CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

CISA Defunding and Dismantling Affects US Cyber Defense

First reported
Last updated
2 unique sources, 5 articles

Summary

Hide ▲

The prolonged US federal government shutdown severely depletes federal cybersecurity capabilities, with CISA set to lose around 65% of its workforce. This disruption weakens US cyber defense capabilities, impacts threat intelligence sharing, and increases the risk of cyber-attacks. The shutdown also affects the National Institute of Standards and Technology (NIST), which retains just 34% of its workforce. The expiration of the Cybersecurity Information Sharing Act of 2015 further complicates the landscape, leaving companies exposed to potential lawsuits and weakening a key defense against cyber-attacks. The shutdown raises fears of increased cyber-attacks, including ransomware targeting critical infrastructure, and furloughed workers are expected to be targeted by various fraud and social engineering attacks. The defunding of CISA impacts the timely identification and mitigation of vulnerabilities, leaving organizations more exposed to cyber threats. The potential dismantling of CISA could lead to increased response times and delayed fixes for critical vulnerabilities. The Cybersecurity Information Sharing Act of 2015 has been extended until January 30, 2026, providing temporary relief but highlighting the need for a longer-term or permanent extension. The shutdown raises fears of increased cyber-attacks, including ransomware targeting critical infrastructure, and furloughed workers are expected to be targeted by various fraud and social engineering attacks. The cybersecurity impact on the US is likely to last well beyond the shutdown period, with delays rippling across planned cyber and IT efforts. The lack of clarity in information sharing has cost US organizations an estimated $1.1 million each over the past five years, totaling $48.1 billion nationally. CISOs are facing significant challenges in incident response, with 70% struggling to remediate or recover from an attack in the past year. The primary challenge cited by CISOs is a lack of skills, with 90% pointing to this as the top reason for incident response difficulties.

Timeline

  1. 18.11.2025 18:30 1 articles · 23h ago

    CISA 2015 extension provides temporary relief but highlights ongoing challenges

    The extension of CISA 2015 until January 30, 2026, is seen as a temporary patch, with cybersecurity professionals urging a longer-term or permanent extension. The lapse of CISA 2015 had minimal impact on information sharing within the Health Information-Sharing Analysis Center (Health-ISAC) but reduced sharing with federal agencies. CISOs are struggling with a combination of heightened cyber threats and internal issues, with 84% believing a successful cyber-attack is inevitable. The lack of clarity in information sharing has cost US organizations an estimated $1.1 million each over the past five years, totaling $48.1 billion nationally. CISOs are facing significant challenges in incident response, with 70% struggling to remediate or recover from an attack in the past year. The primary challenge cited by CISOs is a lack of skills, with 90% pointing to this as the top reason for incident response difficulties.

    Show sources
    Open in new tab
  2. 02.10.2025 13:45 3 articles · 1mo ago

    CISA 2015 expiration increases cyber risk and legal uncertainty

    The shutdown affects the National Institute of Standards and Technology (NIST), which retains just 34% of its workforce. The shutdown raises fears of increased cyber-attacks, including ransomware targeting critical infrastructure, and social engineering attacks targeting furloughed workers. The cybersecurity impact is expected to last well beyond the shutdown period, with delays in planned cyber and IT efforts. The Cybersecurity Information Sharing Act (CISA 2015) has been extended until January 30, 2026, providing temporary relief but highlighting the need for a longer-term or permanent extension.

    Show sources
    Open in new tab
  3. 01.10.2025 23:42 1 articles · 1mo ago

    Government shutdown disrupts cyber defense and intelligence sharing

    The shutdown disrupts cyber threat intelligence sharing between the private sector and government. The lapsing of the Cybersecurity Information Sharing Act of 2015 further complicates the landscape, as it provided legal protections for companies sharing threat data. The shutdown also impacts CISA's ability to execute its mission, with potential furloughs of 65% of its employees and the termination of key partnerships. An increase in shutdown-themed social engineering attacks is expected, targeting furloughed workers with phishing and vishing tactics.

    Show sources
    Open in new tab
  4. 12.09.2025 17:00 4 articles · 2mo ago

    CISA Defunding and Dismantling Impact US Cyber Defense

    The shutdown will severely deplete federal cybersecurity capabilities, with CISA set to lose around 65% of its workforce, leaving 889 employees. CISA's website will not be actively managed until a budget agreement is reached. The shutdown raises fears of increased cyber-attacks, including ransomware targeting critical infrastructure, and social engineering attacks targeting furloughed workers. The cybersecurity impact is expected to last well beyond the shutdown period, with delays in planned cyber and IT efforts.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Sudo Vulnerability CVE-2025-32463 Actively Exploited in Linux and Unix Systems

A critical security flaw in the Sudo command-line utility for Linux and Unix-like operating systems, identified as CVE-2025-32463, is being actively exploited. This vulnerability affects Sudo versions 1.9.14 through 1.9.17 and allows local attackers to run arbitrary commands as root, even if they are not listed in the sudoers file. The flaw was disclosed in July 2025 and added to CISA's Known Exploited Vulnerabilities (KEV) catalog on September 30, 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised Federal Civilian Executive Branch (FCEB) agencies to apply necessary mitigations by October 20, 2025, to secure their networks. The vulnerability was disclosed by Stratascale researcher Rich Mirch in July 2025. The flaw affects sudo versions 1.9.14 through 1.9.17 and has received a critical severity score of 9.3 out of 10. A proof-of-concept exploit for the CVE-2025-32463 flaw was released on July 4, 2025, and additional exploits have circulated publicly since July 1, 2025.

Open in new tab

CISA Transitions to New Model for Direct Cyber Support to State and Local Governments

The Cybersecurity and Infrastructure Security Agency (CISA) has transitioned to a new model to better support state, local, tribal, and territorial (SLTT) governments in cybersecurity. This change aims to strengthen shared responsibility nationwide by providing SLTT partners with access to grant funding, no-cost tools, and cybersecurity expertise. The transition reflects CISA’s mission to enhance accountability, maximize impact, and empower SLTT partners to defend against current threats and secure future operations. CISA’s cooperative agreement with the Center for Internet Security (CIS) will end on September 30, 2025. The new model includes various support mechanisms such as grant funding, no-cost services, cybersecurity performance goals, regional advisors, professional services, and bi-monthly security operations center calls.

Open in new tab

Cybersecurity Awareness Month 2025 Initiated by DHS and CISA

The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have launched Cybersecurity Awareness Month 2025. The campaign, themed 'Building a Cyber Strong America,' aims to equip government agencies and private sector entities with tools and information to secure critical infrastructure. The initiative emphasizes the importance of public-private partnerships in defending against evolving cyber threats. The campaign targets all levels of government and businesses, urging them to prioritize cybersecurity to protect vital services such as water, power, communications, food, and finance. DHS and CISA stress the need for continuous vigilance and proactive measures to neutralize cyber threats.

Open in new tab

CISA Emergency Directive 25-03: Mitigation of Cisco ASA Zero-Day Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has **reiterated urgent warnings** to U.S. federal agencies after discovering that some organizations incorrectly applied updates for **CVE-2025-20333** and **CVE-2025-20362**, leaving devices marked as 'patched' but still vulnerable to active exploitation. CISA confirmed it is tracking ongoing attacks targeting unpatched Cisco ASA and Firepower devices within Federal Civilian Executive Branch (FCEB) agencies, with over **30,000 devices** remaining exposed globally, down from 45,000 in early October. The vulnerabilities enable unauthenticated remote code execution, unauthorized access to restricted endpoints, and denial-of-service (DoS) attacks. They have been linked to the **ArcaneDoor campaign**, a state-sponsored group active since at least July 2023, which has deployed malware like **RayInitiator** and **LINE VIPER**, manipulated ROM for persistence, and forced devices into reboot loops. CISA’s **Emergency Directive 25-03**, issued in September 2025, mandates federal agencies to account for all affected devices, disconnect end-of-support systems, and apply minimum software versions. The directive also introduced the **RayDetect scanner** to detect compromise evidence in ASA core dumps. Recent findings reveal the same threat actor also exploited **CVE-2025-5777 (Citrix Bleed 2)** and **CVE-2025-20337 (Cisco ISE)** as zero-days, deploying a custom web shell ('IdentityAuditAction') with advanced evasion techniques. The campaign’s indiscriminate targeting and multi-platform exploitation underscore the adversary’s broad capabilities and access to sophisticated tools.

Open in new tab

GeoServer RCE Exploit Used in Federal Agency Breach

A U.S. federal civilian executive branch (FCEB) agency was breached in July 2024 after attackers exploited an unpatched GeoServer instance. The attackers gained initial access through a critical remote code execution (RCE) vulnerability (CVE-2024-36401) and moved laterally within the network, deploying web shells and scripts for persistence and privilege escalation. The breach remained undetected for three weeks until the agency's Endpoint Detection and Response (EDR) tool alerted the Security Operations Center (SOC). The attackers exploited the vulnerability in GeoServer, which was patched in June 2024 but remained unpatched in the agency's environment. They used brute force techniques for lateral movement and privilege escalation, accessing service accounts and deploying web shells like China Chopper. The breach highlights the importance of timely patching, continuous monitoring of EDR alerts, and comprehensive incident response plans. The attackers discovered the vulnerable GeoServer instances by conducting network scanning with Burp Suite. They exploited the vulnerability to gain access to a public-facing GeoServer instance and downloaded open-source scripts and tools for lateral movement. On July 24, 2024, the attackers exploited the same vulnerability to gain access to a second GeoServer instance and moved laterally to a Web server and SQL server, where they dropped web shells, including China Chopper. The attackers also used Stowaway for command-and-control (C2) traffic and attempted to exploit CVE-2016-5195 for privilege escalation. The agency's incident response plan was inadequate, and some public-facing resources lacked endpoint protection, allowing the breach to remain undetected for three weeks.

Open in new tab