Shrinking CISA Is a Risk the U.S. Cannot Afford

A year into the second Trump administration, the quiet reshaping of the Cybersecurity and Infrastructure Security Agency should worry anyone who cares about national security, economic stability, or democratic resilience. The agency may be described as leaner and more focused, but the reality looks less like discipline and more like deliberate contraction at a moment when cyber threats are accelerating.

CISA sits at the intersection of government, critical infrastructure, and the private sector. It is meant to be the connective tissue that helps defend power grids, hospitals, pipelines, elections, and federal networks from nation state hackers and cybercriminals. That mission has not shrunk. The agency itself has.

More than a third of CISA’s workforce has exited through layoffs, buyouts, or early retirements. Threat hunting capacity has been reduced. Contracts have been cut. Experienced personnel have reportedly been shifted into immigration focused roles elsewhere in the Department of Homeland Security. None of this reflects a cybersecurity landscape that has suddenly become safer or simpler.

Supporters of the cuts argue the agency is getting back to basics. That phrase sounds reassuring until you ask what basics actually mean in 2026. Cyber defence today is not a static checklist. It is a constant race against well funded adversaries, from ransomware groups to hostile governments. Fewer analysts, fewer partnerships, and fewer boots on the digital ground inevitably mean fewer threats detected early and more incidents that spiral before containment.

Ending funding for election security programs is particularly troubling. Whatever one’s politics, elections are critical infrastructure. Removing federal support for state and local election officials does not make the system more neutral or efficient. It simply leaves smaller jurisdictions more exposed to interference and misinformation campaigns that are increasingly sophisticated and cheap to deploy.

The internal turmoil at the agency only deepens the concern. Leadership controversy, infighting, and abrupt departures do not create an environment where top tier cyber talent wants to stay. Cybersecurity expertise is already scarce. When morale collapses, rebuilding that institutional knowledge can take years, not budget cycles.

The administration points to numbers showing thousands of incidents handled and advisories issued. That activity is real, but it does not answer the central question. Is the country safer with hundreds fewer specialists and diminished trust from private sector partners. Output metrics cannot fully capture the preventative work that never makes headlines because it quietly stops an attack before it starts.

There is also a symbolic cost. CISA’s decision not to attend the RSA Conference for the first time in years sends a message, intentional or not, that engagement with the broader security community is no longer a priority. In a field that depends on collaboration and shared intelligence, isolation is not efficiency. It is vulnerability.

Congress appears increasingly uneasy with the direction of travel. Calls to restore election security funding and invest in filling critical vacancies suggest lawmakers understand that cybersecurity austerity carries real world consequences. Yet political gridlock threatens to stall even modest reinvestment.

This moment will likely define CISA for years. The choice is not between mission focus and institutional growth. A modern cyber mission demands scale, partnerships, and sustained expertise. Shrinking the nation’s top cyber agency may satisfy an ideological preference for smaller government, but cyber adversaries do not share that preference.

In the end, cybersecurity is one of the few domains where underinvestment does not merely save money. It defers costs until they arrive as breaches, outages, and national embarrassment. If Trump 2.0 truly wants a stronger, more focused cyber posture, weakening CISA is a strange way to get there.

Photo Credit: DepositPhotos.com