Opinion – The threat of cyber attacks has never been so serious, but the matter of concern is that America is not able to face this challenge. This is not a lack of cybersecurity strategy, but rather a growing gap between what the United States says it does and what it wants to finance. The Trump administration’s latest budget proposal makes that gap impossible to ignore.
in the center of Proposal This is a $707 million cut to the federal government’s primary civilian cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA). This request would reduce CISA’s budget to just over $2 billion. This is significantly less than Congress’s approximately $2.6 billion. Ready – On a bipartisan level – providing agency before partisan attacks on the Department of Homeland Security Budget Due to controversy over immigration enforcement.
In the past year, the agency has already weakened retrenchment And support reduced For state and local cybersecurity efforts. The new budget will accelerate that trend. The administration has prepared an outline of cuts refocus Shutting down supposedly unnecessary initiatives like CISA over its “core mission” Stakeholder Engagement Division. But the reality is that modern cybersecurity does not operate in a vacuum. Protecting critical infrastructure – energy grids, transportation systems, water utilities and telecommunications networks – depends on continued coordination with state and local governments, private sector operators, and international partners. Eliminating the very offices designed to enable coordination undermines the mission that the budget claims to prioritize.
At the same time, the broader federal cyber ecosystem is also being weakened. Office of the National Cyber ​​Director to get $3 million Shortage In funding. The State Department’s cyber system has been reorganized In ways that risk reducing its effectiveness. Energy Department’s Office of Cybersecurity, Energy Security and Emergency Response will oversee the budget $40 million Enacted level $200 million below FY25. and there has been a significant decline in engagement with private sector And international Cyber ​​communities – two pillars of any credible cyber defense strategy.
The paradox becomes even clearer when viewed against the backdrop of a broader threat environment. The United States faces continued cyber pressure from sophisticated adversaries, including China, Russia, Iran, and North Korea. These actors are not just like that Targeting federal systems; They are examining the connective tissue of American society – ports, pipelines, hospitalAnd supply chains. Many of these systems are owned and operated by the private sector or local entities that rely on federal support, guidance, and information sharing for their defense.
To be clear, not every line of the budget goes in the wrong direction. there is a modesty $15 million Proposed enhancements to Treasury’s “critical cyber capabilities, targeting sanctions and combating illicit financial activity”. state Department Grant There will also be a slight boost in improving your own IT infrastructure. These are useful investments, but they are not a substitute for a coherent, whole-of-government approach.
The most striking aspect of this budget is how misaligned it is with widely accepted cybersecurity priorities. for yearsPolicymakers from both sides have stressed the need for stronger public-private collaboration, better information sharing and deeper international partnerships. Yet, the proposed cuts target precisely those functions.
This raises a more fundamental question: What is the administration’s philosophy regarding cyber defense?
If the goal is to reduce federal overreach, this is a legitimate policy debate. But the current approach doesn’t just backfire – it selectively removes the connective infrastructure that enables decentralized defense to work. Without federal coordination, the burden shifts to actors who often lack the resources, visibility, or expertise to manage nation state cyber threats themselves.
Congress has seen this dynamic before. In pre budget cycleLawmakers from both parties rejected proposals to significantly cut cyber funding, recognizing the mismatch between growing threats and low investment. There is no reason to believe that the underlying risk calculations have changed. If anything, it has intensified.
The United States is entering a period of heightened geopolitical tension, where cyber operations are increasingly integrated into broader military and economic strategies. In this environment, investing less in civilian cyber defense is not a cost-saving measure – it is a strategic obligation.
A credible cybersecurity strategy requires more than strong rhetoric. This requires sustained investment in the institutions, partnerships and capabilities that make defense possible. At present the budget and strategy are moving in opposite directions. Congress should bridge that gap.
Jiwon Ma is a Senior Policy Analyst at the Foundation for Defense of Democracies’ Center on Cyber ​​and Technology Innovation, where she contributes to the work of CSC 2.0.
Cipher Brief is committed to publishing multiple perspectives on national security issues presented by deeply experienced national security professionals. The opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Do you have any perspective to share based on your experience in the national security arena? Send it to editor@thecipherbrief.com for consideration for publication.
Read more expert-driven national security insights, perspectives, and analysis at The Cipher Brief
