Cybersecurity Spending
,
Government
,
Industry Specific
Congress Holds Cyber Funding at 2024 Levels Across Key Civilian Agencies
Federal cybersecurity funding will mostly flatline in key agencies throughout fiscal year 2026 under a new funding deal, even as the agreement repeatedly calls on the U.S. government to keep America at the forefront of cutting-edge and emerging technologies.
The House and Senate Appropriations committees released a funding measure that sets budget levels and policy directives for major civilian agencies including the Departments of Commerce, Justice and their science, technology and law enforcement components. The deal – now moving through Congress – outlines how lawmakers intend agencies to fund and manage cybersecurity, emerging technology and national security-related programs in the current fiscal year, which began in October.
Lawmakers repeatedly kept cybersecurity and digital risk-related programs at “no less than the fiscal year 2024 enacted level” across the legislation, preserving existing funding rather than expanding federal cyber funding. The bill’s stated goal is keeping the United States “at the forefront of cutting-edge technologies,” language that appears in sections tied to artificial intelligence, advanced computing and semiconductor supply chains.
The proposal includes $1.24 billion for the National Institute of Standards and Technology but it keeps prior-year funding levels for cybersecurity work. The agreement directs no less than $55 million toward NIST’s AI research and measurement efforts, including up to $10 million for the U.S. Center for AI Standards and Innovation.
Lawmakers provided $235 million for cyber-related priorities at the Bureau of Industry and Security, as well as a slight increase of at least $10 million above fiscal year 2024 levels for enforcing export controls tied to advanced semiconductors and AI-relevant technologies.
The package includes language aimed at tightening congressional oversight provisions, stating that any program, project or activity cited in the joint measure may not be reduced or reprogrammed without prior approval from congressional appropriators. Those restrictions apply to newly appropriated funds as well as unobligated balances from prior years and certain fee-based resources.
Agencies funded under the measure are also required to submit detailed spending plans within 45 days of enactment and to provide frequent briefings to Congress.
The proposed funding levels reflect a shift from recent years when lawmakers steadily increased federal cybersecurity spending amid high-profile breaches, ransomware campaigns and concerns about foreign adversaries targeting U.S. government networks and critical infrastructure. Congress had largely embraced year-over-year cyber funding increases across civilian agencies since 2020, often pairing new money with expanded authorities and workforce investments.
Those investments came as federal agencies faced pressure to modernize legacy systems, secure cloud environments and defend against increasingly sophisticated campaigns attributed to nation-state actors, criminal groups and hacktivists targeting government data and operations. That threat activity has only continued to increase in size and scope, according to research, as growing evidence suggests the U.S. is beginning to lose ground in fortifying its cyber defenses (see: China, AI and a Federal Retreat Set Cyber Agenda for 2026).