Shields Down
Cybersecurity Cuts Are a Threat to American Democracy
Haidee LeClair
Jen Easterly, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), launched the "Shields Up" initiative in February 2022 in response to heightened cyber threats, particularly those associated with Russia's invasion of Ukraine. In part, this campaign was designed to warn critical infrastructure operators and the U.S.-based organizations about the increased risk of cyberattacks spilling over from that conflict. The goal was to encourage both the public and private sectors to implement proactive, robust cybersecurity measures to protect American citizens from these persistent risks.
Unfortunately, recent and proposed cuts to federal cybersecurity programs under the Trump administration, including sweeping changes to CISA on top of executive orders, are putting the nation’s cyber defense posture at risk. Indeed. The cuts raise some serious (and worrying) questions about whether the country will be able to counter attacks against its critical infrastructure and whether that’s actually intentional. All on their own, a diminished cyber workforce threatens the future of American democracy.
Cybersecurity Cuts Are Wide — and Deep
A recent MeriTalk article showed that CISA would lose more than 1,000 jobs under the Trump administration’s budget proposal for fiscal year (FY) 2026. That’s nearly one third of the agency’s current staff on top of the approximately 1,000 employees who have already left the agency this year. The budget (if approved) will be reduced by more than $420 million by making major cuts to CISA’s Cyber Defense Education and Training functions ($45 million), the National Risk Management Center (NRMC) ($70 million), Mission Support Enterprise Services ($132 million), and from the Joint Cyber Defense Collaborative program ($14 million). That last program connects public and private partners to coordinate defenses for critical infrastructure, which CISA and the Federal Bureau of Investigation (FBI) continue to warn are under attack, and indeed a prime target for nation state actors.
The proposal also eliminates CISA’s election security office, eliminating 14 positions. In March, CISA had already officially cut funding to support states and local election offices with election security, making it more difficult to protect our voting systems from both external (and internal) threats. Cuts to the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) raised the concern of secretaries of state, compounded by cuts to the Multi-State Information Sharing and Analysis Center (MS-ISAC). It’s hard to imagine the upside of reducing stakeholder engagement, limiting the sharing of cyber threat intelligence, and making it more difficult to collaborate on cyber incident response.
“My office’s resources to anticipate and guard against threats to the integrity of Arizona’s election system are limited,” Arizona Secretary of State Adrian Fontes wrote. “For us, DHS’s withdrawal of the full cooperation and support of our partners at CISA means our capacity to conduct this important work will be severely compromised.”
- Democracy Docket: Cybersecurity Agency Ends Support to Election Security Program
The proposed cuts will also close the Office of Equity, Diversity, Inclusion, and Accessibility. Between dismantling education programs and DEI programs and letting over a thousand CISA employees go, the changes (if the budget is approved) not only reduce the agency to a skeleton staff, unable to execute on its mission effectively, but also reduce the likelihood of the government being able to hire (or re-hire) skilled cybersecurity workers if it determines those employees were actually needed. Cybersecurity has long faced a workforce deficit, with most studies showing that companies don’t have enough people on their teams or enough people with the right skills to meet their goals. Cyber experts that formerly dedicated their expertise to protecting American citizens and the U.S. government may well help to reduce the gap in the public workforce, at least a little. And those experts are unlikely to come back to jobs where their work was undermined and undervalued, as well as underpaid.
Despite being touted as improving efficiency and streamlining operations, these proposed cuts, if enacted, would destabilize CISA and make it more difficult to respond quickly to and repel malicious actors. Cybersecurity experts and former and current officials warn that such reductions could embolden adversaries like Russia and China, who are already probing U.S. defenses for weaknesses.
“Our enemies are not slowing their continuous assaults on our systems,” says Suzanne Spaulding, who led CISA’s predecessor during the Obama administration. “We need all hands on deck and focused, not traumatized and distracted.”
- Wired: ‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge
Project 2025 in Action
For anyone paying attention last year, Project 2025 called for many of the cybersecurity changes we’ve seen in the Trump administration. It drastically reduced CISA’s role in protecting critical infrastructure (including election infrastructure) by splitting up or eliminating its core responsibilities, and moving some critical infrastructure functions to departments that lack relevant expertise, such as the Department of Transportation. This shift leaves the nation’s critical systems more exposed at a time when both cyber and physical threats are rising. Project 2025 actually recommended limiting CISA’s involvement in election security to basic hygiene assessments, which means the agency cannot provide the kind of ongoing support our state and local election officials rely on to address evolving threats. It also ended CISA’s efforts to counter misinformation and disinformation and stipulated that CISA cannot be involved during the leadup to elections, potentially increasing the threats to local election officials.
While a good portion of Project 2025 objectives are already complete, efforts continue to follow through on more of them. Meanwhile, Trump continues to issue Executive Orders (EOs), amending or repealing some key elements of Obama- and Biden-era EOs. Broadly, these efforts refocus federal cybersecurity on technical measures, including secure software development, post-quantum cryptography, AI vulnerability management, IoT security, and border gateway security. Notably, the EO limits cyber sanctions to foreign actors, so they can’t be used to punish Americans and U.S. firms engaged in malicious cyber activities or to deter election meddling. It also removes requirements for collaboration with foreign governments and industry groups in key countries, which is likely to make international cooperation more difficult — a highly questionable choice in an era where threats (and attackers) are global.
Dropping Cyber Defenses Enables Authoritarian Drift
Eroding independent civil service protections and cyber defenses can only be seen as yet another sign of democratic backsliding, paving the way for authoritarian drift. Political scientists have warned that these actions signal a shift toward “competitive authoritarianism,” which blends aspects of democracy with authoritarianism. Steven Levitsky, a professor of government at Harvard University, noted in April that the United States has “transitioned into a form of authoritarianism.” He emphasized that this shift is still reversible, “but we are no longer living in a liberal democracy.” The targeting and reduction of protections for election infrastructure in the FY26 budget are even more alarming as we look towards future elections. Who will be able to trust the integrity of the democratic process? Maybe when Donald Trump told voters last July, “In four years, you don’t have to vote again,” he was just letting us all know what to expect in 2025.
Democracy Is at Stake
As the nation lowers its cybersecurity shields and guts cyber agencies, it’s another step in the race towards authoritarianism. These are not simple budgetary adjustments or efficiency efforts; they reflect a broader pattern of democratic erosion that threatens the foundations of American governance. Misinformation and disinformation are a real threat, and malicious actors are already taking advantage of AI-capabilities to mount more diverse and disruptive threats, enabling sophisticated adversaries to act quickly and convincingly. More than ever before, we need vigilance, rigorous oversight, and robust cyber defenses. Anyone calling for anything else is the true threat to democracy and our way of life as American citizens.
We need to call our congress members to demand that they take back the oversight many have to quickly relinquished and commit to free, fair, and secure elections.