Unfulfilled CISA agreement hinders national lab's threat-tracking activities
Lawrence Livermore National Laboratory Halts Cyber Threat Analysis for CISA's CyberSentry Program
A significant disruption has occurred in the national cybersecurity posture, as the Lawrence Livermore National Laboratory (LLNL) has temporarily halted its cyber threat analysis for the CyberSentry program run by the Cybersecurity and Infrastructure Security Agency (CISA). This development comes following the expiration of the contract between CISA and LLNL, which has not been renewed due to administrative delays.
The CyberSentry contract lapse has caused LLNL to cease legally analysing the CyberSentry sensor data, even though the sensors themselves remain deployed and continue to collect network traffic information. This has resulted in a significant loss of visibility into cyber threats targeting U.S. critical infrastructure, particularly in operational technology (OT) networks like power grids and water systems.
Despite CISA's statements that the CyberSentry program remains "fully operational" and that ongoing reviews have not impacted day-to-day activities, expert testimony and reports clearly indicate that threat analysis by LLNL experts has paused. This operational gap raises national security risks, as adversaries could exploit vulnerabilities in interconnected infrastructure systems, potentially causing cascading disruptions.
The work conducted by LLNL for CISA's National Infrastructure Simulation and Analysis Center has been ongoing "for a decade," including at CISA's predecessor. This analytical work is important to CISA's mission of understanding and mitigating systemic risks to vital systems. The work involves understanding infrastructure interdependencies and cascading consequences of disruption to infrastructure.
The contract lapse is linked to slowdowns initiated under previous administration policies requiring Cabinet-level approvals for such contracts. As a result, LLNL has also had to halt other critical cybersecurity research for CISA on infrastructure interdependencies due to similar contract expiration issues.
Corporate stakeholders are concerned about the risk calculus of their technology stacks, with a focus on whether they are potential targets. The disruption to LLNL's CyberSentry analysis could delay the discovery of important threat indicators, and the delay in resolving the lapsed contract means that there is currently reduced scrutiny of CyberSentry data, which includes evidence of attempted and successful attacks on critical infrastructure sites.
Both DOE and LLNL did not respond to requests for comment. DHS referred questions to CISA, which downplayed the impact of the contract lapse on CyberSentry's operations. However, until CISA renews the contract, LLNL's team cannot review CyberSentry data.
This development highlights governance and funding challenges impacting critical U.S. cyber defense programs. It is crucial for these issues to be addressed promptly to ensure the continued protection of U.S. critical infrastructure from cyber threats.
- Source 1
- Source 2
- Source 3
- Source 4
- Source 5
- The temporary halt in cyber threat analysis by Lawrence Livermore National Laboratory (LLNL) for CISA's CyberSentry program has raised concerns about privacy, as the lapse in the contract means that LLNL experts can't review sensitive CyberSentry data, potentially leaving critical infrastructure vulnerable to threats.
- In the ongoing dispute over the renewal of the CyberSentry contract between CISA and LLNL, technology plays a significant role, as the sensors remain deployed but the loss of LLNL's analysis could lead to a reduction in national cybersecurity posture, particularly regarding operational technology networks like power grids and water systems.
