Cybersecurity Agency Faces Scrutiny Amid Spending Cuts, Personnel Shifts

A part of the U.S. Department of Homeland Security (DHS) responsible for identifying and monitoring cyberattacks has come under scrutiny as the Department of Government Efficiency (DOGE) looks to make spending cuts across the board.

The Cybersecurity and Infrastructure Security Agency (CISA) — part of the DHS — issued a statement addressing reports and social media posts surrounding its “red team” — cybersecurity professionals who proactively identify security defense vulnerabilities in various infrastructure networks and systems by simulating attacks from hackers.

“CISA has not ‘laid off’ our Red Team. CISA has taken action to terminate contracts where the agency has been able to find efficiencies and eliminate duplication of effort,” the agency wrote on March 12. “As good stewards of the taxpayer dollar and in accordance with good fiscal governance practices, CISA regularly reviews contracts across the agency to ensure that we have the capabilities that we need and that we are allocating resources in ways that make the most impact.

“This was a contract action that did not impact the employment status of CISA personnel,” the agency said, adding that the teams “continue their work without interruption.”

However, others claim that personnel moves are being made at CISA outside of the red team. Kelly Shaw, the former chief of CISA’s CyberSentry program told the “Click Here” podcast that she was one of more than 100 agency employees who were terminated heading into Valentine’s Day weekend. “I’m concerned [that] if we cut half of those people [at CISA], I think [it] would be devastating to our capability,” she said.

Since then, probationary government employees who were cut loose by DOGE were temporarily reinstated by a court order.

According to the DOGE site, CISA has 3,305 employees as of March 24, contributing to total annual payroll costs of $459.1 million.

Sources said to be within CISA told Forbes in a March 18 report that they were cautiously optimistic about the new nominee for director of the agency, Sean Plankey. He is awaiting confirmation by the Senate.

Read more: Inspector General Report Points to Banks’ Cybersecurity Risks and Dwindling FDIC ‘IT Expertise’

Cyberattacks, such as ransomware, and hidden vulnerabilities that exist because of third-party relationships can be potentially crippling to financial institutions and businesses. Also consider that the FDIC has 66 designated “problem institutions” that need to shore up their anti-fraud protection.

CISA has developed tools and frameworks to help organizations bolster their defenses against cyber threats. A prime example is the Ransomware Assessment Tool, created in collaboration with state bank regulators and the Secret Service. According to the agency, it helps both banks and non-banks identify gaps in their security defenses and enables business leadership to evaluate their preparedness and improve their ability to detect, respond to and recover from ransomware attacks.

According to the agency’s website, in February 2024, the red team led testing and coordinated with industry partners to address problematic security gateway vulnerabilities being exploited by hackers.

CISA has also been monitoring threats from China, such as Volt Typhoon.

Last year, CISA’s red team produced a cybersecurity report on an assessment of critical U.S. security infrastructure. It includes three key “lessons learned,” as well as mitigation recommendations for cyber defenders and business IT leadership.

The report pointed out a pressing need for software manufacturers to shore up their networks to help fend off software supply chain attacks. It also detailed how the red team gained access to sensitive networks while posing as cybercriminals and what they did “post-exploitation.”

The concern at hand: If cuts at CISA do get officially announced, will other government organizations pick up the slack to perform threat intelligence work? This remains to be seen.

The post Cybersecurity Agency Faces Scrutiny Amid Spending Cuts, Personnel Shifts appeared first on PYMNTS.com.