The Cybersecurity and Infrastructure Security Agency (CISA) will be looking at some hard spending decisions if the terms of the Trump administration’s 2026 budget proposal hold fast. Proposed cuts would slash the cyber defense agency’s budget by a total of about $495 million, with some of its individual departments seeing cuts of as much as 73%.
National Risk Management Center faces greatest 2026 budget loss
The National Risk Management Center (NRMC), which is the point agency responsible for anticipating threats to national infrastructure, is surprisingly the leading target for cuts. The 2026 budget would take away $97.4 million, a drop of 73% from current funding.
Another major target for cuts is the Stakeholder Engagement Division (SED), which also engages with national infrastructure defense by maintaining partnerships with critical infrastructure providers. That agency would take the next biggest hit in the 2026 budget, at $62.2 million or 62% of current funding.
Other CISA divisions face cuts of about 14% to 27%, reflecting the overall loss of about 16.5% of the agency’s current budget of $3 billion. This includes an 18% cut to the Cybersecurity Division, the point division for active cybersecurity defense measures, and a 20% cut to the Integrated Operations Division which provides material support and services to local governments and private companies throughout the country.
The 2026 budget cuts would be accompanied by a reduction of 1,083 CISA positions, a cut of almost a third of its present count of 3,292 employees. The Cyber Defense Education and Training program would also be gutted, with the budget proposal suggesting that it could be replaced by “free resources.” And both the International Affairs office and the CISA Office of Equity, Diversity, Inclusion and Accessibility would be entirely removed.
One other cut likely to be controversial is the Election Security Program, which accounted for $39.6 million of the present budget and has 14 employees. The program is centered on the Election Infrastructure Information Sharing and Analysis Center, which organizes to share potential threats to election integrity across state lines. The program was established in 2018 during Trump’s first term and had a particular impact on local and tribal governments that otherwise would have had difficulty procuring affordable cyber insurance without program support; the path forward for these entities if the 2026 budget plan holds remains unclear.
Deep 2026 budget cuts reflect Trump administration’s “DOGE” approach
CISA has fallen out of favor with Trump since the 2020 election, with his perception that the agency’s attempt to debunk claims of election fraud and rigging were a political maneuver against him. Trump-appointed Department of Homeland Security (DHS) head, Kristi Noem, has previously accused the subordinate agency of being “off-mission” and said that it should be reduced in scale and limited in its duties related to misinformation and disinformation online.
The approach reflects Trump’s broader slash-and-burn approach to government spending, however, which has not necessarily been directed by personal animosities and has touched every area of the federal sphere. This pattern would continue with the 2026 budget, which does not limit itself to making deep cuts to CISA. Despite recent appointments of loyalists Kash Patel and Dan Bongino to leadership positions, the Trump administration is seeking to cut the FBI budget by $560 million and reduce the department size by 1,900 employees. Other agencies targeted for cuts in the 2026 budget include the Department of Energy, the Justice Department, the General Services Administration, and the Treasury Department’s Office of Terrorism and Financial Intelligence.
Though Trump has seen recent forward progress on his “Big Beautiful Bill” budget reconciliation act, the path to implementing the 2026 budget remains long and likely rocky. It will require Congressional approval, and will be debated likely through the remainder of 2025. The official bills have yet to be put to paper, and by the time they are there could be substantial changes to any and all of these funding plans. The Republican party holds slim majorities in both the House and Senate, and a number of their senators have already expressed discomfort with various budget items caught up in the Trump administration’s clear-cutting campaign. The biggest pushback thus far has come from senior Republicans heading up the defense appropriations and Armed Services committees with regards to proposed cuts to military spending.
Kevin Kirkwood, CISO at Exabeam, notes that it is difficult to evaluate the possible CISA 2026 budget cuts as relatively little remains known to the public about the current status of federal cyber defense and the health of related public-private partnerships: “CISA was created to protect the nation’s critical infrastructure. It was also created because the nation still has no national security strategy. Nature (and politics) abhor a vacuum and so money was applied to the equation to fill the gaps. CISA still does a critical role in testing infrastructure to find and correct the gaps that were discovered. There is still no national security strategy, but CISA does help in other key areas. There is a gap in the communications between public and private sectors and CISA has been a good agency to connect the dots between those sectors. That is something that many of us in the private sectors have come to rely on. We actually need the information that CISA provides. I positively hate hearing about cuts without context. Budgeting is truly a numbers game, but the numbers must tell the story. Are we not getting the protection that we need? Is the infrastructure so well protected that we don’t need the agency and can reduce the spend (please recognize that I say this tongue in cheek)? Here’s the thing. Take the money that is being cut and put it into a bucket, hire a group of leaders that can shape the national cybersecurity strategy and let that set of leaders use that money to enact that strategy. Stop using the philosophy of ‘We don’t know what this is, so we will just cut it!'”
Gabrielle Hempel, Security Operations Strategist and Threat Intelligence Researcher for the Exabeam TEN18 Team, takes a much more pessimistic view of what the impact of the 2026 budget cuts would look like should they remain in their present form: “The proposed $495 million cut to CISA is a strategic deprecation of U.S. cyber defense capability in a moment where threat actors are accelerating, not retreating. Gutting critical programs like the Stakeholder Engagement Division and National Risk Management Center doesn’t “refocus” the mission-it hollows it out. These teams drive cross-sector collaboration, provide threat modeling to CI operators, and build resilience in a space where private-sector entities own the vast majority of the target surface. The proposed elimination of election security funding is also concerning. At a time when both foreign and domestic actors are actively undermining democratic processes, pulling the plug on the nation’s technical lead for election integrity isn’t just disengaging, it’s giving tacit permission to interfere. If the intent of these cuts is to “focus on core mission”, the question is: whose definition of core? Threat visibility, regional coordination, intelligence sharing, and vulnerability analysis are core to a functional national cyber strategy. The reality is, we don’t get to pick when or where the next attack happens-but we do decide whether we’ll be ready. Bluntly, this plan is guaranteeing that we won’t be.”
