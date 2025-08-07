As part of its policy agenda, the current administration has made one of its priorities crystal-clear: cutting spending and downsizing government at the federal level. Those efforts have drawn strong reactions of all kinds during such a politically polarizing moment, but reasonable minds can also agree: Reducing waste while preserving functionality, in nearly any enterprise, is a worthy goal.

The difficulty, of course, is in determining how that gets accomplished. It’s a central tension playing out in real time across numerous departments of the federal government, including the Cybersecurity and Infrastructure Security Agency (CISA), whose budget in June was cut by $135 million from fiscal 2025. That’s not exactly a trim, but it’s also significantly less than the $495 million slashing (amounting to an 18% cut) the Trump administration had initially proposed.

At a time when cyberattacks are becoming increasingly sophisticated and more frequent in general — International Monetary Fund (IMF) studies anticipate a 175% increase in cybercrime losses from 2022 to 2027 — deep cuts to the federal government’s main cybersecurity arm and watchdog group would seem antithetical. Can CISA continue to perform its core functions with a compromised budget in a climate of heightened cybercrime risk? And in any case, what actions can be taken by the agency’s clients to mitigate any lost layers of cybersecurity protection that may be stripped away by CISA cuts?

The important role of the CISA in guiding global cybersecurity

To better understand the greater potential effects of CISA reductions, it’s important to first outline precisely what the agency does. Although CISA’s stated mission is to “lead the national effort to understand, manage and reduce risk to our cyber and physical infrastructure,” it explains, broadly, a bit more about what that entails: “We connect our stakeholders in industry and government to each other and to resources, analyses and tools to help them build their own cyber, communications and physical security and resilience, in turn helping to ensure a secure and resilient infrastructure for the American people.”

Perhaps most significantly, CISA contracts with nonprofit research organization MITRE, which administers the Common Vulnerabilities and Exposures (CVE) program, a global vulnerability database that has become critical to the operations of organizations across both the public and private sectors. In April, abruptly and for reasons that remain unclear, CISA’s contract with MITRE nearly expired, which would have left all of its stakeholders — essentially everyone requiring cybersecurity infrastructure, management, products or guidance — in a global-operations-threatening lurch.

Although CISA ultimately came to an agreement for an 11-month extension with MITRE that prevented any disruptions, the incident revealed a fragility in a critical worldwide cybersecurity pillar and fueled frantic discussion about the current order. Will the CISA-MITRE contract be renewed again next March? Should a single-government funding model be re-evaluated? And given the recent CISA cuts, what other considerations must be addressed?

How budget cuts may affect CISA

The instinct to reduce waste in CISA, or in any other government agency, may be reasonable enough on its own. But given the mounting and increasingly complex cybersecurity threats faced by the office and its global stakeholders, budget reductions have come at an inopportune time. Even the Government Accountability Office acknowledges that efforts to meet cybersecurity challenges facing the government are woefully behind. More than 4,000 recommendations have been made since 2010, including 670 since the last high-risk update in 2021. As of February 2023, more than 850 had not been fully implemented, including dozens of high-priority items.

So what may be the material impact of CISA reductions on federal agencies and their cybersecurity posture? It isn’t immediately clear whether funding cuts would result in an overall increase in cyberattacks and breaches, but we have already witnessed a raft of departures from the agency — top leaders from five of six operational divisions and six of 10 regional offices in May alone — and new budgetary constraints figure to lead to further downsizing, as well as a brain drain that can only serve to weaken CISA’s vulnerability management, threat intelligence and incident response capabilities.

The potential trickle-down effects of CISA cuts

Perhaps CISA can continue to pursue its core mission with fewer numbers and diminished institutional knowledge, but it’s hard to imagine even a best-case scenario in which the agency is able to maintain its current scope and frequency of stakeholder services.

CISA provides threat announcements and new exploits and malicious-attack indicators to clients, crucial needs for public and private organizations. Budget cuts could affect the agency’s now-universal benchmarking tools and scoring mechanisms, impacting system hardening and security. Vendor relationships could be reduced and risk assessments and personnel cross-training compromised. If CISA is forced to reduce or fundamentally alter the threat intelligence it provides, the impact on both government and non-governmental agencies could be considerable.

Federal agencies and other CISA stakeholders aren’t necessarily powerless in the face of agency budget cuts. Organizations may look to alternative providers of threat intelligence, including open-source platforms and commercial feeds. National Institute of Standards and Technology frameworks and other resources can deliver some of the same information that CISA provides.

But most of these solutions require additional costs or workforce. Some useful information might be accessible for free, but it would require more effort to find. Additionally, its reliability would be an open question, and its benchmarking and proprietary language potentially prohibitive for some organizations.

Most cybersecurity experts still trust and hope for the preservation of the current CISA model. But even if the agency’s primary mission remains intact, funding cuts could affect the quality of its work, delay threat intelligence and lead to more successful — if not more frequent — cyberattacks. It remains to be seen whether the budgetary savings will be worth the tradeoff, but it’s a dangerous bet to make in a climate of growing and evolving cyber threats.

Jacob Johnson is chief information security officer at ArmorPoint.

