In short: The Trump administration’s FY2027 budget proposes cutting $707 million from CISA, eliminating the agency’s election security programme entirely and shedding 860 positions, a dramatic escalation that would reduce the country’s primary civilian cybersecurity agency to a $2 billion operation after a year already defined by DOGE-driven layoffs and mass departures.

The United States’ central civilian cybersecurity agency has lost roughly a third of its workforce over the past 14 months. Its red team has been dissolved. Scores of staff working on election security, incident response, and continuous monitoring were fired by the Department of Government Efficiency in early 2025, then partially reinstated under court order, then placed on paid leave in legal limbo. Against that backdrop, the Trump administration released its FY2027 budget request on 7 April 2026, proposing to cut a further $707 million from the Cybersecurity and Infrastructure Security Agency, a reduction the White House frames as a long-overdue refocusing on the agency’s core mission and critics describe as an act of deliberate dismantlement.

The proposed cuts amount to approximately $700 million in programme eliminations, producing a net reduction of around $360 million once internal transfers and targeted new hires are factored in. If enacted, CISA’s operating budget would fall to roughly $2 billion, down from the approximately $3 billion it received when the current administration took office. The budget also projects eliminating around 867 positions, partially offset by transfers into the agency, for a net workforce reduction of approximately 860 roles.

What would disappear

The most politically conspicuous cut is the outright elimination of CISA’s election security programme. The proposal would end CISA’s funding for the Elections Infrastructure Information Sharing and Analysis Center, known as EI-ISAC, which serves as the primary hub for sharing cyber threat intelligence, ransomware alerts, and incident response resources with state and local election offices. It would also remove dedicated election security advisors stationed across the country and terminate the information-sharing support CISA has provided to state and local election officials since the agency’s founding in 2018. Those advisors have been the first point of contact for county clerks and election administrators facing phishing attacks, foreign probing of registration databases, and disinformation campaigns targeting election infrastructure.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Beyond elections, the proposal would substantially scale back CISA’s stakeholder engagement function, eliminating offices responsible for coordinating with private-sector infrastructure operators and managing the agency’s international affairs partnerships. Workforce development programmes and what the budget characterises as “duplicative” state and local cyber funding streams would also be cut. The proposal shifts more responsibility for certain infrastructure security and emergency communications programmes directly to state and local governments, though it does not specify additional funding to those governments to absorb the transfer.

The White House’s argument

The administration’s budget justification is pointed in its language. The document states that “CISA was more focused on censorship than on protecting the nation’s critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion.” The proposed reductions, it argues, “refocus CISA on its core mission” of securing the federal civilian network and helping critical infrastructure operators defend against cyberattacks and physical threats.

The censorship framing refers primarily to CISA’s now-disbanded counter-disinformation work, including a unit that coordinated with social media companies on election-related content moderation during the 2020 and 2022 election cycles. That work was shut down after Republican criticism and subsequent litigation. Sean Plankey, Trump’s nominee to lead CISA, addressed the issue directly during his confirmation hearings. “It is not CISA’s job, and nor is it in its authorities, to censor or determine the truths,” Plankey said, adding that the agency would not pursue such work under his leadership. Plankey also pledged to “rebuild and refocus” CISA, emphasising that his goal would be to “empower the operators to operate“, referring to the private sector entities responsible for critical infrastructure. Plankey has not yet been confirmed by the Senate.

A year already defined by cuts

The FY27 proposal lands on an agency that has spent the past year contracting sharply. When Trump returned to office in January 2025, CISA had approximately 3,300 employees. By December 2025, that figure had fallen to roughly 2,400, a loss of nearly 900 people. The departures came through a combination of voluntary exits during the deferred resignation programme, probationary staff terminations, and direct DOGE action. In late February and early March 2025, DOGE terminated contracts and fired staff in waves that eliminated CISA’s entire red team, more than 80 employees working on continuous monitoring, and between 30 and 50 incident response staff. A federal judge subsequently ordered the reinstatement of probationary employees, but reinstated staff were placed on paid administrative leave rather than returned to active duties.

The red team cuts drew particular alarm from security professionals, since red-team exercises, in which agency staff simulate real-world attacks against government networks to identify vulnerabilities before adversaries do, are among the most operationally consequential work any cybersecurity organisation undertakes. Removing that capability does not just reduce CISA’s headcount; it eliminates a specific function that cannot simply be assumed by the remaining staff. The governance of AI-assisted cybersecurity tools across critical infrastructure has become a defining challenge for 2026, and the debate about CISA’s role sits at its centre: the agency was positioned to set standards and share threat intelligence precisely as those questions become most consequential.

Congressional pushback, and its limits

The proposed $707 million cut represents a sharp escalation from the administration’s FY26 request, which sought approximately $490 million in reductions. Congressional resistance at that stage, including from Republican committee members who considered the cuts excessive, ultimately narrowed the actual reductions to somewhere between $130 million and $300 million. Whether that resistance holds in the current budget environment is uncertain.

The sharpest opposition came from the Democratic side of the aisle. Representative Bennie Thompson, Democrat of Mississippi and the ranking member on the House Homeland Security Committee, rejected both the scale of the proposed cuts and the administration’s framing. “Like the President’s cyber strategy, the President’s CISA budget reflects his utter lack of understanding of the urgency of the cyber threats we face and how to mobilize the government to help confront them,” Thompson said in a statement. Citing the threat environment that has intensified in recent months, Thompson added: “There is nothing that justifies a reckless $700 million cut to CISA, particularly at a time of heightened tensions with Iran and an increasingly aggressive China.”

Thompson said he was “committed to working with colleagues to push back against these cuts” and to ensuring the government can protect federal and critical infrastructure networks. Separately, bipartisan legislation introduced earlier in 2026 would require CISA to maintain “sufficient” staffing levels, though the bill has not advanced to a vote.

What $2 billion buys, and what it doesn’t

The cuts do not eliminate CISA. Under the proposed budget, the agency would retain its core federal network security functions, its role supporting critical infrastructure operators, and some capacity for coordination with the private sector. The Einstein intrusion detection system and the Continuous Diagnostics and Mitigation programme for federal civilian networks are expected to survive. What the budget removes is the outward-facing, partnership-intensive layer of CISA’s operations: the work with state and local governments, the election security apparatus, the international engagement, and the stakeholder advisory infrastructure that has grown since the agency’s founding.

The commercial cybersecurity sector is watching closely. CISA has historically been a significant source of free threat intelligence, vulnerability advisories, and incident response support for smaller organisations and local governments that cannot afford enterprise-grade security tools. As the AI-driven expansion of the threat landscape accelerated through 2025, the agency’s advisories on vulnerabilities in industrial control systems and critical infrastructure became more, not less, relied upon by the operators responsible for power grids, water systems, and financial networks. The proposed cuts do not formally end that advisory function, but an agency operating at $2 billion with 860 fewer staff will inevitably produce fewer advisories, respond to fewer incidents, and reach fewer of the operators it was designed to support.

The budget is a proposal, not a law. Congress must still appropriate the funds, and the FY26 experience suggests that the final number will likely be lower than requested. What has already happened at CISA, however, does not require a vote to reverse: a third of the workforce is gone, the red team no longer exists, and election security advisors have been standing down since early 2025. The budget fight now is largely about whether what remains gets smaller still.