Skip to main content
Geopolitics & DefenseGovernment & Policy

Lawmakers Warn of CISA Cuts' Cyber Security Risks

Representative speaks at podium with blurred seal behind, hint of network visual in background.

"What we really need is a strong CISA that helps protect our domestic networks, our energy grids and things like that," Rep. Don Bacon told an audience at the National Cyber Innovation Forum, a blunt opening to a bipartisan critique of the agency charged with defending civilian networks.

Rep. Don Bacon: CISA as the frontline for domestic networks and grids

Rep. Don Bacon, the chairman of the House Armed Services Subcommittee on Cyber, Information Technologies, and Innovation, framed the Cybersecurity and Infrastructure Security Agency as central to defending the United States’ civilian infrastructure. He warned that the administration’s recent actions had moved "in the opposite direction" over the past year and said officials had not appreciated the agency’s defensive value. Bacon argued decisionmakers failed to recognize the "one-for-one output" CISA provides, and he directly tied foreign intrusions to kinetic risk: "They’re in our energy grid," he said, adding that adversaries could act on "Day 1 of the war" to "turn off our energy."

Rep. James Walkinshaw: information sharing, utilities, and the scaling threat

Rep. James Walkinshaw, a member of the House Homeland Security Committee, echoed Bacon’s assessment and linked it to specific campaigns and victims. He cited Chinese-linked intrusion campaigns like Salt Typhoon and said the United States is contending with adversaries "getting into critical infrastructure overseas and coming after big parts of our critical infrastructure industry here at home." Walkinshaw emphasized CISA’s role in information sharing and maintaining relationships with utilities and local governments, calling that centralized civilian defense "workable" because many targets cannot defend themselves.

Walkinshaw also invoked his local-government experience working with Fairfax Water to make a practical point: even a "sophisticated, well-funded" utility struggled to keep pace with the volume and sophistication of attacks, and smaller utilities, towns and businesses "have no realistic path to defending themselves against a nation-state."

Budget numbers and organizational attrition: the scale of the cuts

The fiscal arithmetic the lawmakers cited is stark. President Donald Trump’s fiscal 2027 budget would cut CISA by $707 million, according to a summary released last month, though a separate budget document points to a smaller reduction of $361 million. Either figure would leave the agency with slightly more than $2 billion in discretionary funding, down from the roughly $3 billion it had at the start of the administration. Lawmakers and outside observers describe more than budgetary shifts: during the second Trump administration the agency has lost roughly a third of its personnel, shuttered entire divisions and operated without a Senate-confirmed director.

Former officials, industry partners and lawmakers have described diminished coordination with state and local governments, weakened relationships with the private sector and growing concern about whether the agency retains the capacity to manage a major cyber crisis.

What this means for utilities, the FBI, technologists, and Congress

  • Utilities and local governments: Lawmakers said these entities — especially smaller utilities and towns — lack a realistic path to defend against nation-state actors on their own. CISA’s information-sharing and relationship-building functions are described as essential to those communities’ ability to recover and harden after intrusions.
  • The FBI and incident response: Bacon and Walkinshaw endorsed a model in which CISA plays a larger role after an intrusion, "helping affected entities restore their networks while the FBI works to identify the source." That division of labor presumes both organizations retain capacity to act in parallel.
  • Technologists and security teams: Walkinshaw warned that advanced artificial intelligence broadens the attack surface, enabling "more and smaller, maybe not as well-funded organizations across the globe, [to] launch sophisticated attacks," making centralized support and coordination more important as "the defense" becomes "more complex."
  • Congress and funding choices: Walkinshaw argued restoring CISA’s capacity should be achievable even with a divided Congress, framing recovery and expansion of capabilities as a bipartisan area where lawmakers can act.

Conclusion: A contested bet on centralized civilian defense

Two members of Congress from opposite sides of the aisle delivered a shared diagnosis: CISA was built to protect the diffuse parts of the American infrastructure ecosystem that cannot defend themselves, and recent cuts have undermined that mission. The debate now turns to whether Congress will treat restoring and expanding CISA’s capabilities as a priority — a possibility Walkinshaw called "within reach of a divided Congress" — and whether the agency can recover the personnel, divisions and relationships that lawmakers and partners say it has lost.

Read the original CyberScoop story