The Trump administration’s FY2027 budget request would sharply cut the Cybersecurity and Infrastructure Security Agency, and the most consequential part is not the headline dollar figure. It is the decision to narrow what CISA is for.
According to the budget justification described by Nextgov/FCW, the administration wants to eliminate roughly $700 million in programs across the agency, producing a net reduction of about $360 million after transfers and other adjustments. The proposal also projects cutting about 860 positions. Inside that package are some of CISA’s most visible links to state and local governments: election security support, stakeholder engagement operations, workforce development, and parts of infrastructure protection.
The election piece stands out because it goes beyond belt-tightening. The request would eliminate CISA’s election security program, remove dedicated election security advisors around the country, and end support for the Elections Infrastructure Information Sharing and Analysis Center, or EI-ISAC. That would scale back one of the federal government’s main channels for sharing cyber threat information, alerts, and incident-response support with election officials.
What is actually being cut
The details matter here. CISA was created to help defend civilian networks and coordinate with a wide mix of outside operators: state agencies, local governments, infrastructure owners, and international partners. The FY2027 request would reduce that connective tissue.
Based on the source material, the administration is targeting:
- Election security programs and related advisory support
- Funding tied to EI-ISAC information sharing
- Stakeholder engagement functions, including offices focused on coordination and international affairs
- Workforce development efforts
- Some broader infrastructure security and emergency communications responsibilities, with more burden shifted to state and local governments
That is a different kind of policy choice than a narrow operating cut. It suggests the administration wants CISA to do less convening, less field-facing support, and less coordination across jurisdictions.
Why this matters before the 2026 midterms
Election security is an awkward policy area because election administration is mostly local, while the threats are not. County offices, secretaries of state, and local election boards often run the systems. But phishing campaigns, ransomware, foreign probing, and influence operations do not respect those boundaries. That is why the federal role has centered so heavily on information sharing and coordination rather than direct control.
If that layer is reduced, the practical effect is not that states suddenly stop caring about cybersecurity. It is that they may have fewer shared tools, fewer alerts flowing through a national channel, and fewer people inside CISA whose job is to help translate federal threat intelligence into something usable for election administrators.
That gap matters most for smaller jurisdictions. Large states and major metro areas may have their own cyber staff, procurement budgets, and vendor relationships. A rural county office usually does not. A system built around pooled intelligence and centralized support tends to matter more at the edges than at the center.
A concrete example of the likely impact
Imagine a county election office a few months before voting begins. An employee receives a convincing phishing email that appears to come from a trusted vendor. The local IT team is small. Under the model CISA has supported, that office can benefit from shared alerts, guidance, and incident-response resources distributed through election-focused coordination channels such as EI-ISAC.
If those channels are weakened or removed, the county still has responsibility for securing its systems, but it may have to rely more on its own staff, its own contractors, or state-level support that is uneven across the country. The problem is not only slower response after an incident. It is also less visibility beforehand into patterns showing up elsewhere.
That is the hidden value of this kind of federal program. Much of it looks bureaucratic until a local office needs to know whether the suspicious activity it is seeing is an isolated problem or part of a wider campaign.
This is also about CISA’s identity
The budget request reads as an argument about the agency’s mission. Since its creation, CISA has grown into a hub for civilian cyber defense and cross-sector coordination. Critics have long objected to parts of that expansion, especially where election-related work intersects with politically charged debates. Supporters argue that the agency’s job is precisely to provide neutral, operational support where fragmented systems create national risk.
The proposed cuts push firmly toward a narrower version of CISA. In that version, the agency does less outreach, less intergovernmental coordination, and less direct support for election infrastructure. State and local governments are expected to carry more of that load themselves.
That may sound tidy on paper, but cybersecurity rarely stays inside organizational boundaries. The case for CISA has always been that some threats are shared even when the assets are decentralized. Election infrastructure is one of the clearest examples.
Congress is the real next arena
The administration’s request is a proposal, not the final word. That matters because previous efforts to cut back CISA’s election-related work have run into bipartisan resistance in Congress. Lawmakers have not always agreed on the agency’s scope, but there has been support for maintaining core security assistance to election officials, especially when framed as infrastructure protection rather than federal control of elections.
So the immediate story is less about a program disappearing tomorrow than about a policy fight that has now been set up in public budget terms. Congress will have to decide whether these functions are expendable, whether they belong elsewhere, or whether cutting them would leave a hole just as the country heads toward another midterm cycle.
The timing is hard to ignore. Budget debates often feel abstract, but this one lands close to a live operational calendar. Election offices do not build cybersecurity capacity overnight, and they cannot easily replace a national information-sharing structure in the final stretch before a major federal election.
What to watch next
Three questions matter from here.
First, will Congress restore some or all of the election security and stakeholder engagement funding? That is the clearest test of whether bipartisan support still exists in practice.
Second, how much of the proposed workforce reduction actually survives appropriations? Cutting 860 positions would affect far more than one line item. It would shape the agency’s ability to deliver any mission at speed.
Third, watch whether the debate stays focused on election security alone or broadens into a larger argument about national cyber posture. The source material points to both. Ending EI-ISAC support and election advisors is the most politically visible change, but the wider restructuring of stakeholder coordination may prove just as important.
The larger issue is straightforward. When Washington cuts a coordination agency, the losses do not always show up as one dramatic failure. They appear as thinner information flows, slower response, fewer experts in the room, and more uneven protection from one jurisdiction to the next. That is why this budget proposal matters beyond CISA’s balance sheet.
It is a decision about whether the federal government should keep acting as a shared defensive layer for election systems and other civilian infrastructure, or step back and let a fragmented map of state and local capacity carry more of the risk.