Article Details

CISA: We didn't fire our red team, we just unhired a bunch of them. Agency tries to save face as it also pulls essential funding for election security initiatives. The US cybersecurity agency is trying to save face by seeking to clear up what it's calling "inaccurate reporting" after a former senior pentester claimed it laid off the entire Red Team. The Cybersecurity and Infrastructure Security Agency (CISA) says it has not terminated the entirety of its ethical hackers, although some contracts were withdrawn in line with usual procedure. "Contrary to inaccurate reporting, CISA has not 'laid off' our Red Team," it said in a statement. "CISA has taken action to terminate contracts where the agency has been able to find efficiencies and eliminate duplication of effort.  "As good stewards of the taxpayer dollar and in accordance with good fiscal governance practices, CISA regularly reviews contracts across the agency to ensure that we have the capabilities that we need and that we are allocating resources in ways that make the most impact. This was a contract action that did not impact the employment status of CISA personnel." Former CISA employee Christopher Chenoweth said via LinkedIn that he and more than 100 others had their government contracts terminated on February 28, as ordered by Elon Musk's Department of Government Efficiency (DOGE). He said this comprised his entire red team and all support roles, and the following Wednesday (March 5) a second red team tasked with "mission-critical work" was also cut.  The "wall of receipts" listed on DOGE's website, which outlines all the terminated government contracts, now lists 95 total terminations at the Department of Homeland Security (DHS), of which CISA is a part.  When The Register reported Chenoweth's claims yesterday, the number of terminations stood at 86 for the department, although those figures were only updated as of March 5. The number has since risen to 95, but none mention penetration testing or explicitly relate to CISA's cuts. CISA's statement went on to say: "CISA's red teams continue their work without interruption. The team works directly with network defenders, system administrators, and other technical staff to address strengths and weaknesses across critical infrastructure networks and systems. "They continue to assist organizations in refining their detection, response, and hunt capabilities to protect the nation's critical infrastructure from a range of threats." Red teams play an important role in fortifying an organization's defenses. Composed of ethical hackers, they simulate cyberattacks that could be carried out by real-world adversaries. Defenses are then shored up to prevent these scenarios. It's a widely used and respected method of improving cyber resilience. Often conflated with penetration testing, red teaming is different. Penetration testing involves probing specific systems for vulnerabilities that could be exploited by attackers and potentially used to carry out the attacks red teams attempt to simulate. The two are often deployed harmoniously by organizations looking to improve their overall resilience. Cuts, cuts, cuts Among the many cuts DOGE claims total around $20 billion are key information sharing and analysis centers (ISACs), some of which have operated for decades. The Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) is one of these. Its website now states that the DHS pulled funding and the Center for Internet Security, which oversees the initiative, no longer supports it. The EI-ISAC's role was to advise election officials and voting machine makers about cybersecurity risks that could impact the integrity of elections. It isn't the first move made by the current US administration to loosen oversight on election security. Also confirmed this week to be shut down is the Multi-State Information Sharing and Analysis Center (MS-ISAC), which was similarly tasked with informing responses to threats against local and national elections. It was originally reported by a few select media outlets, but CISA confirmed this week that the news was indeed true. The revelations were naturally received poorly by the security community, which has spoken out against the cuts in droves. "The EI-ISAC and the MS-ISAC provide real-time threat-sharing and response coordination that election offices can't replicate by themselves. Losing that coordination leaves towns and counties to fight nation-state hackers on their own," Tim Harper, a senior policy analyst at the separate Center for Democracy and Technology, told The Register this week. "Many state and local election offices rely on EI-ISAC as their only source of federal cybersecurity support, so cutting it puts entire counties at risk. Defunding EI-ISAC doesn't just weaken election security, it leaves communities wide open to cyberattacks on schools, emergency services, and local governments," he added.