CBO breach a symptom of weakening government cyber protections

WASHINGTON, D.C. — The U.S. Congressional Budget Office (CBO) was hacked in early November, highlighting the possibility of growing cybersecurity vulnerabilities across government agencies amid political gridlock. 

Anonymous sources told The Washington Post the breach was carried out by a foreign actor. 

In a written statement, Caitlin Emma, CBO’s chief of media relations, said the agency identified the incident and took immediate action to contain it. She added that the CBO has implemented additional monitoring and new security controls going forward. 

Cuts to federal cybersecurity programs raise alarm 

The attack comes as federal cybersecurity resources face steep cuts. Recent reductions include downsizing the Cybersecurity and Infrastructure Security Agency (CISA) and ending its cooperative agreement with the Center for Internet Security (CIS). 

"I am profoundly concerned by funding cuts to the Center for Internet Security, particularly the Multi-State ISAC,” said Maurice Uenuma, security strategist and VP & GM, Americas, For Blancco. “Cuts have been made to some of the most successful government programs and public-private partnerships in cybersecurity.” 

Experts warn of increased risk to critical infrastructure 

Uenuma explained that because critical infrastructure is largely managed by private companies and local governments, federal coordination has been crucial to improving security posture over the years. Recent cuts, he warned, directly impact the ability of those entities to protect essential services Americans rely on. 

“Cybersecurity is absolutely a matter of grave public concern,” Uenuma added. “This looks like an abdication of responsibility in one of the most fundamental roles of government: public safety and national defense." 

Government cyberattacks surge amid resource strain 

The urgency is reflected in recent data: Comparitech reports ransomware attacks on government organizations surged 65% in the first half of 2025 compared to the same period last year. Zscaler found attacks against government entities more than tripled—from 95 to 322—between April 2023 and April 2025.