Cybersecurity experts are mounting desperate warnings over proposed federal budget cuts that would jeopardize national security defenses in the Pentagon and federal agencies. The Trump administration’s budget proposals aim to remove $491 million from CISA’s budget while removing more than 1,000 staff, leaving dangerous vulnerabilities in our American cyber infrastructure. Severe threats to federal data – Without leadership oversight or accountability measures surviving intact, DOGE operations represent a national security risk that federal data has never faced before, U.S. Senate Democrats argue.
CISA budget cuts put national security infrastructure at risk
The Cybersecurity and Infrastructure Security Agency faces devastating cuts with proposed reductions of 17% to the overall budget, as well as dramatic staff losses from 3,700 employees at the beginning of the year to between 2,200 and 2,600 currently. These reductions would cripple CISA’s role of being the central clearinghouse for critical cybersecurity information sharing between government and private sector organizations.
The proposed cuts include a 62% reduction to CISA’s Stakeholders Engagement Division that leads partnerships with critical infrastructure organizations, and a 73% hit to the National Risk Management Center that analyzes threats to national infrastructure. Curtis Dukes, former NSA information-assurance director, says such drastic budget cuts make it hard to publish security alerts in a timely fashion.
The Social Security Administration faces catastrophic risks of breaches
Senate Democrats report: In spite of the risk assessments SSA has designated, which frighteningly forecasted 65% chances for catastrophic breach, there are still sensitive data in systems lacking verified security controls, indicating dangerous vulnerabilities produced by a lack of oversight.
Private sector loses critical support from government on cybersecurity
Federal agencies offer irreplaceable services on which private companies depend for cyber defense, such as private forums for Fortune 100 CIOs to exchange information in secret and mandatory reporting incident response systems. CISA’s Joint Cyber Defense Collaborative brings together major technology providers to determine cyber risks, the FBI and NSA supply intelligence from criminal actors, and state actors from behind cyberattacks.
Michael Daniel, Cyber Threat Alliance CEO, says decades of building federal government capacity to assist private sector cybersecurity efforts are being walked back. The impact may not be immediately felt, but there will be fewer businesses receiving CISA assessments or FBI assistance investigating cybercrimes and recovering stolen funds in the long run.
NIST standards development hit by serious delays
Though Congress has suggested an 11% increase to the budget, proposed cuts of $325 million to the National Institute of Standards and Technology would slow progress on essential cybersecurity standards like post-quantum cryptography that provide quantum computers with an edge or prove elusive to them.
Organizations need to develop alternative cyber defense strategies
With fewer provisions made through the federal system, companies require alternative cybersecurity resources such as Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) that enable threat information sharing in specific sectors. Organizations would also need to bolster internal capabilities by focusing more on threat intelligence investment and developing better incident response strategies.
Richard Watson, EY’s global cyber consulting leader, says that organizations should drill tabletop simulations and make commercial retainers with specialized incident response firms to reduce reliance on potentially strained federal support services.
The proposed cybersecurity budget cuts are also a dangerous gamble with National Security, as it could be possible for both government agencies and private sector organizations to end up vulnerable to increasingly sophisticated cyber threats. While there may likely be some moderation of reductions by Congress, the damage from staff departures and reduced capabilities has started. Organizations need to urgently develop new defense strategies to make up for the reduced level of federal cybersecurity assistance and defend critical infrastructure against growing cyber threats.