The top U.S. cybersecurity agency is shrinking quickly under Trump 2.0

After years of aggressive growth and regulatory expansion under previous administrations, the workforce and mission of the Cybersecurity and Infrastructure Security Agency are rapidly shrinking.Why it matters: As nation-state attacks on critical infrastructure intensify, states and private companies lack the capacity to fill the gaps left by CISA's retreat, former officials tell Axios.Driving the news: Congress is pursuing what will likely be a significant budget decrease for the agency in the upcoming fiscal year, although the exact cuts are under debate.House appropriators have proposed a $135 million cut to the agency's $3.01 billion budget from last year — far less than the $495 million cut the Trump White House initially proposed, though still substantial.The White House's budget request also called for a 10% cut in overall cybersecurity spending across civilian agencies compared with 2024 levels.The big picture: Based on the proposed budget cuts and workforce reductions, don't expect as many public events or major public awareness campaigns coming from CISA during the second Trump administration.Instead, the agency is likely to revert to a scaled-back role that focuses on protecting federal government networks and tracking digital threats against critical infrastructure, former officials say. "They want CISA to be this technocratic, inward-looking, almost shy, part of the federal enterprise," said Andrew Grotto, a research scholar at Stanford University and former White House cyber policy senior director in the Obama and first Trump administrations.State of play: Before the passage of the "One Big Beautiful Bill," much of CISA's surplus budget — nearly $144 million, according to one senator — was reallocated to U.S. Immigration and Customs Enforcement to help fund the administration's mass deportation plans. A third of the workforce has already left the agency through voluntary buyouts, early retirement or layoffs.A major information-sharing council shut down earlier this year. Some critical infrastructure operators say they've had radio silence from the agency in recent months, Michael Daniel, CEO of the Cyber Threat Alliance and a former Obama White House official, told Axios. Daniel added that many of CISA's regional office employees have departed and it's unlikely they'll be replaced, potentially weakening incident response efforts across sectors.Zoom in: Reallocating CISA's surplus likely means the agency can't make extra investments to build out major programs like Secure-by-Design or the Joint Cyber Defense Collaborative."They are really putting a lot of energy into the core programs of record at CISA in their budget request," Chris Cummiskey, former Department of Homeland Security acting undersecretary for management during the Obama administration, told Axios. The White House's budget proposal called for shutting down CISA's external engagement offices and its work on countering foreign-backed disinformation. The House-passed budget leaves those offices' fates up to Senate appropriators. "Threat hunting, incident response — you name it — we're going to have less of it," Daniel said. Flashback: CISA spent the last few years building up its reputation as the go-to partner for federal agencies, critical infrastructure operators (ranging from smaller regional utilities to Fortune 50 behemoths), and international agencies.The agency focused on a sprawling number of tasks, including protecting government IT networks, coordinating threat information between the private and public sectors, and building up its international and private sector engagement programs to fend off threats across borders. Between the lines: As CISA scales back, states will be expected to provide more resources to their critical infrastructure operators and federal officials will likely lean more on automation to fill the gaps, Grotto noted. But it will be years until AI tools are advanced enough to take on everything being cut today, Grotto said, and states need more funding to be able to pick up what's left. "Expecting some rural water utility to go head-to-head with China's [Ministry of State Security], that's a fool's errand," he added, criticizing assumptions in the budget that states or automation can fully replace federal cyber support.Yes, but: While CISA is quickly changing, it's possible some of these changes will be reversed. Sean Plankey, the administration's pick to lead CISA, has yet to have a nomination hearing. Private sector companies are still in a "wait-and-see" mode, Daniel said. Marci McCarthy, director of public affairs at CISA, said in a statement that the agency is "laser-focused on securing America's critical infrastructure and strengthening cyber resilience across the government and industry.""We continue to drive greater efficiency, strengthen our partnerships, provide actionable threat intelligence and safeguard the homeland," she added.Go deeper: Federal cyber teams overwhelmed amid workforce disruptions