{"id":3883,"date":"2025-07-09T09:00:00","date_gmt":"2025-07-09T09:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3883"},"modified":"2025-07-09T09:00:00","modified_gmt":"2025-07-09T09:00:00","slug":"trump-seeks-unprecedented-1-23-billion-cut-to-federal-cyber-budget","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3883","title":{"rendered":"Trump seeks unprecedented $1.23 billion cut to federal cyber budget"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Donald Trump\u2019s sprawling tax bill,<\/a> which he signed on July 4, contained a few noteworthy cyber funding items<\/a>, including $250 million for US Cyber Command to spend on \u201cartificial intelligence lines of effort.\u201d<\/p>\n

But the administration\u2019s next and more significant funding effort is to shepherd the White House\u2019s proposed FY2026 discretionary budget request<\/a> through the House and Senate, an appropriations task that has to be completed before the end of the federal government\u2019s FY2025 funding year on Sept. 30.<\/p>\n

This year, in an unprecedented development for any White House, Trump\u2019s budget request calls for a reduction in cybersecurity spending across civilian agencies, amounting to a $1.23 billion cut or a 10% drop in cyber expenditures for 2026 when compared to 2024 levels.<\/p>\n

Moreover, in a little-noted development, the administration\u2019s numbers show the White House has already cut $300 million in government cybersecurity spending for the current fiscal year, FY2025. The White House wants to cut cyber expenditures even further by an additional 7% next year.<\/p>\n

\u201cIt\u2019s extremely unprecedented,\u201d Michael Daniel<\/a>, CEO of the Cyber Threat Alliance, tells CSO. \u201cWe haven\u2019t seen an example of where a major corporation has done that either, and it\u2019s hard to argue that we needed to be spending less on cybersecurity anywhere.\u201d<\/p>\n

Cybersecurity spending cuts make even less sense given that the proposed budget cuts are coming at a time of increased cybersecurity threats from criminal and nation-state adversaries, which the Trump administration itself has repeatedly noted.<\/p>\n

\u201cThis budget reflects a lack of seriousness about cybersecurity,\u201d Mark Montgomery<\/a>, senior director of the Center on Cyber and Technology Innovation at the Foundation for the Defense of Democracies, tells CSO. \u201cThe administration\u2019s rhetoric is strong, but their resources are weak. There has been no alteration in the threat that would justify this reduction in resources.\u201d<\/p>\n

Reversing the trend of annual cyber spending increases<\/h2>\n

From 2017 through 2024, US government civilian agencies spent more on cybersecurity in each successive year than they did the prior year.<\/p>\n

\n

Cynthia Brumfield \/ CSO<\/p>\n<\/div>\n

(The chart is based on White House data provided for <\/em>2017<\/em><\/a>, <\/em>2018<\/em><\/a>, <\/em>2019<\/em><\/a>, <\/em>2020, 2021<\/em><\/a>, <\/em>2022,<\/em><\/a> and <\/em>2023<\/em><\/a>. Numbers for 2024, 2025, and 2026 <\/em>reflect adjustments<\/em><\/a> that Trump\u2019s OMB made for 2024 and 2025.)<\/em><\/p>\n

The administration\u2019s cybersecurity budget cuts are not evenly distributed among federal agencies. In fact, according to crosscut tables released by the Trump administration<\/a>, some civilian agencies are getting funding boosts for cybersecurity, as shown in the table below.<\/p>\n

\n

Cynthia Brumfield \/ CSO<\/p>\n<\/div>\n

Other government agencies are experiencing significant cybersecurity budget cuts, with a few slated to have their entire cyber budgets wiped out, as the table below indicates.<\/p>\n

\n

Cynthia Brumfield \/ CSO<\/p>\n<\/div>\n

Without further explanation or elaboration of what is driving the cyber budget numbers, it is difficult to tell whether the increases or decreases reflect legitimate funding needs or efficiencies.<\/p>\n

CISO and former government cybersecurity official Am\u00e9lie Koran<\/a> thinks the administration\u2019s budget is heavily influenced by the Heritage Foundation\u2019s Project 2025<\/a>, a supposed blueprint that Trump has sporadically followed thus far in his administration. Project 2025 takes a dim view of science in general, and argues<\/a> that some of the commercial technology innovations proposed by the NSF were \u201cill-advised.\u201d<\/p>\n

\u201cIf you look at things like National Science Foundation just being zeroed out, the idea of throwing no money at that is just kind of sending a signal,\u201d Koran tells CSO. \u201cWe don\u2019t want you as an agency overall.\u201d<\/p>\n

However, it is possible that the administration did not apply real thought or analysis when deriving the cyber budget. \u201cIf you look at the way that this administration has gone about making reductions, I would not use the words strategic or thought out,\u201d Cyber Threat Alliance\u2019s Daniel says.<\/p>\n

\u201cIt aligns with the philosophical approach of \u2018we just want to reduce stuff that the federal government is doing,\u2019\u201d he adds. \u201cTo ascribe a larger strategic sort of plan behind it would be wrong if only because there haven\u2019t been a lot of cybersecurity people in place for long enough to drive the budget.\u201d<\/p>\n

Munish Walther-Puri<\/a>, former director of cyber risk at New York City\u2019s Cyber Command and now faculty member of NYU\u2019s Center for Global Affairs, thinks that from a broader perspective the budget does reflect the priority the administration places on cybersecurity risk management.<\/p>\n

\u201cIf you want to know how an organization thinks about its own risk, look at where it allocates resources,\u201d Walther-Puri tells CSO. \u201cIf we shift the conversation there, it becomes less about they\u2019re spending less money on cybersecurity and more about how they think about cybersecurity as part of the risk management of the federal government.\u201d<\/p>\n

The potential impact of reduced cyber spending<\/h2>\n

Without an articulated cyber strategy, another uncertainty about the budget is what it might do to the security posture of the federal government.<\/p>\n

\u201cThere\u2019s no question in my mind that we\u2019re increasing our cyber risk in a way that\u2019s hard to quantify,\u201d Daniel says. \u201cIf I were a nation-state adversary, I would be joyous at what\u2019s going on inside the US government. Decreased funding is only going to fuel that.\u201d<\/p>\n

Walther-Puri points out that the less the government spends on cybersecurity, the greater the shift there will be in threat actors\u2019 calculus to attack the US. \u201cThis might change the prioritization for some adversaries to where they\u2019re more likely to target organizations with known budget or staffing constraints.\u201d<\/p>\n

For those agencies experiencing even modest budget cuts, the ripple effects on other stakeholders can be substantial. Montgomery, for example, worries about the zeroing out of the cyber budget for the National Science Foundation, which has provided cyber resources not only for the government but also the private sector. \u201cI\u2019m worried about the Scholarship for Service program at NSF,\u201d he says. \u201cThat\u2019s how we hire good people into cyber.\u201d<\/p>\n

He\u2019s also concerned about the future of the National Institute of Standards and Technology (NIST), an arm of the Commerce Department. Commerce faces a 14% budget cut for 2026, and the Trump administration has elsewhere proposed slashing<\/a> NIST\u2019s budget by $325 million for 2026 because it has pursued a \u201cradical climate agenda.\u201d<\/p>\n

\u201cNIST was under-resourced even during the Biden administration,\u201d Montgomery says. \u201cI have to be concerned about the NIST Cybersecurity Division, although we don\u2019t have the facts yet.\u201d<\/p>\n

Finally, the federal cyber budget cuts could create problems for state and local governments and other entities that rely on federal cyber grants. \u201cOne of the things about the crosscut is that it incorporates spending on the cybersecurity of federal networks themselves, plus programs that do outreach and grants and support state and local governments,\u201d Daniel says.<\/p>\n

\u201cThis is going to have a downstream effect for those who receive federal grants,\u201d Koran says. \u201cIt\u2019s the cybersecurity budgets that are there for local and state programs that are going to see a big hit.\u201d<\/p>\n

Congress and cyber leadership could turn things around<\/h2>\n

As the various committees of Congress begin to pass their own appropriations budget, they might reverse some of Trump\u2019s proposed cuts. For example, the House Homeland Security Committee advanced its appropriations bill<\/a> on June 3, appropriating $2.74 billion for the Cybersecurity and Infrastructure Security Agency (CISA), which reflects a budget cut of $146 million or 5% reduction from CISA\u2019s 2025 budget, far lower than the $500 million<\/a> CISA budget cut Trump had advocated.<\/p>\n

Daniel, however, worries that the piecemeal approach represented by the committee process might allow many agencies\u2019 budget cuts to sail through. \u201cI\u2019m not surprised that the House Homeland Security Committee added back some of CISA\u2019s funds because cybersecurity remains a relatively bipartisan issue,\u201d he says. \u201cNow, will the Commerce, Justice, and Science Committee add back the NSF funding? What you\u2019re going to see is once you have politics and proclivities on top of cyber, it\u2019s going to get even more fractured in terms of not being a strategic approach to managing the funding for cybersecurity.\u201d<\/p>\n

What might help is allowing the Office of the National Cyber Director, which now has a confirmed director in Sean Cairncross, and the head of CISA, which still lacks confirmation<\/a> for its nominated director leader, Sean Plankey, to weigh in on these budgetary matters.<\/p>\n

\u201cHow this can get rectified in the long term is through skilled bureaucratic leaders who advocate effectively in the budgeting process. Sean Cairncross and Sean Plankey are exactly those kinds of leaders,\u201d Montgomery says.<\/p>\n

Daniel agrees, although he thinks both officials will still face constraints. \u201cIf spending is coming down across the board and the administration wants to target things like that, it\u2019s often hard to protect cybersecurity spending from that,\u201d he says.<\/p>\n

Whatever happens, Montgomery thinks the cybersecurity community shouldn\u2019t let these funding cuts slide. \u201cWhen you don\u2019t spend enough on cybersecurity, people need to call you on it,\u201d he says. \u201cResources are policy, and a failure to implement resources, with a failure to align resources, will lead to a failure to implement policy.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Donald Trump\u2019s sprawling tax bill, which he signed on July 4, contained a few noteworthy cyber funding items, including $250 million for US Cyber Command to spend on \u201cartificial intelligence lines of effort.\u201d But the administration\u2019s next and more significant funding effort is to shepherd the White House\u2019s proposed FY2026 discretionary budget request through the […]<\/p>\n","protected":false},"author":0,"featured_media":3884,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3883","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3883"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3883"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3883\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3884"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}