my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

CISA's Getting a $700M Haircut While Feds Post Gate Codes on Quizlet

John Z Black Apr 4, 2026 Policy, Law & Governance #cisa #budget #federal-security #cbp #opsec

The same week Chinese APTs were hitting US agencies and TeamPCP breached the European Commission, the White House dropped a budget proposal to gut CISA by up to $707 million.

And while that proposal was being drafted, someone at Customs and Border Protection was uploading facility gate codes to Quizlet.

These stories landed hours apart. They shouldn’t be treated separately.

Trump’s FY2027 budget would slash CISA’s funding by $361-707 million (depending on baseline), leaving around $2 billion in discretionary funding. That’s a dramatic drop from the roughly $3 billion baseline at the start of the administration. Last year’s proposal asked for $490 million in cuts. Congress pushed back. This year the White House came back bigger.

The political angle is obvious. Former DHS Secretary Kristi Noem accused CISA of “infringing on First Amendment rights” over election security work. The budget frames cuts as “refocusing on core mission,” which is bureaucratic code for stripping everything the current administration finds inconvenient.

Rep. Bennie Thompson called it “reckless” given tensions with Iran and an “increasingly aggressive China.” He’s not wrong.

Then there’s the Quizlet situation. WIRED reported CBP facility security codes, gate access codes, body-worn camera policies, and radio codes sitting on public flashcard sets. Discoverable through basic Google searches. Multiple users created these between November 2025 and February 2026, apparently studying for job assessments.

Federal employees responsible for border security uploading operational security info to a consumer study app. Not because they were malicious. Because nobody told them not to. Or the message didn’t stick.

You can’t build security culture by cutting the agency responsible for building it. And you can’t justify the agency’s budget when its own government peers are posting access codes on the internet.

The cut is a proposal, not law. It’ll face resistance. But the signal is real: cybersecurity is a lower priority than last year. And the year before that.

If your org relies on CISA advisories, threat intel sharing, or critical infrastructure coordination, start planning for reduced capacity. Even if Congress restores funding, the institutional damage from annual budget fights is cumulative. People leave. Programs stall. Knowledge walks out the door.

Budget cuts and Quizlet leaks: the full picture of federal security erosion