CISA Stripped of the Ability to Detect Threats
The Cybersecurity and Infrastructure Security Agency (CISA) is discontinuing the use of two key cybersecurity analysis tools — Censys and VirusTotal. This information was reported by sources familiar with the matter and confirmed by an internal memo circulated among hundreds of cybersecurity professionals.
According to Nextgov/FCW, access to the Censys platform was terminated for CISA employees at the end of March, and Google-owned VirusTotal ceased operations within the agency on April 20. These are widely used tools that CISA analysts relied on to track malicious artifacts, perform reverse engineering, and identify active threats within the federal infrastructure.
In a memo dated April 16 and sent to more than 500 analysts, the agency acknowledged the importance of these tools and stated it is "actively seeking alternatives to minimize operational disruption." However, there has been no direct comment from Google, Censys, or CISA regarding the situation.
Simultaneously, staff reductions took place among contractors, including personnel from companies like Nightwing and Peraton. According to sources, these individuals have already returned their work phones. These developments confirm concerns that efforts by the Trump administration to restructure the agency are already affecting CISA’s operational core.
Earlier this month, it was reported that contracts for cyber threat hunting with the private sector were to be completely terminated. Several agreements have already been canceled, raising alarm among experts. Meanwhile, Homeland Security Secretary Kristi Noem stated that the agency needs to be “smaller, more mobile, and more effective,” with a focus on infrastructure protection rather than combating disinformation.
CISA has faced criticism from Republicans since it began collaborating with social media platforms to identify disinformation ahead of the 2020 election and during the pandemic. Then-CISA Director Chris Krebs declared the elections secure, after which he was fired by Donald Trump. Today, Krebs’s name has once again become a target of criticism from both former and current presidents.
Previously, a leak from MITRE caused a stir in the industry — there were reports that CISA might lose support for the flagship CVE program, the foundation of the global vulnerability database. However, the contract was later extended for another 11 months, underscoring the instability and uncertainty surrounding the agency’s future strategy.
All this is happening amid a broader trend of budget and function cuts for CISA, despite its critical role in monitoring threats to federal infrastructure. For now, the agency is losing essential tools, making full-scale cyber threat hunting virtually impossible.
