President Donald Trump’s proposed budget for the Cybersecurity and Infrastructure Security Agency would eliminate the agency’s work on election security and chemical infrastructure safety, shrink its nationwide force of security advisers and slash training support for critical infrastructure operators.

Those and other changes presented in CISA’s fiscal year 2027 budget request would continue a trend of the Trump administration dramatically downsizing the cyber agency’s capabilities and straining its ability to partner with state and local governments, infrastructure operators and other U.S. and international stakeholders. Overall, the new budget would cut $386 million in funding and eliminate 867 positions, bringing the agency down to 2,865 employees.

The wing of CISA’s Cybersecurity Division that handles threat hunting, capacity building and vulnerability management would lose $15.2 million if Congress were to approve Trump’s budget. CISA’s regional operations would lose $42 million, including 71 of the field advisers who help local governments and utilities harden their defenses. And the Stakeholder Engagement Division would shutter entirely, with CISA eliminating the teams focused on international affairs, now-closed advisory councils, and other outreach and coordination work.

SED’s lone surviving team, the one that fulfills CISA’s support responsibilities for eight of the 16 critical infrastructure sectors, would move elsewhere and receive a $6.6 million boost. The budget would also add eight new positions to help other Sector Risk Management Agencies advise and assist their infrastructure sectors, such as water, electricity and financial services.

Other increases in the budget include 53 new Cybersecurity State Coordinators — 50 junior coordinators to assist the primary state liaisons and three new coordinators for Puerto Rico, Guam and the U.S. Virgin Islands — as well as $66 million more for procurement related to the Continuous Diagnostics and Monitoring program, which protects federal networks, and $5 million for the National Risk Register that Trump mandated in an executive order.

The budget would also add 137 billets for “critical positions” within the agency, which the document said would ensure it “remains equipped to protect national interests without compromising its pivotal responsibilities.”

But the reductions in the new budget proposal far outpace the expanded investments.

Fewer penetration tests, no election security

One of the most striking cuts will affect the team that performs vulnerability assessments for critical infrastructure organizations. The budget proposes eliminating $19.3 million from that program, which it said would “result in an approximate 60 percent reduction, potentially 240 fewer penetration testing cybersecurity assessments, for stakeholders.”

The National Infrastructure Simulation and Analysis Center, which develops software that analyzes cross-sector risks, including from emerging technologies, would lose $18.5 million, most of its budget. Another wing of the National Risk Management Center that also focuses on strategic analysis of infrastructure risks would lose more than half of its $64 million budget.

The budget would also eliminate $45 million for Cyber Defense Education and Training (CDET) funding to partners, with CISA saying it would point stakeholders to other free resources; 63 positions focused on bombing prevention and school safety, issues that the Trump administration sees as state responsibilities; the chemical facilities inspection program, with its 223 positions, following the lapse of its statutory authority; and CISA’s 14-person election security program, which became controversial among conservatives after CISA worked with tech companies to combat online misinformation during the 2020 election. Addressing that last elimination, the budget said CISA would “continue to focus on its core mission areas and adapt to evolving policy direction.”

Other cuts would target 301 positions that have been left vacant by layoffs and voluntary departures (CISA said it analyzed them to determine that none were “mission-critical”) and roughly $29 million from the Joint Collaborative Environment and the Joint Cyber Defense Collaborative that CISA said it expected to recoup through contract efficiencies.

Disinvesting from data integration, shared services

The agency is also proposing to shrink its cybersecurity pay incentives fund by $18 million as part of its effort to reduce the range of roles that qualify for the incentives. In the next fiscal year, CISA said, it will limit those bonuses to “mission-critical positions that possess unusually high or unique qualifications.”

The budget also proposes a 75% cut to the CyberSentry program, which manages intrusion-detection sensors on the networks of participating critical infrastructure organizations, and a 55% cut to the Cyber Analytic and Data System, which integrates cyber threat data from across the agency. (CISA said technology improvements would allow for less spending on CyberSentry, which it called “a key capability” for its mission.)

Under the spending cuts outlined in the budget, CISA would also retreat from its mission to provide cybersecurity solutions to the rest of the government. The document proposes scaling back CISA’s support to the Justice Department’s Security Operations Center as a Service offering, ending CISA’s support for a General Services Administration program that evaluates cybersecurity vendors’ products and ending the development of a Critical Infrastructure Shared Services program