5 Reasons Why CISA Is Indispensable to America’s Cyber Defense

Some 70 percent of cyberattacks in 2024 targeted critical infrastructure, yet Congress is weighing cuts to the lead agency responsible for defending it. The Cybersecurity and Infrastructure Security Agency (CISA) — America’s civilian cyber defense agency — performs functions that no other federal agency performs and that no single state, company, or military command is positioned to replace. A new House Appropriations Committee report, released on June 5, provides the clearest evidence of CISA’s importance. Even while trimming CISA’s budget, the committee directs the agency to sustain or expand nearly every one of its missions. Five are especially hard to replace and dangerous to underfund:

1. CISA is the nation’s early warning system as AI makes software flaws easier to find and exploit. 

The committee report notes that the Common Vulnerabilities and Exposures program — which assigns standardized identifiers used worldwide to track and manage cyber threats — faces declining data quality and mounting backlogs. Meanwhile, advanced AI tools are making it easier to discover software flaws and weaponize them. As the volume of identified vulnerabilities increases, organizations need a trusted mechanism to distinguish theoretical weaknesses from actual vulnerabilities that adversaries are actively exploiting. 

CISA performs that triage function through the Known Exploited Vulnerabilities catalog, helping federal agencies and voluntary users focus limited resources on the threats that pose the most immediate risk. Congress understands that the challenge is no longer finding vulnerabilities but determining which ones matter most. As AI drives an explosion in vulnerability discovery, CISA’s role in identifying and prioritizing actively exploited vulnerabilities becomes increasingly important.

2. CISA is America’s first line of defense against China’s plans to disrupt U.S. critical infrastructure.

In February 2024, CISA and law enforcement partners provided detailed technical information that the Chinese state-sponsored group Volt Typhoon had infiltrated U.S. critical infrastructure. Microsoft first revealed in May 2023 that Volt Typhoon had given Beijing the kind of persistent access it could use in a crisis to disrupt transportation, communications, energy, and other essential services. Similarly, when the Chinese group Salt Typhoon ran an espionage campaign against U.S. telecommunications carriers in October 2024, CISA’s threat hunters were among the first to detect activity on federal networks. This gave law enforcement the opening to map the full scope of the operation. 

CISA’s visibility — combined with its relationships with critical infrastructure owners and operators — allows the agency to share indicators of compromise and help remove intruders before access becomes disruption. No other federal agency is positioned to bridge federal visibility, law enforcement action, and critical infrastructure defense at the scale this threat demands. 

3. CISA is the only agency charged with defending federal civilian systems from cyber threats.

The Department of Defense protects military networks, but nothing comparable existed for the civilian agencies across the executive branch until Congress assigned that responsibility to CISA in 2018. Through programs such as the Continuous Diagnostics and Mitigation and the Cyber Analytics Data Systems, CISA maintains a real-time picture of which devices and software reside on federal networks and where those systems are vulnerable, allowing the agency to prioritize and mitigate threats it finds. 

These federal networks include agencies that hold Americans’ tax records, benefits information, immigration files, and other sensitive data that make them attractive targets for foreign adversaries and cybercriminals. Without CISA, no single entity would identify systemic cyber risks across federal civilian agencies or hold the authority to require their remediation. CISA alone can issue binding operational directives, the compulsory orders that direct federal civilian agencies to fix the vulnerabilities in their network.

4. CISA is the only federal partner equipped to help thousands of election officials defend against cyber threats.

America’s election system is administered by more than 10,000 election jurisdictions, many of which operate with limited budgets and little in-house cybersecurity expertise. CISA provides elections officials with voluntary services ranging from cyber assessments and vulnerability scanning to incident response support and threat briefings. To be sure, the agency does not run elections or dictate election procedures; instead, it helps election administrators secure the systems that support voter registration, election management, and related functions. The House Appropriations Committee report continues to support this mission, including efforts to strengthen the security of voting technologies and provide training and technical assistance to local election offices that lack dedicated cybersecurity staff.

5. CISA helps build the national cyber workforce pipeline and supports the under-resourced state and local governments that need it most.

State, local, tribal, and U.S. territorial governments often lack the personnel and technical expertise required to manage modern cyber threats. Meanwhile, the broader national cybersecurity workforce pipeline remains uneven and insufficient to meet demand. CISA’s Cybersecurity Education and Training Assistance Program brings cybersecurity instructions into K-12 classrooms, reaching over 28,000 teachers and 6 million students nationwide and helping expand early exposure to the field.

In parallel, CISA plans to place Cybersecurity State Coordinators in every state and several U.S. territories, giving local governments, school districts, and rural utilities a direct point of contact during cyber incidents when no in-house expertise exists. These roles are often the only accessible source of federal cyber support for smaller jurisdictions facing real-time threats, reflecting the reality that many governments will never be able to independently staff or sustain full-time cybersecurity teams. 

Jiwon Ma is a senior policy analyst at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD). For more analysis from Jiwon and FDD, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. Follow Jiwon on X @jiwonma_92. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.