Potential budget cuts to the nation’s threat advisor agency would be “catastrophic,” a top Cybersecurity and Infrastructure Security Agency official said Wednesday.
During a House Homeland Security cybersecurity and infrastructure protection subcommittee hearing on federal cybersecurity, Eric Goldstein, executive assistant director for cybersecurity at CISA, said that a significant budget cut — such as the 25 percent reduction that House Republicans have proposed — would greatly reduce the agency’s ability to monitor threats on federal networks.
“Right now, we are at the point where we have reasonable confidence and our visibility into risks facing federal agencies,” Goldstein said. “We would not be able to sustain that visibility with that significant of a budget cut, and our adversaries would unequivocally exploit those gaps.”
In his opening statement, California Democrat Eric Swalwell, the subcommittee’s ranking member, said that cuts of that level would “devastate CISA’s ability to operate key programs” and would leave federal networks more vulnerable to attacks from U.S. adversaries like Russia, China, Iran and North Korea.
“Unfortunately, last month half of the Republican conference, including the chairman of our committee and the newly elected speaker, voted to cut CISA’s budget by 25 percent,” Swalwell said.
New York Republican Andrew Garbarino, who chairs the subcommittee, said that “we are going to make sure our colleagues continue to be educated on what a great agency CISA is.”
Rep. Carlos Gimenez, R-Fla., questioned Goldstein’s claim, saying he has “never heard somebody in a bureaucracy telling me that a cut to their budget would not be catastrophic.”
“Sometimes you can sustain some cuts if you look deep enough,” he added.
Earlier this year, CISA Director Jen Easterly made the same case to House Appropriation Committee members, saying that any reductions would “severely negatively impact” the agency’s work.
Both Garbarino and Swalwell also lamented how another continuing resolution to keep the government open would impact the agency.
“You all need long-term certainty and planning because the threat actors don’t operate by CR,” Swalwell said.
Goldstein also noted that a government shutdown would halt strategic and systematic work, though operational services like incident response, vulnerability management and continuous diagnostics and mitigation program would continue.
Goldstein said that CISA will effectively be “in a period of stasis where even as our adversaries evolve, we will not be able to advance our mission in the least, including in our critical interactions with federal agencies.”