Will cyber suffer under Trump’s goal to slash federal budgets?

President-elect Donald Trump’s push to trim federal budgets as part of his government waste-reduction agenda is sparking concerns that agencies may have fewer resources available for cybersecurity, potentially leaving federal networks vulnerable to nation-state hackers and cybercriminals.

But others are confident that Trump's team — which was historically hawkish on cyber and national security matters during his first term — will still prioritize cybersecurity in critical areas and aim to preserve essential spending.

Spearheaded by billionaire Elon Musk, the proposed budget reduction blueprint would include a new commission with Musk himself as its leader.

“I will create a government efficiency commission tasked with conducting a complete financial and performance audit of the entire federal government and making recommendations for drastic reforms,” Trump said in September.

Government institutions have become a prime target for hackers in recent years. The well-storied Colonial Pipeline and SolarWinds Orion incidents, in particular, galvanized Biden-era interest in shoring up U.S. cyber posture through a sweeping executive order near the start of the decade. A second cybersecurity order may soon be on the way before the end of this year.

“I think there’s an ancillary risk to the cybersecurity defenses of the [federal] enterprise, because that just tends to be a pot that people feel they can pull from without too many eyes noticing,” said one former White House technology official who, like several others in this story, requested anonymity to speak openly about their views on how a second Trump administration might impact federal cyber spending.

When broad federal budget cuts are introduced, cyber and tech spending are frequently targeted first, as the immediate impact on operations is minimal, the former official added.

Nextgov/FCW has reached out to a Trump campaign spokesperson for comment.

Government targets continue to face an endless wave of cyberattacks. Last summer, Chinese cyberspies breached the email inboxes of major federal officials, prompting scrutiny from a powerful Department of Homeland Security review board. Earlier this year, Russian hackers also accessed email correspondence from several agencies. 

More recently, a separate Chinese hacker group was found to have burrowed quietly into U.S. telecommunications providers and infrastructure that facilitates court-authorized wiretap requests, nabbing sensitive communications from top officials and people affiliated with both major 2024 presidential campaigns.

The U.S. government’s cybersecurity budget extends beyond well-known agencies like the Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency. It also includes dozens of other agencies’ chief information security officers, their support staff and recurring services booked with contractors that provide IT and cybersecurity products used to shield networks from unauthorized access.

Budget reductions can create workforce risks, according to a senior staffer in the Cybersecurity and Infrastructure Security Agency, who expressed fears about technology and cybersecurity experts departing from civil service because of budget cuts or a desire to not work under a second Trump administration.

“They were morally impacted [in 2016]. And I’m concerned because I can see that happening again. We’ve had a large effort to strengthen the workforce and expand the capacity of the workforce. I’m worried about that declining,” the staffer said.

Near the close of Trump’s first presidency, a controversial initiative to instate the government’s Schedule F job classification sought to reassign thousands of federal employees into “policy-related” roles and remove their civil service protections. Trump has vowed to reintroduce this measure, as he and his former team frequently lamented that “rogue bureaucrats” stood in the way of his policy agenda during his first White House term.

“A reduction in agency budgets, particularly ones with cyber missions or to cyber and IT staff within any agency, leaves us increasingly vulnerable to attacks and to falling behind on our economic aspirations,” said a different former White House cybersecurity official who handled cyber workforce issues.

Others believe that cybersecurity funding will be deemed a priority. One former Trump White House official said that it’s unlikely cyber and national security budget slashing would immediately commence once the former president enters office again.

“Just like in the commercial world today, you don’t fund a project in perpetuity just because it sounds nice. You need to achieve an outcome,” said the ex-official. “Far too often, in government, we fund things in perpetuity because it’s harder to just turn it off. And I think that that is probably a tone that will shift with the [new] administration.”

One industry executive predicts that Trump and his colleagues would opt to devote more spending toward cyber.

“I think there’s an equal or better chance he’s gonna … project strength and turn the tables on these tit-for-tat cyberattacks,” Alex Santos, co-founder and CEO of Fortress Information Security, said in an interview. “If we deter China and other countries from hacking us, then we don’t have to spend all this money to defend against these cyberattacks now. You could combine the concerns you heard from others and what I’m saying, and you could say the best defense is a strong offense.”

The fate of CISA itself under a new Trump term has also been called into question. Trump famously fired the agency’s then-director Chris Krebs for stating that the 2020 presidential election was secure and the results were valid. And GOP concerns over CISA-fueled censorship in its communications with social media companies — which its leadership has vehemently denied — became a flash point in a recent Supreme Court case that the Biden administration ultimately prevailed in.

CISA reform is among the goals outlined in Project 2025, a Heritage Foundation playbook considered by many as guidance for the incoming administration, though Trump has distanced himself from its creation.

“I would like to believe that the awareness of how critical cybersecurity is for national security will also underpin the future decision-making in the upcoming administration,” said a former senior CISA official. “My hope is that there would be an appreciation and an awareness for what CISA has done and, importantly, what it can do.”

But despite the particulars of agency policy, some believe the need to enhance U.S. cyber capabilities is equally appreciated across both parties.

“Cybersecurity is a bipartisan issue between the Trump and current administration, and the priority of building on cybersecurity remains steady, transcending party lines,” said Lisa Plaggemier, who heads the nonprofit National Cybersecurity Alliance. “Every administration has built on the progress of its predecessors to enhance our nation’s resilience against cyber threats.”