The case for funding a strong, effective CISA

COMMENTARY: The proposed $707 million fiscal year 2027 cut to funding for the Cybersecurity and Infrastructure Security Agency (CISA) may get portrayed as a routine budget adjustment.

But in reality, it represents a shift in how cybersecurity responsibility gets organized at a national level. Sadly, that shift raises serious concerns about coordination, visibility, and operational effectiveness.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Modern cybersecurity depends on shared intelligence and consistent processes. CISA functions as a central point where threat data gets collected, correlated, and distributed. That centralization lets us identify patterns across industries and regions.

When that role gets diminished, we wind up with inconsistent information and the overall threat picture weakens. We saw this when CISA and the National Vulnerability Database (NVD) faced budget constraints over the past year: data gaps emerged, vulnerability tracking degraded, and response timelines extended. These gaps are difficult to recover from as threats continue to accelerate.

State and local governments vary widely in technical capability. Some have mature security programs, dedicated teams, and established incident response practices. Others operate with limited staffing, constrained budgets, and aging infrastructure already.

Expecting a uniform level of cybersecurity maturity across this spectrum without sustained federal coordination creates predictably inconsistent outcomes. State agencies have no chance of meaningfully doing this regardless of what the federal government wants. Threat actors will not adjust their behavior because we fragmented defense intel. They’ll revel in it. This will serve up a dinner bell for the bad guys, calling them to the new theater where information is sparse – and they have the far greater hand to play.

A distributed model also introduces endless practical challenges in execution. Threat detection, analysis, and response requires tooling, expertise, and ongoing maintenance. Replicating these functions across multiple independent entities creates duplicated effort without shared standards. This affects how intelligence gets recorded, how incidents are classified, and how quickly teams can act on information, increasing cost while reducing effectiveness.

The quality of cybersecurity data depends heavily on high-level aggregation and normalization. When inputs are fragmented, the outputs become less reliable. Small inconsistencies across datasets can lead to gaps in visibility, delayed recognition of patterns, and reduced confidence in conclusions drawn from the data. In practice, this will affect how quickly organizations can respond to emerging threats and how accurately they can assess risk.

National-level defenses rely on broad visibility across sectors and geographies that depend on centralized intelligence. The impact does not get limited to external coordination; it also affects the internal security posture of federal systems. Essentially, they would guarantee less effective federal cyber security operations if successful in this shift. Not that there’s a good time for change like this, but with the country on a war footing and facing increased AI threats, it’s arguably one of the worst conceivable times to even consider it.

Adding to those challenges, when multiple independent entities attempt to address the same threats in parallel without a shared framework, differences in implementation accumulate. Over time, those differences will begin to affect how systems are monitored, how alerts are generated, and how incidents are escalated. This will not just lead to a variation in approach but ultimately will lead to a variation in outcomes.

Building and maintaining security programs requires sustained investment. These are not one-time efforts. They require ongoing updates, continuous monitoring, and regular refinement. For many state and local governments, absorbing additional responsibility without corresponding increases in funding or access to expertise creates pressure on already limited resources.

If we have to run on a distributed system, Congress needs to send them a bill commensurate with their state’s income, keeping management central, but sharing the financial burden. It’s a case where money funneled into an existing system would go further, much further, than misled efforts or action on their part.

National cybersecurity depends on coordination as much as it depends on individual defenses. The systems in place today were developed to deliver shared awareness and a consistent baseline of information. Adjusting that structure without accounting for the dependencies breaks the system as a whole.

At a time when AI cyber threats continue to grow in scale and sophistication, clear lines of communication and reliable data flows has become essential. Reducing the capacity of the central agency responsible for that coordination affects how information gets gathered, how we interpreted it, and how it gets distributed across the ecosystem.

I’m not simply concerned about funding levels, I’m more focused on the downstream effects on data quality, operational consistency, and collective awareness. We build cybersecurity on the ability to see what’s happening, understand it quickly, and respond with confidence. Any change that reduces that visibility or introduces fragmentation into the data pipeline directly affects that ability.

The proposed reduction to CISA funding raises practical questions about continuity of intelligence, consistency of execution, and the reliability of shared data in a distributed model that’s not uniformly equipped to take on those responsibilities. It introduces risk without adding meaningful value.

Gene Moody, Field CTO, Action1

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.