Agency presses forward with operations, disregarding employee reductions, according to CISA officials.
The Cybersecurity and Infrastructure Security Agency (CISA) is moving forward despite significant workforce reductions and budget constraints. Speaking at Black Hat 2025, CISA's leadership emphasized that they are not retreating but are advancing in a new direction, maintaining their support for critical infrastructure providers and state and local governments through free cybersecurity services and guidance.
CISA's workforce has been reduced by about one-third due to layoffs and buyouts since the Trump administration began. Despite these cuts and a reduced presence at industry events like Black Hat USA 2025, the agency's commitment to national cybersecurity remains intact. The agency is refocusing on essential protective roles and leveraging grants to support broader collaboration.
CISA's leadership is heavily invested in the MITRE's Common Vulnerabilities and Exposures (CVE) program, which is considered foundational to CISA's agency and the entire vulnerability and cybersecurity ecosystem. The agency is also investing in artificial intelligence (AI) to help defenders reduce the "asymmetric advantage" that attackers currently hold.
To better support private companies, CISA will launch a new "industry engagement portal" before the end of the year. This portal will make it easier for companies to access the agency's services. CISA is also automating additional aspects of its service, allowing partners to log into a portal, track the progress of scans, and easily see their findings.
CISA is releasing new capabilities almost every week to enhance the operation of cyber operators. An example of CISA's continued capacity is its around-the-clock response to major vulnerabilities in Microsoft SharePoint. The agency's IT modernization efforts aim to be completely done with on-premises environments and migrated to the cloud by the end of the fiscal year on Sept. 30.
Chris Butera, the acting head of CISA's Cybersecurity Division, stated that the agency still has a "very talented workforce." He also mentioned that the agency is focused on providing employees with the necessary tools to succeed. CISA officials are emphasizing the need to improve capabilities to analyze vast quantities of information using AI.
CISA's use of administrative subpoenas has identified and contacted over 3,000 organizations regarding vulnerable systems. In 80% of cases, CISA has convinced organizations to shield vulnerable systems from the internet after using these administrative subpoenas. More than 11,000 partners currently rely on CISA's free offering, which scans internet-facing systems for vulnerabilities.
In conclusion, while CISA's workforce and resources have been significantly reduced, agency leaders maintain that their commitment to national cybersecurity remains intact by refocusing on essential protective roles and leveraging grants to support broader collaboration. However, cybersecurity experts express concern that these cutbacks have resulted in a loss of operational capability and weakened relationships critical to addressing evolving cyber threats comprehensively.
- The CISA leadership, despite the workforce reductions and budget constraints, emphasized that they are advancing in a new direction, acknowledging a potential vulnerability due to the loss of operational capability, but still investing in AI and the MITRE's Common Vulnerabilities and Exposures program to strengthen cybersecurity.
- As CISA refocuses on essential protective roles and broadens collaboration through grants, there are concerns raised by cybersecurity experts about the potential weakening of relationships and operational capability, which could pose privacy risks in dealing with evolving cyber threats.
