CISA officials say agency is moving ahead despite workforce purge

LAS VEGAS — The Cybersecurity and Infrastructure Security Agency has continued its work to protect federal networks and support critical infrastructure providers despite massive job cuts and resource constraints, two senior CISA officials said during the Black Hat cybersecurity conference here Thursday.

“We are not retreating, we’re advancing in a new direction,” CISA CIO Robert Costello said during a panel discussion.

Chris Butera, the acting head of CISA’s Cybersecurity Division, added that while the agency “did lose people” to the Trump administration’s downsizing program — roughly a third of its employees — CISA still has “a very talented workforce.” He cited the agency’s around-the-clock response to major vulnerabilities in Microsoft SharePoint as an example of CISA’s continued capacity.

Butera and Costello were the only CISA officials speaking at Black Hat this year, a dramatic departure from the agency’s past representation at the annual event and a stark reminder of the Trump administration’s crackdown on government travel and conference participation. CISA’s diminished presence at industry events over the past six months has alarmed some cyber experts, who worry that the new administration is undermining CISA’s years-long effort to strengthen relationships with its partners in private industry and the security community.

The two CISA officials used Thursday’s panel to push back on that narrative, arguing that their agency remained committed to supporting critical infrastructure providers and state and local governments with free cybersecurity services and guidance.

In the next few months, Costello said, CISA will release new tools that make it easier for critical infrastructure organizations to sign up for the agency’s Cyber Hygiene service. More than 11,000 partners rely on this free offering, which scans internet-facing systems for vulnerabilities. Costello said CISA has automated additional aspects of the service so that partners will soon be able to log into a portal, track the progress of the scans and easily see their findings.

“You can actually work with us through that to see how you’re doing, track your progress, [and] engage with our cybersecurity advisers in a method [that’s] not over an email,” he said.

CISA will also launch a new “industry engagement portal” before the end of the year to make it easier for private companies to get access to the agency, Costello said.

Amid concerns about the effects of CISA cutting contracts for staff and services, both officials said they were intently focused on giving agency employees the tools they needed to succeed.

“We’re releasing a lot of new capabilities almost every week to enable the cyber operators to operate better,” Costello said. “We are very, very hard at work.”

Butera said AI could help defenders at CISA and elsewhere rapidly analyze vast quantities of information and reduce “the asymmetric advantage that the attacker has.”

The officials also discussed several other important aspects of CISA’s mission.

Following months of confusion about the status of the government’s commitment to MITRE’s CVE program, Butera said CISA was “heavily invested” in it and would “continue to fund” and improve it. “That program is super foundational to our agency,” he said, calling it “the basis and foundation for the whole vulnerability and cybersecurity ecosystem.”

Butera also provided an update on CISA’s use of administrative subpoenas, which allow it to compel internet service providers to provide identifying information about organizations that the agency finds to be using vulnerable technology through its internet scans. Since Congress authorized the service at the beginning of 2021, Butera said, CISA has used it to identify and contact more than 3,000 organizations to warn them that their systems are vulnerable. In 80% of those cases, CISA has convinced the organization to shield vulnerable systems from the internet.

Costello also shared a progress report on CISA’s IT modernization efforts, revealing that by the end of the fiscal year on Sept. 30, the agency will be “completely done with our on-premises environments and migrated to the cloud.”

Read more news from Black Hat USA 2025 here.