Months of layoffs, funding cuts and lapsed programs leave U.S. cybersecurity capabilities dangerously thin, experts say. The government shutdown isn’t helping.
By Angus Loten
A steady drawdown of federal cybersecurity resources since President Trump took office is putting the U.S. at risk of falling behind China, Russia and other global adversaries on the digital battlefield, cybersecurity experts say.
As the Trump administration focuses attention on physical combat, Washington appears to be letting its guard down against the more imminent threat of nation-sponsored hackers disrupting U.S. infrastructure and other key domestic targets, they say.
Defense Secretary Pete Hegseth last week directed senior Pentagon officials to minimize cybersecurity training in the military in favor of training programs that are “directly linked to warfighting,” Hegseth said in an agency memo.
The directive rattled security professionals who were already raising flags about a gradual depletion of federal cyber capabilities since February, when the Trump administration began cutting hundreds of jobs at the Cybersecurity and Infrastructure Security Agency, or CISA, the public sector’s central cyber- defense hub.
“What’s at risk are the basic needs of our country, things like the power grid, financial markets and clean water,” said Nick Martin, chief executive of cybersecurity services and advisory firm Cyber Guardian Consulting Group. Martin, a member of the U.S. Secret Service’s Cyber Fraud Task Force, said the rollback amounts to a teardown of national cyber defenses.
“It’s not a question of if a major adversary-driven attack will hit, but when,” said Liana Keesing, policy lead for technology reform at nonprofit group Issue One.
Cyber brain drain
Between February and May, CISA’s workforce shrank to 2,540, from more than 3,700 during the previous year, while the continuing government shutdown has reduced the agency to less than 900 active workers, according to a Department of Homeland Security contingency plan.
“With fewer skilled personnel, and outdated tools, we’ll exacerbate existing security issues while opening new gaps,” said Chris Pierson, founder and chief executive of cybersecurity firm BlackCloak. “The critical infrastructure of our nation will be seriously compromised without aggressive spending on talented people and technology,” said Pierson, who served for over a decade on the DHS’s Privacy Committee and Cybersecurity Subcommittee.
Jennifer Ewbank, founder of Andaman Strategic Advisors and a former deputy director of digital innovation at the Central Intelligence Agency, said reassessing the needs of the government’s cybersecurity posture is beneficial—for instance, to avoid overlapping efforts—but not at the cost of capabilities. “This is an all-hands-on-deck moment,” to ensure the government is keeping pace with emerging threats, she said.
In July, more than 100 support workers were let go after CISA failed to renew a third-party contract underpinning the agency’s Joint Cyber Defense Collaborative program, which fosters cybersecurity collaboration with the private sector.
Shrinking budget
A House Appropriations Committee in June allocated $2.7 billion for CISA in 2026, a decline of $134.8 million from the previous year. The cuts reflect “strategic reductions to redundant, unauthorized or duplicative programs,” according to a committee memo. The White House has called for $495 million in cuts to CISA, though the government shutdown leaves the final amount uncertain.
Issue One’s Keesing said the tighter budget amounts to a “strategic rollback that weakens both our deterrence abroad and our resilience at home.” Keesing has heard from both Republican and Democratic lawmakers who acknowledge that reduced spending “will have enduring consequences for our national security,” she said.
With a tighter budget looming, CISA has already begun shedding programs. Last week, the agency stopped funding the Center for Internet Security, or CIS, a nonprofit group that provides information to state and local governments. The Trump administration also cut ties with the Multi-State Information Sharing and Analysis Center, which operates within CIS and provides early warnings, defense strategies, training and other services for tens of thousands of cities across the U.S.
Together, these programs “played a key role in sharing information across state and local government organizations, including things like local water utilities and school districts,” said Sasha O’Connell, senior director for cybersecurity programs at Aspen Digital. “We can’t expect a local water utility to defend itself against attacks from China without support,” O’Connell said.
Lapsed legislation
Congress this month failed to renew the decade-old Cybersecurity Information Sharing Act, which set legal protections for companies sharing critical cyber-threat intelligence with federal agencies—encouraging strategic private-public cooperation in building national cyber defenses.
“A lack of information sharing could delay our ability to respond effectively to emerging risks,” said Theresa Payton, chief executive of cybersecurity firm Fortalice Solutions, and former White House chief information officer under President George W. Bush.
In March, DHS closed the Critical Infrastructure Partnership Advisory Council, a program that brought together federal agencies with critical infrastructure owners and operators.
“These are not abstract losses,” Bill Moore, chief executive and founder of cybersecurity platform Xona, said about the overall decline in federal cybersecurity resources. “They are tools that help real people, operators, engineers and responders stay ahead of evolving threats.”
Read the original article here: Federal Cyber Cuts Raise National Security Alarms