In short: The Trump administration’s fiscal year 2027 budget proposes to cut $707 million from CISA, eliminate the agency’s election security program entirely and cut 860 positions, reducing the nation’s main civilian cybersecurity agency to a $2 billion operation after a year already marked by DOGE-dismantling and carnage.
The United States’ central civilian cyber security agency has lost nearly a third of its workforce in the past 14 months. His red team was disbanded. Scores of staff working on election security, incident response and continuous monitoring were fired by the Department of Government Efficiency in early 2025, then partially reinstated by court order, then placed on paid leave in a legal vacuum. Against this background, The Trump administration released its fiscal year 2027 budget request on April 7, 2026.By proposing to cut an additional $707 million from the Cybersecurity and Infrastructure Security Agency, the White House cuts are a long-overdue focus on the agency’s core mission, and critics describe it as a deliberate act of dismantling.
The proposed cuts amount to approximately $700 million in program eliminations, providing a net reduction of approximately $360 million after taking into account internal transfers and targeted new hires. If enacted, CISA’s operating budget would drop from about $3 billion when the current administration took office to about $2 billion. The budget also calls for the elimination of 867 positions, partially offset by agency transfers, for a net workforce reduction of approximately 860 roles.
What would disappear
The most notable cut from a political perspective is the complete elimination of CISA’s election security program. The proposal would end CISA’s funding for the Election Infrastructure Information Sharing and Analysis Center, known as EI-ISAC, which serves as the primary hub for sharing cyber threat intelligence, ransomware alerts and incident response resources with state and local election offices. It would also eliminate special election security advisers stationed around the country and end the information-sharing support CISA has provided to state and local election officials since the agency was founded in 2018. Those consultants have been the first point of contact for county clerks and election administrators facing phishing attacks, external scrutiny of registration databases and disinformation in the campaign structure.
💜 of EU technology
The latest rumblings from the EU tech scene, a story from our wise founder Boris and some questionable AI art. Free in your inbox every week. Register now!
Apart from elections, the proposal would significantly reduce CISA’s stakeholder engagement function, eliminate offices responsible for coordinating with private sector infrastructure operators and manage the agency’s international affairs partnerships. Workforce development programs and state and local cyber funding streams, which the budget characterized as “duplicative,” would also be cut. The proposal places more responsibility directly on state and local governments for certain infrastructure security and emergency communications programs, although no additional funding is provided to those governments to absorb the transfer.
White House argument
The administration’s budget rationale is presented in its language. The document states that “CISA focused more on censorship than protecting the nation’s critical systems, putting them at risk because of poor governance and inefficiency, as well as its focus on self-promotion.“Proposed reductions, claims,”Refocus CISA on its core mission” to secure the federal civilian network and help critical infrastructure operators defend against cyberattacks and physical threats.
The censorship framework primarily refers to CISA’s now-defunct counter-disinformation office, including the division that coordinated with social media companies to moderate election-related content during the 2020 and 2022 elections. After criticism from Republicans and subsequent litigation, the case was closed. Sean Plankey, Trump’s nominee to lead CISA, directly addressed the issue during his confirmation hearing. “Censorship or truth-telling is not CISA’s business, nor is it within its purviewPlankey said the agency would not pursue such a case under his leadership. Plankey also promised to “rebuild and refocus” CISA, saying his goal was to “allows operators to work“, referring to private sector entities responsible for critical infrastructure. Plankey has not yet been confirmed by the Senate.
A year already defined by layoffs
The FY27 proposal is for an agency that contracted sharply last year. When Trump returned to office in January 2025, CISA had about 3,300 employees. By December 2025, this number has decreased to approximately 2,400, and about 900 people have lost their lives. The departures occurred as a result of a combination of voluntary exits during the deferred resignation program, probationary layoffs, and direct DOGE action. In late February and early March 2025, DOGE terminated contracts and laid off employees in waves that wiped out CISA’s entire red team, more than 80 nonstop monitoring staff, and 30-50 incident response personnel. A federal judge later ordered the probationers reinstated, but the reinstated employees were placed on paid administrative leave instead of returning to active duty.
The red team cuts drew particular alarm from security experts because red team exercises, in which agency personnel simulate real-world attacks against government networks to identify vulnerabilities before adversaries, are among the most operationally consequential things any cybersecurity organization does. Eliminating this capability not only reduces CISA’s headcount; it simply eliminates a specific function that the rest of the staff cannot take on. Managing AI-powered cybersecurity tools in critical infrastructure It has become a crucial challenge for 2026, and the debate over CISA’s role is central to it: the agency is positioned to set standards and accurately share threat intelligence, questions that will come to fruition.
Congressional withdrawal and its limitations
The proposed $707 million reduction represents a sharp increase from the administration’s FY26 request, which called for about $490 million in cuts. Congressional resistance at that stage, including Republican committee members who considered the cuts excessive, ultimately narrowed the actual cuts from $130 million to $300 million. Whether this resistance exists in the current budget environment is uncertain.
The fiercest opposition came from the Democratic side of the aisle. Representative Bennie Thompson, Democrat of Mississippi and the ranking member of the House Homeland Security Committee, rejected both the scale of the proposed cuts and the administration’s framework. “Like the President’s cyber strategy, the President’s CISA budget reflects his lack of understanding of the urgency of the cyber threats we face and how to mobilize the government to combat them,” Thompson said. Citing the heightened threat environment in recent months, Thompson added: “There is nothing that justifies the reckless $700 million cut to CISA in particular. It increased the tension with Iran and an increasingly aggressive China”.
Thompson saidis committed to working with colleagues to push back against these cuts” and ensure the government can protect federal and critical infrastructure networks. Separately, bipartisan legislation previously introduced in 2026 would remove CISA from “enough” staffing levels, although the bill did not come up for a vote.
What $2 billion buys and what it doesn’t
The cuts do not eliminate CISA. Under the proposed budget, the agency would retain its core federal network security functions, a support role for critical infrastructure operators, and some capacity for coordination with the private sector. The Einstein intrusion detection system and the Continuous Diagnostics and Mitigation program for federal civilian networks are expected to survive. What the budget sets aside is the outward-looking, partnership-intensive nature of CISA’s operations: work with state and local governments, the election security apparatus, international outreach and stakeholder advisory infrastructure that has developed since the agency’s inception.
The commercial cyber security sector is closely watched. CISA has historically been an important source of free threat intelligence, vulnerability advice, and incident response support for small organizations and local governments that cannot afford enterprise-grade security tools. as Artificial intelligence-driven expansion of the threat landscape has accelerated through 2025the agency’s recommendations for vulnerabilities in industrial control systems and critical infrastructure are trusted more, not less, by operators responsible for power grids, water systems and financial networks. The proposed cuts don’t officially end that advisory function, but with 860 fewer staff, the $2 billion agency will inevitably provide fewer tips, respond to fewer incidents and reach fewer operators to support.
The budget is a proposal, not a law. Congress still needs to appropriate the funds, and the experience of FY26 suggests that the final figure will be less than requested. What’s already happening at CISA, by contrast, doesn’t require a vote: a third of the workforce is gone, the red team no longer exists, and election security advisers are out by early 2025. Now, the budget fight is more about whether what’s left will shrink even further.
