While the Trump administration is cutting hundreds of millions of dollars in federal contracts and planned spending under a DOGE-led “efficiency” push, cybersecurity leaders in agencies and industry say there’s been minimal impact on efforts to upgrade federal cyber defenses so far.

The Biden administration kicked off a major push to upgrade federal cyber defenses under a 2021 executive order. Agencies have spent the past three years working on the goals laid out in 2022 federal zero trust strategy. Before departing office in January, President Joe Biden signed a new cybersecurity executive order with updated goals for federal departments and agencies.

While the Trump administration has repealed numerous Biden-era policies and executive orders, the new White House hasn’t directed a rollback of any major cybersecurity directives.

Cybersecurity spending at civilian agencies was projected to top $13 billion in fiscal 2025, while The Defense Department estimated its 2025 cyber spending at nearly $14.5 billion.

Federal cyber leaders say they’ll need to show the impact of their cybersecurity investments to maintain progress.

“It’s really important right now, as we have new people coming in, for them to understand what the return on investment of zero trust is,” Justin Fanelli, the Navy’s chief technology officer, said during Zscaler’s public sector summit in Washington on March 25. “And so for a while there, we were just pressing ‘zero trust,’ and that clicked. I think the value proposition of zero trust is more important than it’s ever been in terms of welcoming new people in who haven’t been there on that part of the journey.”

Swaths of the cyber workforce have been caught up in governmentwide firings. The Cybersecurity and Infrastructure Security Agency, for instance, fired more than 130 probationary employees last month. Two federal judges have since ruled that agencies must reinstate recently fired probationary employees.

CISA also terminated a cyber red team contract last month. The action reportedly impacted more than 100 contractor staff. The agency said it had “taken action to terminate contracts where the agency has been able to find efficiencies and eliminate duplication of effort.”

But broader cuts to federal cyber contracts have yet to materialize, though leaders recognize it’s still early in the process.

The Department of Government Efficiency, led by Elon Musk, is coordinating efforts to cut spending across government, including at the Defense Department. Earlier this month, a top DoD cyber official said the DOGE impact on cybersecurity programs was yet to be seen.

“I’m hoping that there’s some sort of insulation from DOGE when it comes to cyber defense and zero trust,” Randy Resnick, director of DoD’s Zero Trust Portfolio Management Office, said on March 11 during a Merlin Group event in Washington, D.C.

“What I’m more concerned about is how the budgets of the components who need to purchase these things will be affected,” Resnick added. “I’m imagining that the funds of devices and systems, in IT particularly, might be impacted, but maybe just slightly, around 10%, though we don’t know for sure.”

Instead of relying on passwords and firewalls to keep hackers out, the idea behind the zero trust concept is that no actor, system, network or service operating outside or within the security perimeter is trusted, the Biden-era zero trust strategy explains. “Instead, we must verify anything and everything attempting to establish access.”

Many agencies are in the middle of upgrading their cyber defenses to the “zero trust” approach. 

The Justice Department, for instance, has largely completed the first phase of its zero trust roadmap. Vu Nguyen, DoJ’s chief information security officer, said the initial phase focused on unifying identity authentication platform, deploying endpoint detection and response capabilities, and upgrading to a zero trust broker for enforcing network policies.

DoJ has also set up a central zero trust program office to coordinate efforts across the department’s 40 components and 160,000 users.

“It helps us to have the visibility that we need, and on top of that, it helps us to detect threats earlier, respond to them and contain them much faster, before they actually can do additional harm,” Nguyen said this week during the Zscaler summit. “A strong zero trust implementation will pay for itself down the line.”

Vendors like Zscaler, a cloud security company with multiple major federal contracts, have been working with agencies to “articulate the return on investment (ROI)” of a zero trust approach, Ryan Gillis, Zscaler’s global head of government partnerships, said in an interview.

“Without speaking to any particular contract or program, overall what we’ve seen is that thirst for, how do we demonstrate effectiveness, increased security and ROI? So what actually we’ve heard is more of an appetite to bring the things that have been so successful on the business side as we deal with corporate clients into [the public sector],” Gillis said.

Officials also say it will be important to tie cybersecurity investments to the mission, not just guidance documents and compliance requirements. Fanelli said he’s focused on showing how the Navy’s zero trust investments have improved the Navy’s operational resilience.

“As we evaluate different projects and enablements, we’re looking at, ‘Hey, this costs a million dollars, and this provides this much value,’” Fanelli said. “Without that translation, or by just making it about compliance or ‘here are the number of activities we hit,’ we’re going to come under more fire.”

Copyright © 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.