A top Cybersecurity and Infrastructure Security Agency (CISA) official said this week that the House Republicans’ proposed 25 percent budget cut to the cyber agency would have “catastrophic” effects on CISA’s programs – like the Continuous Diagnostics and Mitigation (CDM) Program.
“A significant cut to our budget would be catastrophic. We would not be able to continue even sustaining some of the core functions across programs – like CDM, like our shared services,” CISA’s Executive Assistant Director Eric Goldstein said during a House Homeland Security Cybersecurity and Infrastructure Protection Subcommittee hearing on Oct. 25.
“Right now, we are at the point where we have reasonable confidence in our visibility into risks facing Federal agencies,” Goldstein said. “We would not be able to sustain that visibility with that significant of a budget cut and our adversaries would unequivocally exploit those gaps.”
Late last month, the broader GOP majority in the House endorsed a 25 percent cut to CISA’s budget as part of a fiscal year 2024 homeland security spending bill that was narrowly approved by the House. None of the nine members of the cybersecurity subcommittee approved this bill.
The top Democrat on the subcommittee, Rep. Eric Swalwell, D-Calif., said any cuts would “devastate CISA’s ability to operate key programs” and open the United States to cyberattacks from nation-state adversaries – like China, Russia, and Iran. Rep. Swalwell also called out the full committee’s chairman, Rep. Mark Green, R-Tenn., for voting to approve CISA’s budget cut.
“Unfortunately, last month half of the Republican conference, including the chairman of our committee and the newly elected speaker, voted to cut CISA’s budget by 25 percent,” the ranking member said.
After three weeks of debate in the House on electing new speaker leadership, Rep. Mike Johnson, R-La., was finally elected on Oct. 25 – just three weeks before the government’s current continuing resolution (CR) expires on Nov. 17.
The subcommittee leadership – Ranking Member Swalwell and Chairman Andrew Garbarino, R-N.Y. – lamented how another CR to keep the government open would negatively impact CISA.
“I agree with the Chairman that a CR also is a nightmare,” Ranking Member Swalwell said. “That you all need long-term certainty and planning because the threat actors, they don’t operate by CR, and they need us to be well thought out and prepared as we meet the threat environment.”
In line with industry experts’ thoughts ahead of the pending government shutdown last month, Goldstein noted that a government shutdown would halt strategic and systematic work with agencies, but operational services like incident response, vulnerability management, and the CDM program would continue.
“While we will rigorously interpret our legal requirements in determining accepted personnel, our core operational functions will be able to remain functional, but all of our strategic or more systematic work to engage with agencies to deploy technology, to advance technology … all of that work will be on hold,” Goldstein said.
“So, we will be in a period of stasis where even as our adversaries evolve, we will not be able to advance our mission in the least, including in critical interactions with Federal agencies,” he added.
With a Democratic majority in the Senate, it’s not likely that the House’s approved 25 percent budget cut to CISA will be supported.
As fiscal year 2024 budget negotiations move forward on Capitol Hill, the subcommittee chairman pledged to work with his fellow Republicans to back CISA’s budget request.
“We’re going to make sure our colleagues continue to be educated on … what a great agency CISA is,” Rep. Garbarino said.