What is CISA? Who is CISA? Why is CISA?

It is unfair to expect the average American to know every aspect of their nation’s bureaucracy. In the executive branch of the US government, there are 26 members of the Cabinet, and 15 of those Cabinet positions serve as the respective heads of extremely important departments for the daily operations of our nation. The Cybersecurity and Infrastructure Security Agency (CISA) is not one of those departments, yet it is disproportionately vital to the safety and security of the country today.

You may not have heard of CISA, but you will have certainly heard of the broader executive department it is a part of: the Department of Homeland Security (DHS). DHS is one of those 15 major executive departments, led by former governor of South Dakota Kristi Noem (at least until the end of this month), and her department has dominated headlines during the first part of 2026. Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) especially have been the subject of a great deal of scrutiny ever since DHS began its severe crackdown on illegal immigration over the last several months.

This article is not about ICE or CBP; you can find plenty of information on both of those organizations on every news platform in the world today. Rather, this is an article on the importance of CISA, and how the politicization of DHS may jeopardize our safety and security in this modern, online world.

A Brief History of CISA

You may find it surprising to learn that the nation’s agency dedicated to cybersecurity has existed for less than ten years. Granted, its predecessor, the National Protection and Programs Directorate (NPPD) was formed in 2007 along with the rest of the Department of Homeland Security, but the establishment of CISA elevated the agency into a higher level of authority and prestige.

Since its establishment, CISA has served as the top cybersecurity authority in the United States, issuing "binding operational directives" that require federal government agencies to take action against specific cybersecurity risks, publicly identifying and publishing security risks, working with the private sector to identify and mitigate security risks in software programs, and much, much more just in its cybersecurity branch. CISA is also responsible for managing and improving physical security for the nation’s infrastructure (roads, bridges, water and electric facilities, etc.). The agency is responsible for a lot, even if it is a minuscule fraction of DHS. 

If you have heard anything about CISA, it may have been during the final months of President Donald Trump’s first term. While many individuals, both inside and outside of the administration questioned the validity of the 2020 presidential election, and huge amounts of disinformation spread across the Internet and social media, CISA was actively defending the truth, publishing a website, titled Rumor Control dedicated to refuting the administration’s claims. On November 12, 2020, CISA issued a press release asserting, "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised." CISA Director Christopher Krebs was subsequently fired via presidential tweet less than a week later.

CISA faded into the background during the Biden Administration, though new Director Jen Easterly did hire new staff to monitor online disinformation to enhance what she called the nation's "cognitive infrastructure". Under her watch, the agency also issued the 2023–2025 CISA Strategic Plan, the first comprehensive strategy document since the agency's establishment. The plan focused on improving proactive defense measures, increasing infrastructure resilience, and improving collaboration and communication, both within the agency and with partners across the government, the private sector, and even international allies. It seemed to be a noble endeavor, but whatever strides CISA made toward their strategic goals may have already been undone by the second Trump Administration.

The End of CISA?

At Burk I.T., our priority is the stability and security of the nation’s digital infrastructure. While political cycles inevitably bring changes in leadership and strategy, the current administration’s shift in CISA’s funding and mandate represents a significant pivot from previous years. To understand the future of American cybersecurity, we must look objectively at how the executive branch (currently under President Donald Trump) is reshaping the agency’s budget and operational scope. The following analysis is based on recent legislative actions and their direct implications for the private sector and the average citizen.

The current administration has moved to largely dismantle CISA. Critics and several former agency officials have characterized these cuts as being driven by CISA’s previous role in debunking the falsehoods and disinformation about the 2020 election. CISA has lost about one-third of its workforce, from roughly 3,400 employees to around 2,400. The current budget proposals also suggest a 17% cut to the agency’s funding. On top of all that, the agency is currently operating with less than 40% of its employees because of the partisan standoff regarding funding for DHS.

Why does CISA Matter?

Why does the US military matter? We can all agree that a powerful and competent standing military is important for our national security. It is one of very few institutions in the United States that has genuine broad bipartisan support. There is no reason that CISA should be treated any differently.

Consider this: the last physical attack on US soil was 9/11. It was a horrible tragedy, and it led to billions of dollars in federal funding dedicated to improving national security. The last digital attack on the United States? I guarantee it was earlier today. It does not matter when you read this article; there was definitely an attempted cyberattack on an American in the last 24 hours. In fact, the odds are that multiple cyberattacks have been attempted since you started reading this blog.

I am not acting as a fearmonger here. The reason there are so many cyberattacks is that they are extremely easy to do in the modern age, and the vast majority of attempted attacks do not amount to anything. However, the fact remains that in this digital era, digital security must grow and evolve to meet the needs of our society. We are seeing it in the private sector; companies like SentinelOne are using top-of-the-line cybersecurity tools to keep businesses safe, but not everyone can afford that level of security. It falls on our government to pick up the slack.

You may read that last paragraph and think, “great, my business uses SentinelOne (or a comparable cybersecurity XDR), so we must be fine.” Sadly, it’s not that simple. They say a chain is only as strong as its weakest link, and in a lot of ways, the United States is a chain of people. Your business may have the best cybersecurity tools in the world, but does your aunt? Your son? Your brother? If a hacker compromises the email account of, say, the daughter of a successful bank’s CEO, there is nothing stopping that hacker from sending emails through her account straight to that CEO. From the executive’s perspective, there’s nothing suspicious; it wouldn’t be flagged since it’s from his or her actual child’s account. Just like that, the entire bank is compromised.

Now we see the value in an organization like CISA. Cybersecurity is not only about having powerful firewalls, advanced email filtering, or insert whatever other powerful software program here; it is a matter of education. In the latest edition of the Verizon Data Breach Investigations Report (DBIR), they found that 68% of all breaches involve a human element, meaning that they were directly tied to a person making a very costly mistake. CISA is the government agency directly responsible for making sure that cybersecurity information and educational resources are available for everyone, regardless of what business or industry they may be involved in.

Cybersecurity as a Human Right

One of the privileges that all of us in the United States has is the national physical security of being protected by the most powerful military in the history of mankind. Now, however, physical security is not enough. This country desperately needs agencies like CISA to stand against the dramatic rise of cyberattacks, especially those carried out by foreign agents designed to undermine our infrastructure. According to a Cyber Threat Snapshot published by the Republicans on the Homeland Security Oversight Committee, major attacks specifically targeting critical infrastructure were attempted in 44 states last year, and it is only going to get worse. We need CISA now more than ever, and I hope the Trump Administration realizes that themselves before it’s too late.