Trump's FY27 budget proposes a $700 million reduction for CISA and would eliminate election security measures.

      In summary: The Trump administration’s FY2027 budget plan suggests a reduction of $707 million for the Cybersecurity and Infrastructure Security Agency (CISA), effectively ending the agency's election security program and cutting 860 positions. This would dramatically diminish the nation's main civilian cybersecurity agency to a $2 billion operation following a year marked by DOGE-related layoffs and significant staff departures. Over the past 14 months, CISA has seen its workforce shrink by about a third. Its red team has been disbanded, and many employees focused on election security, incident response, and continuous monitoring were terminated by the Department of Government Efficiency in early 2025, some later reinstated by court order and then placed on paid leave in a state of legal uncertainty. In this context, the Trump administration unveiled its FY2027 budget request on April 7, 2026, proposing to cut an additional $707 million from CISA—a reduction the White House describes as a necessary realignment of the agency's priorities, while critics label it as a move to purposefully dismantle the agency.

      The suggested cuts equate to about $700 million in program eliminations, leading to a net reduction of nearly $360 million after accounting for internal transfers and targeted new hires. If passed, CISA’s operating budget would drop to approximately $2 billion, down from the roughly $3 billion allocated when the current administration took office. Additionally, the budget anticipates cutting around 867 positions, but with transfers to the agency, the net reduction in the workforce would be around 860 roles.

      What would be lost:

      The most notable cut is the complete elimination of CISA's election security program. The proposal would cease funding for the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), which has been the main resource for disseminating cyber threat intelligence, ransomware warnings, and incident response tools to state and local election offices. It would also remove dedicated election security advisors throughout the nation and end the support CISA has provided to state and local election officials since its establishment in 2018. These advisors were the first contacts for local election officials facing phishing attacks, foreign intrusions into registration systems, and disinformation efforts directed at election infrastructure.

      Beyond elections, the proposal aims to significantly reduce CISA’s engagement with stakeholders, dissolving offices that coordinate with private infrastructure operators and managing international partnership affairs. Programs for workforce development and what the budget calls “duplicative” cyber funding for states and localities would also face cuts. The plan shifts more responsibility for certain infrastructure security and emergency communications programs to state and local governments, without specifying additional funding for these entities to handle the transition.

      The White House's rationale:

      The administration's budget justification is explicit in its critique of CISA. The document claims that “CISA was more focused on censorship than on protecting the nation’s critical systems, putting them at risk due to poor management and inefficiency, as well as a focus on self-promotion.” The proposed cuts are defended as a means to “refocus CISA on its core mission” of safeguarding the federal civilian network and assisting critical infrastructure operators in defending against cyberattacks and physical threats.

      The “censorship” reference primarily pertains to CISA's now-terminated counter-disinformation efforts, which included collaboration with social media platforms on moderation of election-related content during the 2020 and 2022 elections. This initiative was halted following Republican critiques and subsequent litigation. During his confirmation hearings, Sean Plankey, Trump’s nominee to lead CISA, addressed these matters directly. He stated, “It is not CISA’s role, nor is it within its authority, to censor or determine truths,” assuring that under his leadership, the agency would not engage in such activities. Plankey also committed to “rebuild and refocus” CISA, stating his aim was to “empower the operators to operate,” referring to the private sector entities responsible for critical infrastructure. His confirmation by the Senate is still pending.

      A year marked by reductions:

      The FY27 proposal arrives at an agency that has contracted significantly over the past year. When Trump took office in January 2025, CISA employed around 3,300 people. By December 2025, this number had decreased to approximately 2,400, a nearly 900-person loss. These departures resulted from a mix of voluntary resignations during the deferred resignation program, terminations of probationary staff, and direct DOGE actions. In late February and early March 2025, DOGE terminated contracts and dismissed staff in waves, disbanding CISA’s entire red team, over 80 employees involved in continuous monitoring, and between 30 and 50 incident response personnel. A federal judge later mandated the reinstatement of probationary employees; however, those reinstated were placed on paid administrative leave rather than returning to active roles.

      The elimination of the red team raised particular concerns among security experts, as red-team exercises—where