White House eyes big CISA cuts

The White House wants to take at least $707 million out of the Cybersecurity and Infrastructure Security Agency in fiscal year 2027, cutting the civilian agency that helps federal, state, and local networks prepare for hacks before they turn into outages. (whitehouse.gov) (techcrunch.com) That agency is the federal government’s emergency mechanic for digital systems: it publishes alerts, sends incident guidance, shares tools, and helps election offices, schools, utilities, hospitals, and city information-technology teams figure out what to do when something breaks. (cisa.gov 1) (cisa.gov 2) The administration says the cuts would remove “weaponization and waste,” including election-related misinformation work, stakeholder outreach, international affairs, and some school-safety programs it says are duplicative. The Department of Homeland Security’s budget brief posted on April 3, 2026, describes the request as the president’s fiscal year 2027 plan, which still needs Congress to approve it. (afcea.org) (dhs.gov) On paper, the total picture is messy because some weapons-of-mass-destruction programs are being moved into the agency at the same time. AFCEA reported the proposal would leave the agency with a total budget of about $2.49 billion, a net reduction of more than $385 million after those internal transfers. (afcea.org) The staffing hit is simpler: the fiscal year 2027 justification projects 2,865 positions and 2,528 full-time equivalents, down by 867 positions and 766 full-time equivalents from fiscal year 2026. Fewer people means fewer analysts answering calls, fewer advisers writing playbooks, and fewer teams available when multiple incidents land at once. (afcea.org) This is not the first swing at the agency. The White House’s fiscal year 2026 proposal sought roughly $491 million in cuts, but Congress cut far less than that after negotiations, trimming about $135 million instead. (theregister.com) (cyberscoop.com) Election offices are one of the clearest pressure points because many of them are small and run on county budgets, not Pentagon budgets. The Election Assistance Commission said in December 2025 that the Cybersecurity and Infrastructure Security Agency regularly works with state and local election officials and offers services, information products, and other resources for election security. (eac.gov) (cisa.gov) The same logic applies outside elections. When a city water system or school district gets hit, local teams often need a federal phone number, a tested checklist, and a second set of eyes more than they need a new slogan, and those are the kinds of support functions that shrink when advisory offices and staff disappear. (cisa.gov) (ready.gov) The timing is awkward because the threat picture is not getting quieter. The Federal Bureau of Investigation said on April 6, 2026, that cyber-enabled crimes defrauded Americans of nearly $21 billion in 2025, with cryptocurrency and artificial-intelligence-related complaints among the costliest. (fbi.gov) At the same time, the agency being cut has spent the last two years pushing “secure by design,” which is the simple idea that software makers should ship products with the locks already installed instead of making customers bolt them on later. More than 200 software manufacturers have joined that pledge, which shows the agency is not just responding to hacks but trying to prevent them upstream. (cisa.gov) Congress can still reject, soften, or rewrite the proposal, just as it did last year. Until that vote happens, governors, mayors, election directors, hospital security chiefs, and school technology offices are reading the same budget tables and trying to guess which federal backstops will still be there by the next ransomware call. (dhs.gov) (theregister.com)