During a pivotal congressional hearing, Nick Andersen, the Acting Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), defended a budget request that has come under scrutiny amid an ongoing government shutdown. This shutdown has placed substantial strain on the agency, prompting Andersen to assert the critical need for support as cyber and physical threats continue to evolve in complexity.

Testifying before the House Appropriations Subcommittee on Homeland Security, Andersen’s request for $2.5 billion underscores the administration’s commitment to stabilize and scale CISA’s mission. In his remarks, he emphasized that this financial backing is essential as the threats faced by federal systems and critical infrastructure have become increasingly intertwined. Given the agency’s prominent role in mitigating cybersecurity risks, the budget request can be seen as a strategic move to bolster its capabilities.

Speaking candidly to lawmakers, Andersen remarked, “While we are shut down, our adversaries are not,” highlighting the urgency of the situation. Despite the ongoing funding lapse that reduced CISA’s workforce to approximately 40% of its normal capacity, the agency continued its vital operations concerning incident responses and infrastructure defense. Notably, the Department of Homeland Security has taken steps to recall furloughed employees back to work, a move aimed at mitigating the impacts of the shutdown.

The proposed budget seeks to support CISA’s core statutory mission, with a significant portion—$1.4 billion—dedicated to its cybersecurity division. This division’s objectives include detecting and defending against cyberattacks targeting federal structures and enhancing overall national resilience. The urgency for these funds has only intensified as the agency has been operating while dealing with drastic reductions in personnel over the previous weeks.

Since early 2025, CISA has taken proactive measures by issuing multiple emergency directives. These initiatives encompass a series of joint advisories in collaboration with law enforcement and international partners to strengthen cybersecurity. In the past year alone, the agency has identified and added nearly 300 known exploited vulnerabilities to its catalog, pointing to a total of over 1,500 vulnerabilities that have warranted attention.

Andersen underscored the importance of ongoing investment in federal network visibility through programs like Continuous Diagnostics and Mitigation. This initiative is slated to receive $410 million under the new budget proposal, aimed at bolstering endpoint detection and response capabilities, as well as enhancing coordinated threat response across the various agencies involved in national security.

In addition to cybersecurity, the request allocates $391 million for infrastructure security and resilience programs. These funds are targeted towards fostering risk-informed decision-making processes among operators of critical systems. Furthermore, $178 million would be directed to risk reduction services provided by CISA’s regional field presence, which includes essential services like vulnerability assessments, incident response support, and comprehensive training activities for state and local governments, as well as private-sector partners.

These training programs enable key stakeholders to better anticipate and recover from both cyber and physical threats—an increasingly relevant concern as major events, including the upcoming FIFA World Cup, approach. With over 1,000 engagements completed in relation to such major events, the agency’s frontline presence is crucial for situational awareness and proactive response initiatives.

Additionally, CISA’s budget request includes $98 million toward emergency communications programs, aimed at bolstering interoperability among various federal, state, and local agencies. Another $31 million is proposed to support its role as the sector risk management agency for eight of the nation’s 16 critical infrastructure sectors. This broader role is pivotal for identifying and managing cross-sector risks at a national level, underscoring the importance of a cohesive strategy in addressing widespread vulnerabilities.

During the hearing, lawmakers were keen to highlight workforce challenges that have led to “detrimental capacity impacts” on CISA’s mission delivery. Andersen acknowledged the struggles posed by vacancies and disruptions linked to the shutdown, noting that the agency is currently working to fill 329 critical positions necessary for restoring operational capacity, particularly in cybersecurity fields and field operations. These personnel often play a crucial role in local communities and critical infrastructure environments, where CISA’s presence is most visible during incident responses and recovery efforts.

With the administration proposing cuts to CISA’s overall budget, questions loom regarding how the agency will sustain its expanded mission demands amid diminishing resources. Andersen reiterated that CISA remains focused on stabilizing its operations while strategically directing resources toward sectors deemed highest risk—particularly those associated with national security, public health, and economic continuity. The challenges the agency faces serve as a reminder of the pressing need for robust federal cybersecurity strategies in an increasingly volatile landscape.