many cloud security tools harming incident response times - survey
N-able launches free global UEM certification for IT staff
Claroty adds business-centred risk tools to xDome platform