The Department of Homeland Security asked for a large topline in its FY2024 budget request but the allocation shows priorities that favor traditional operations and disaster response over investments aimed at asymmetric threats. The administration’s FY2024 gross discretionary request was roughly $88.06 billion, with Operations and Support accounting for about 63.6 percent of that request while Research and Development shrank to roughly 0.6 percent of the DHS discretionary request. Those proportions matter because asymmetric threats scale differently from classic resource needs and require persistent investment in sensing, technology, and grants that harden partners across the country.
Put bluntly, DHS is buying muscle with one hand while giving only pocket change to the brains that spot and blunt asymmetric attacks. CISA’s FY2024 request was a notable increase, roughly $3.1 billion, and that funding bump matters for federal cyber posture and programs like Continuous Diagnostics and Mitigation. But CISA’s growth, while necessary, does not by itself correct an institutional tilt toward operations-heavy spending that leaves gaps in S&T, cross-cutting R&D, and state and local resilience.
Look at component-level allocations to see the imbalance. Net discretionary appropriations reported for FY2024 show CBP receiving well into the tens of billions while Science and Technology and other R&D-focused accounts remain in the hundreds of millions. That split is not an accident. It reflects political and institutional pressures to resource visible, mandated missions such as border operations even as low-cost technologies and supply chain attacks make softer targets more attractive to adversaries and malign actors. The distribution in the departmental request and in congressional actions reinforces operational priorities at the expense of longer lead-time defenses.
There are three practical problems with the current posture. 1) Underinvestment in R&D and acquisitions for asymmetric counters. DHS R&D and procurement lines are small relative to the scale and rapid evolution of threats such as swarms, small unmanned systems, supply chain compromises, and IoT-enabled disruptions. When R&D is a fraction of the total request the agency cannot be a rapid innovator and instead remains a buyer of commercial fixes after gaps are exposed. 2) Fragmentation of funds across dozens of mission offices creates duplication and weakens centralized prioritization. The department still struggles to translate strategy into budget lines that protect against emergent asymmetric risks rather than just keeping big mission shops running. GAO has highlighted a long list of priority open recommendations across DHS areas that, if unaddressed, will continue to degrade return on investment for taxpayer dollars. Addressing management and program fragmentation would free capacity for higher return investments against asymmetric threats. 3) Grants and state and local assistance remain modest compared with national exposure. The federal government cannot defend every soft target directly. It must scale a resilience baseline through grants, technical assistance, and incentives for private sector operators of critical infrastructure. Current federal assistance lines are outpaced by operations accounts, leaving first responders and local infrastructure operators under-resourced for asymmetric scenarios.
Congress and DHS have recognized discrete cyber needs. For example congressional appropriators explicitly funded Continuous Diagnostics and Mitigation and related endpoint efforts in committee report language while also scrutinizing some of CISA’s proposals. Those are the right kinds of actions, but they are incremental rather than systemic corrections to the budget posture. Targeted increases to CISA and CDM are necessary but not sufficient to realign departmental priorities.
What must change immediately 1) Rebalance programmatic shares. Move a portion of recurring operations growth into R&D and crosscutting procurement that addresses asymmetric threats. Even modest reallocations from O&S into R&D and PC&I would yield better long-term risk reduction. Use multi-year budget language where possible so technology acquisition can be planned rather than reactive. 2) Create outcome-oriented pooled funding lines for counter-asymmetric programs. Pool money across components for counter-UAS, supply chain defense, industrial control systems monitoring, and OT/IoT resilience. Require joint program offices to compete for those pooled funds on measurable metrics. This reduces duplicate buys and ensures scale. 3) Increase federal assistance to states, locals, and critical infrastructure owners for sustained resilience. Grants are the force multiplier. Fund sustained, multi-year programs for incident detection, tabletop exercises, and hardware upgrades instead of one-off exercises. The federal role must be to raise minimal national resilience standards that reduce the attack surface. 4) Hold acquisition and program offices to timelines tied to threat indicators rather than fiscal habit. If a threat vector such as small UAS or ransomware materially increases, reprogramming must be possible with rapid congressional oversight to accelerate fielding. The department must adopt contingency procurement authorities to keep pace.
Conclusion DHS will always need robust operations. But asymmetric threats do not care about budget line optics. They exploit low-cost, high-impact gaps: consumer drones, unsecured OT devices, poorly patched supply chains, and understaffed state and local IT shops. The FY2024 request contained sensible increases for entities like CISA but the overall allocation pattern still favors scale in boots, buildings, and disaster funds over the distributed investments that deny asymmetric advantage to adversaries. If policymakers want fewer catastrophic surprises and lower downstream cleanup costs they must change the budget calculus now. The fix is straightforward: reprioritize dollars into R&D, pooled counter-asymmetric programs, and sustained grants. Do that and you turn a reactive department into a force that reduces risk in advance.