<p>Hundreds of staff in the Cybersecurity and Infrastructure Security Agency were notified this week that the organization discontinued one cybersecurity tool and is preparing to retire another focused on threat hunting, according to two people familiar with the matter and internal email correspondence seen by <em>Nextgov/FCW</em>.</p>
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<p>Amid broader reductions being levied across the cyber defense agency, CISA’s threat hunting division plans to cease use of Google-owned VirusTotal on April 20, according to the email's contents. The division halted use of Censys, a cyber threat intelligence service, late last month, the email also said.</p>
<p>“We understand the importance of these tools in our operations and are actively exploring alternative tools to ensure minimal disruption,” said the April 16-dated notification that was sent to more than 500 CISA cyber threat hunters. “We are confident that we will find suitable alternatives soon.”</p>
<p>The people, who confirmed the email’s legitimacy to <em>Nextgov/FCW</em>, requested anonymity to communicate sensitive discussions. Google, Censys and CISA all declined to comment.</p>
<p>Nightwing and Peraton contractors had to turn in their phones Thursday, according to one of the people. Axios <a href=“https://www.axios.com/2025/04/04/cisa-workforce-layoffs-trump-administration#:~:text=Another%20industry%20source,services%20vendor%20Peraton.”>previously reported</a> those expected cuts to Nightwing and Peraton contracting staff.</p>
<p>The developments add to recent concerns that the Trump administration’s efforts to resize CISA are hitting core aspects of the cyber defense agency that could affect its ability to seek and destroy cyber threats that cross into federal networks.</p>
<p>Earlier this month, a separate person familiar with agency reduction plans said CISA may be <a href=“https://www.nextgov.com/people/2025/04/cisa-make-comprehensive-staff-cuts-coming-days-people-familiar-say/404320/”>ending all threat hunting contracts</a> with the private sector and said multiple contracts have already been cut.</p>
<p>Senior administration officials, namely Homeland Security Secretary Kristi Noem, have vowed to downsize CISA amid accusations that the cyber agency’s efforts to call out online disinformation have targeted conservative voices, though the planned moves appear to go beyond just those areas of the agency.</p>
<p>Last week, a top House lawmaker said he asked staffers working for Noem to <a href=“https://www.nextgov.com/cybersecurity/2025/04/top-homeland-security-lawmaker-calls-cautious-cuts-cisa/404494/”>carefully consider</a> how to reduce the size of CISA because the agency does “have a mission to overwatch our critical infrastructure and make sure the bad guys aren’t getting in.”</p>
<p>Earlier this week, the cybersecurity industry was sent into a tailspin after an internal memo from MITRE leaked on social media indicating that CISA would <a href=“https://www.nextgov.com/cybersecurity/2025/04/mitre-backed-cyber-vulnerability-program-lose-funding-wednesday/404585/?oref=ng-homepage-river”>no longer support</a> its flagship CVE Program, used worldwide to track and catalog cybersecurity vulnerabilities. Hours later, CISA reversed course and <a href=“https://www.nextgov.com/cybersecurity/2025/04/cisa-extends-mitre-backed-cve-contract-hours-its-lapse/404601/?oref=ng-author-river”>extended the contract</a> by about 11 months.</p>
<p>CISA was created in November 2018, when a law signed by President Donald Trump transformed the National Protection and Programs Directorate in DHS into a component with more broad authority for handling cybersecurity threats and infrastructure security. Its first director, Chris Krebs, was fired by Trump after Krebs declared that the 2020 presidential election was secure. Krebs has once again become a <a href=“https://www.nextgov.com/cybersecurity/2025/04/former-cyber-official-chris-krebs-leave-sentinelone-bid-fight-trump-pressure/404634/?oref=ng-author-river”>target of Trump</a> in the president’s second term.</p>
<p>During the COVID-19 pandemic and 2020 election, CISA routinely flagged misleading content to social media platforms, including material tied to foreign and domestic actors. But those efforts cooled after a July 2023 lawsuit alleged the Biden administration’s actions violated free speech. Even before her confirmation, Noem called for a broad review of CISA’s spending amid rising censorship concerns.</p>
<p>“CISA needs to be much more effective, smaller, more nimble, to really fulfill their mission, which is to hunt and to help harden our nation’s critical infrastructure,” she said in January, noting that the agency’s work should be “refocused” away from tapering mis- and dis-information online.</p>
<p><em>GovExec Editor-in-Chief Frank Konkel contributed to this report.</em></p>