Cybersecurity and Infrastructure Security Agency Company CyberSecurity Posture

http://www.cisa.gov
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

NOTICE: This social media account will not be actively managed during the lapse in federal funding. We will not be able to respond or update until after funding is enacted. go.dhs.gov/lapse-2025 We lead the National effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Our multi-faceted mission is home to more than 15 career fields including business administration, cybersecurity, program management, communications, data science. We play a vital role in protecting the homeland. Please visit our official website (cisa.gov) to learn how you can contribute to our mission. Review our full Comment Policy: cisa.gov/comment-policy Review DHS LinkedIn Privacy Policy: dhs.gov/linkedin-privacy-policy-and-notice

Cybersecurity and Infrastructure Security Agency A.I CyberSecurity Scoring

CISA

Company Details

Linkedin ID:

cisagov

Website:

http://www.cisa.gov

Employees number:

1,741

Number of followers:

586,152

NAICS:

92

Industry Type:

Government Administration

Homepage:

http://www.cisa.gov

IP Addresses:

Scan still pending

Company ID:

CYB_6312945

Scan Status:

In-progress

AI scoreCISA Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/cisagov.jpeg
CISA Government Administration
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreCISA Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/cisagov.jpeg
CISA Government Administration
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Cybersecurity and Infrastructure Security Agency

Critical
Current Score
511
C (Critical)
01000
12 incidents
-29.75 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
509
NOVEMBER 2025
507
OCTOBER 2025
501
SEPTEMBER 2025
494
AUGUST 2025
487
JULY 2025
491
Cyber Attack
01 Jul 2025 • Cybersecurity and Infrastructure Security Agency: Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
Indictment of Victoria Eduardovna Dubranova for Cyberattacks on Critical Infrastructure

**U.S. Indicts Ukrainian National for Role in Russian-Backed Cyberattacks on Critical Infrastructure** The U.S. Department of Justice (DoJ) has indicted 33-year-old Ukrainian national **Victoria Eduardovna Dubranova** (also known as "Vika," "Tory," and "SovaSonya") for her alleged involvement in cyberattacks targeting global critical infrastructure. Dubranova, extradited to the U.S. earlier this year, is accused of supporting two Russian-aligned hacking groups: **NoName057(16)** and **CyberArmyofRussia_Reborn (CARR)**, also referred to as **Z-Pentest**, both suspected of receiving backing from Russian state entities. Dubranova faces charges in two separate cases—one tied to CARR and another to NoName—and has pleaded not guilty. Her trial is scheduled for **2026**. While her extradition details remain undisclosed, authorities in **July 2025** dismantled over **100 servers** linked to NoName057(16) and arrested two individuals in **France and Spain**, though no direct connection to Dubranova has been publicly confirmed. The attacks were not financially motivated but instead aimed at **disrupting essential services**. CARR claimed responsibility for breaches of **U.S. drinking water systems**, causing spills and failures, as well as an attack on a **Los Angeles meat processing facility** that resulted in food spoilage and an ammonia leak. NoName057(16), meanwhile, deployed its custom **DDoSia tool** to take down government websites, recruiting global volunteers with cryptocurrency rewards and leaderboard incentives. The group’s infrastructure was reportedly built by **CISM**, a Russian state-sponsored IT group operating under a **2018 presidential order**. The DoJ alleges both groups received **direction and funding from Russian intelligence**, including a **GRU officer** who guided CARR’s targeting and paid for cybercriminal services. At its peak, CARR had over **100 members**, including minors, and an online following in the tens of thousands. The **U.S. State Department** is offering a **$2 million reward** for information leading to the identification or location of three key CARR associates: **Yuliya Pankratova, Denis Degtyarenko, and "Cyber_1ce_Killer"**, the latter linked to a GRU officer. Dubranova faces severe penalties—up to **27 years** in the CARR case for conspiracy, damaging protected systems, fraud, and identity theft, and a **five-year maximum** in the NoName case for a separate conspiracy charge. The indictment underscores how **cybercriminal networks exploit geopolitical tensions**, operating across borders even as traditional conflicts persist. Similar operations in **2025** saw the arrest of the suspected administrator of **XSS.IS**, a major Russian-language cybercrime forum with alleged intelligence ties, during a **joint French-Ukrainian Europol operation**. In **2024**, Ukrainian authorities detained a **cryptor-developer** accused of aiding **Conti and LockBit ransomware groups** by creating tools to evade antivirus detection.

472
critical -19
CIS1765368172
Incident Details -
Type
Cyberattack Disruption of Critical Infrastructure
Attack Vector
DDoS Custom DDoS Tool (DDoSia) Hacking
Motivation
Political Disruption of Critical Services
Impact
Water systems Food supply chains Public services Meat processing facilities Government websites Major spills System failures Ammonia leak Spoilage of food
Response
Law Enforcement Notified: Yes
Regulatory Compliance
Indictment Conspiracy charges Fraud charges Identity theft charges
Investigation Status
['Ongoing']
Post Incident Analysis
State-sponsored cyber warfare Geopolitical conflict exploitation
References
Blog URL Source URL
JUNE 2025
505
Cyber Attack
06 Jun 2025 • Cybersecurity and Infrastructure Security Agency: Discontinuation of CISA’s mobile app security program untimely, lawmaker says
Salt Typhoon Hack Impacting U.S. Telecommunications Firms and Federal Agencies

**Cybersecurity Subcommittee Chair Opposes CISA’s Mobile App Vetting Program Shutdown After Salt Typhoon Attack** Rep. Andrew Garbarino (R-N.Y.), chair of the House Homeland Security Subcommittee on Cybersecurity, has voiced strong opposition to the planned termination of the Cybersecurity and Infrastructure Security Agency’s (CISA) Mobile App Vetting (MAV) Program. The move follows the **Salt Typhoon** cyberattack, which targeted U.S. telecommunications firms and impacted federal agencies, raising concerns about mobile device security vulnerabilities. In a letter to **Department of Homeland Security (DHS) Secretary Kristi Noem**, Garbarino argued that ending the MAV program would leave a critical gap in assessing mobile device risks and undermine confidence among **Federal Civilian Executive Branch (FCEB) agencies**, which remain on high alert due to the fallout from Salt Typhoon. He also called for a **priority review of CISA’s role as the sector risk management agency for telecommunications**, emphasizing the need for stronger oversight in light of recent threats. Garbarino has demanded that DHS provide a **justification for the program’s termination** and outline **CISA’s updated strategy for securing the telecommunications sector** by **June 13**. The request underscores growing congressional scrutiny over federal cybersecurity measures in the wake of high-profile attacks.

486
critical -19
CIS1765251340
Incident Details -
Type
Cyber Espionage
Motivation
Espionage
Impact
Systems Affected: Mobile devices
Response
Enhanced Monitoring: Heightened alert about cybersecurity posture of mobile devices
Recommendations
Review CISA's role as a sector risk management agency for the telecommunications industry; Justify the Mobile App Vetting Program's termination and detail CISA's updated plan for the telecommunications industry
References
Blog URL Source URL
MAY 2025
516
Cyber Attack
01 May 2025 • Cybersecurity and Infrastructure Security Agency (CISA)
Potential Cybersecurity Risks Due to CISA Downsizing Amid Government Shutdown

The U.S. government shutdown has severely weakened **CISA**, the nation’s leading civilian cybersecurity agency, by furloughing **65% of its 2,540-strong workforce** (1,651 employees) and issuing **Reductions in Force (RIF) notices** that may lead to permanent layoffs. Critical divisions like the **Infrastructure Security Division (ISD)**, responsible for protecting power grids, water treatment plants, and chemical facilities, face deep cuts—including the elimination of the **Chemical Security subdivision**, which secured high-risk chemical sites from cyber-physical threats. The **Stakeholder Engagement Division (SED)**, which coordinates national and international cybersecurity partnerships, is also targeted. Experts warn that this reduction—amid rising **nation-state cyber threats, ransomware, and misinformation campaigns**—creates exploitable blind spots, crippling the U.S. government’s ability to **detect, respond, and recover** from attacks. The shutdown and political redirection of CISA’s mission (e.g., accusations of censorship) further destabilize its operational capacity, leaving **critical infrastructure (energy, water, chemical sectors) vulnerable to cyberattacks** that could disrupt essential services or trigger cascading failures. The long-term impact includes **eroded national resilience**, increased risk of **state-sponsored espionage or sabotage**, and potential **physical harm** if industrial control systems (e.g., power grids, water treatment) are compromised.

497
critical -19
CIS1192211101425
Incident Details -
Type
Operational Risk Workforce Reduction Budget Cuts Political Interference
Vulnerability Exploited
Reduced Workforce Capacity Budget Constraints Political Distractions Delayed Threat Response
Motivation
Exploit Government Vulnerabilities Disrupt Critical Infrastructure Leverage Political Instability Capitalize on Reduced Oversight
Impact
Critical Infrastructure (e.g., power grids, water treatment plants) Federal Cyber Defense Systems Threat Intelligence Sharing Platforms Reduced Threat Detection Capabilities Delayed Incident Response Weakened Partnership Coordination Increased Risk of Successful Cyber Attacks Erosion of Public Trust in Government Cybersecurity Perception of Political Interference in National Security
Response
Public Warnings by Cybersecurity Experts Media Coverage Highlighting Risks
Lessons Learned
Politicization of cybersecurity agencies undermines national defense capabilities. Workforce reductions in critical agencies create exploitable vulnerabilities during high-threat periods. Budget cuts to threat intelligence and infrastructure protection increase systemic risks. Public-private partnerships require stable, well-funded government coordination to be effective.
Recommendations
Avoid politicizing CISA's mission to ensure bipartisan support for cybersecurity. Restore and increase funding for CISA to address workforce shortages and operational gaps. Prioritize retention of key divisions like ISD and SED to maintain critical infrastructure protection. Develop contingency plans for government shutdowns to minimize disruptions to cyber defense. Enhance public awareness of the risks posed by CISA's reduced capacity.
Investigation Status
['Ongoing (Political and Operational Review)']
Stakeholder Advisories
Cybersecurity experts warn of increased risks due to CISA's reduced capacity. Private sector partners advised to bolster independent defenses amid government instability.
Post Incident Analysis
Government shutdown leading to furloughs and layoffs at CISA. Political disputes redirecting agency focus away from core cybersecurity missions. Budget cuts targeting critical divisions (e.g., ISD, SED). High attrition rate (1,000+ employees left in 2023). Perceived mission creep (e.g., misinformation efforts) distracting from cybersecurity priorities. Restoration of CISA's workforce and budget to pre-cut levels. Depoliticization of agency operations to refocus on cybersecurity. Reinstatement of eliminated subdivisions (e.g., Chemical Security). Stronger legislative protections for cybersecurity agencies during government shutdowns. Increased transparency in communicating risks to stakeholders.
References
Blog URL Source URL
APRIL 2025
516
MARCH 2025
510
FEBRUARY 2025
503
JANUARY 2025
552
Breach
01 Jan 2025 • CISA
Salt Typhoon Espionage Campaign

The Cybersecurity and Infrastructure Security Agency (CISA) faced a tumultuous period marked by significant breaches, including the Salt Typhoon espionage campaign linked to Beijing, which compromised American telecoms, collecting sensitive data such as call logs, recordings, and potential location information. The largest hack in US telecom history occurred under the leadership of Jen Easterly, who was not asked to stay post-Inauguration Day. Her departure coincided with demands for CISA to become 'smaller' and 'more nimble' and the dismissal of the Cyber Safety Review Board members who were investigating the breaches, potentially jeopardizing the agency’s future and national cybersecurity.

490
critical -62
CIS001012825
Incident Details -
Type
Espionage Campaign
Attack Vector
Unknown
Motivation
Espionage
Impact
call logs recordings potential location information
Data Breach
call logs recordings potential location information Sensitivity Of Data: High
References
Blog URL Source URL
DECEMBER 2024
566
Cyber Attack
01 Dec 2024 • CISA
Potential Setback in CISA's Cybersecurity Operations

As a relatively new and essential cyber-security component of the DHS, CISA faces a significant potential setback. With changing political climates and Trump’s apparent intentions to reshape the agency, its core missions of protecting government systems and supporting private and nonprofit entities could be compromised. Employees fear that reduced corporate oversight and a possible dismantling or repurposing of the agency may impair its ability to safeguard against cyber threats, potentially weakening national cybersecurity infrastructure. There is a palpable fear among the staff of a decline in efficacy and a change in direction that could pose threats not just to the agency's mandate but also to the broader security landscape.

547
critical -19
CIS000122124
Incident Details -
Type
Organizational Change Impacting Cybersecurity
Motivation
Reshaping Agency Reduced Corporate Oversight
Impact
Systems Affected: Government Systems Operational Impact: Potential Decline in Efficacy Brand Reputation Impact: Weakening National Cybersecurity Infrastructure
References
Blog URL Source URL
AUGUST 2024
547
Vulnerability
01 Aug 2024 • Cybersecurity and Infrastructure Security Agency (CISA)
Proposed Reduction of CISA's Scope by Heritage Foundation's Project 2025

Amid rising cyber threats, the Heritage Foundation's Project 2025 proposes to significantly reduce the scope of CISA, which could undermine the agency's ability to protect against cyber attacks and misinformation. This move aligns with former President Trump's agenda and his critique of CISA's role in debunking electoral misinformation. If implemented, CISA's counter-misinformation efforts would be halted, its relationship with social media firms would change, and its cyber defense responsibilities could be redistributed to military and intelligence agencies. As a result, the United States could face an increased risk of cyber threats that can disrupt societal stability, influence elections, or compromise sensitive information.

543
critical -4
CIS005080624
Incident Details -
Type
Policy Change
Motivation
Align with former President Trump's agenda and critique of CISA's role in debunking electoral misinformation.
References
Blog URL Source URL
JUNE 2024
558
Cyber Attack
16 Jun 2024 • Cybersecurity and Infrastructure Security Agency (CISA)
Potential Undermining of CISA by Heritage Foundation

CISA faces potential undermining from elements within the Heritage Foundation who seek to scale back its operations, especially concerning its role in mitigating misinformation online. This approach could significantly weaken the agency, impacting its principal cybersecurity functions and potentially affecting its efforts to combat foreign propaganda. If the 2024 election leads to an administration aligning with the Project 2025 playbook, CISA could experience reduced effectiveness or an existential crisis. Such a shift could have far-reaching consequences for national cybersecurity and the protection against online falsehoods that threaten societal stability.

539
critical -19
CIS000080624
Incident Details -
Type
Operational Undermining
Attack Vector
Political Influence
Motivation
Political
Impact
Operational Impact: Reduced effectiveness or existential crisis
References
Blog URL Source URL
JANUARY 2024
544
Cyber Attack
01 Jan 2024 • Cybersecurity and Infrastructure Security Agency: Multiple Government Agencies Warn of Long-Term, Potentially Large-Scale BRICKSTORM Malware Campaign by Chinese Hackers
BRICKSTORM Malware Campaign by Chinese Hackers

A new warning issued jointly by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Canadian Centre for Cyber Security documents an ongoing campaign by Chinese hackers making use of the sophisticated BRICKSTORM malware to target public sector organizations and IT companies for long-term espionage purposes. The average dwell time for these documented breaches is a little over a year, and the total victim count is impossible to know at this point. The BRICKSTORM malware was first documented by Google security researchers in 2024 and is considered one of the most advanced current threats. It targets Windows and VMware vSphere environments and serves as a long-term backdoor for stealthy data exfiltration. It has numerous advanced obfuscation features and will also reinstall itself if removed or disrupted. Once inside a target network, the Chinese hackers look to capture legitimate credentials through various means and create hidden virtual machines to conceal their activities. Chinese hackers may have been active since 2022 Though BRICKSTORM first came to broad attention in 2024, the researchers believe the Chinese hackers may have been successfully running this campaign since as far back as 2022. The average dwell time among documented victims of the malware is 393 days. If true, this would mean the attackers had been actively penetrating targets with this approach for at least two years before even being detected by security resear

524
critical -20
CIS1765238766
Incident Details -
Type
Espionage
Attack Vector
Malware (BRICKSTORM)
Motivation
Espionage
Impact
Data Compromised: Credentials, sensitive data Windows VMware vSphere Operational Impact: Long-term backdoor access, stealthy data exfiltration
Data Breach
Credentials Sensitive data Sensitivity Of Data: High Data Exfiltration: Yes
Investigation Status
['Ongoing']
Initial Access Broker
Backdoors Established: Yes (BRICKSTORM malware)
Post Incident Analysis
Root Causes: Advanced malware (BRICKSTORM) with obfuscation and persistence features
References
Blog URL Source URL
OCTOBER 2023
679
Ransomware
01 Oct 2023 • Cybersecurity and Infrastructure Security Agency
CISA Ransomware Vulnerability Warning Pilot (RVWP) Program

In order to assist critical infrastructure organizations in thwarting ransomware gang attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new information detailing security flaws and configuration errors that ransomware gangs have exploited. This information was made public by CISA as part of the Ransomware Vulnerability Warning Pilot (RVWP) program, and said that it would notify critical infrastructure organizations of any ransomware-vulnerable devices found on its network. Since its launch, CISA's RVWP has found and exchanged information about more than 800 susceptible systems with internet-accessible flaws regularly targeted by various ransomware activities. The U.S. cybersecurity agency has also released a dedicated website, StopRansomware.gov, which acts as the focal point for CISA's initiative to give defenders all the information they need to anticipate and neutralize ransomware assaults.

525
high -154
CYB2047151023
Incident Details -
Type
Ransomware
Attack Vector
Vulnerability Exploitation Configuration Errors
Vulnerability Exploited
Internet-accessible flaws
Motivation
Ransomware
Impact
Systems Affected: More than 800 susceptible systems
References
Blog URL Source URL
JANUARY 2023
773
Ransomware
01 Jan 2023 • Critical Infrastructure Organizations (as warned by CISA, FBI, and ACSC)
BianLian Ransomware Group Shifts to Data Theft-Based Extortion (2023)

In January 2023, the **BianLian ransomware group** shifted its tactics from encrypting files to **data theft-based extortion**, leveraging stolen **Remote Desktop Protocol (RDP) credentials**—often obtained via phishing or initial access brokers. The group deployed **custom Go-based backdoors**, remote management tools, and credential-harvesting utilities to infiltrate networks undetected. Once inside, they exfiltrated sensitive data and threatened to publish it on a **leak site**, demanding ransom payments in cryptocurrency. To evade security measures, BianLian **disabled antivirus processes** using PowerShell and Windows Command Shell, escalating risks for targeted organizations. The attack posed severe threats to **critical infrastructure sectors**, prompting warnings from **CISA, FBI, and ACSC**. Victim organizations faced potential **operational disruptions, financial losses, and reputational damage**, with stolen data ranging from **employee records to proprietary business information**. While no specific company was named, the group’s focus on **high-value targets**—such as healthcare, energy, or government-adjacent entities—suggested systemic risks. Mitigations included **auditing RDP access, restricting PowerShell, and enforcing multi-factor authentication (MFA)**, but the breach’s scale and sophistication highlighted vulnerabilities in defensive postures.

661
critical -112
CIS427092125
Incident Details -
Type
ransomware data theft extortion
Attack Vector
Remote Desktop Protocol (RDP) exploitation phishing initial access brokers (IAB) custom Go-based backdoors remote management software
Vulnerability Exploited
weak RDP credentials lack of multi-factor authentication (MFA) unrestricted PowerShell usage disabled antivirus processes
Motivation
financial gain data extortion
Impact
Brand Reputation Impact: high (due to public leak threats and warnings from CISA/FBI/ACSC) Identity Theft Risk: potential (if PII was exfiltrated)
Response
auditing RDP usage disabling command-line scripting restricting PowerShell enforcing strong authentication (e.g., MFA) patching vulnerable systems warnings issued by CISA, FBI, and ACSC
Regulatory Compliance
CISA FBI ACSC warnings issued
Lessons Learned
RDP remains a high-risk attack vector if not properly secured. Disabling antivirus processes via PowerShell is a common evasion tactic. Initial access brokers play a key role in facilitating ransomware attacks. Shift from encryption to extortion highlights the need for data protection beyond backups.
Recommendations
Audit and secure RDP access with MFA and network segmentation. Restrict PowerShell and command-line scripting to limit attacker lateral movement. Monitor for unusual data exfiltration patterns. Implement strong authentication practices across all critical systems. Regularly update and patch remote management software. Educate employees on phishing risks to prevent credential theft.
Investigation Status
['ongoing (warnings active as of 2023)']
Stakeholder Advisories
CISA FBI ACSC
Initial Access Broker
Entry Point: RDP credentials (phishing or purchased from IABs) custom Go-based backdoors remote management software critical infrastructure organizations
Post Incident Analysis
Weak or stolen RDP credentials Lack of MFA on critical access points Unrestricted use of PowerShell for scripting Insufficient monitoring for data exfiltration Enforce MFA for all remote access. Disable unnecessary RDP exposure to the internet. Restrict PowerShell to administrative use only. Deploy endpoint detection and response (EDR) tools to monitor for malicious activity. Conduct regular audits of high-privilege accounts.
References
Blog URL Source URL
JUNE 2018
768
Vulnerability
16 Jun 2018 • CISA
Potential Policy Reversal and Mission Compromise at CISA

The Cybersecurity and Infrastructure Security Agency (CISA), created in 2018, faces uncertain times as the return of former President Trump could significantly alter its function and direction. Trump's promises to reduce government spending and oversight have CISA staffers concerned about the potential dismantling of cybersecurity initiatives and a shift in focus toward immigration enforcement. The agency, which has a reputation for bipartisanship and was involved in election security and countering online misinformation, now finds itself at odds with Republican claims of censorship and surveillance. The fear of policy reversal and mission compromise looms among the employees, who remain dedicated to protecting national cyber infrastructure.

763
critical -5
CIS000122224
Incident Details -
Type
Policy and Mission Compromise
Motivation
Reduction in government spending and oversight, shift in focus toward immigration enforcement
Impact
Operational Impact: Potential dismantling of cybersecurity initiatives
References
Blog URL Source URL
JUNE 2015
780
Cyber Attack
16 Jun 2015 • Cybersecurity and Infrastructure Security Agency (CISA)
Lapse of Federal Cybersecurity Programs Increases Vulnerability to Cyberattacks

The lapse of the **Cybersecurity Information Sharing Act (CISA 2015)** and the **State and Local Cybersecurity Grant Program**, combined with a **staffing reduction to under 900 employees** (from ~2,500) due to government funding expiration, has left CISA critically under-resourced. Without liability protections for private-sector threat-sharing, companies may hesitate to report cyber threats, increasing systemic vulnerabilities. The absence of grant funding further weakens state/local defenses (e.g., hospitals, schools, water systems), raising risks of cascading disruptions. Experts warn of **potential major cyberattacks** during this period, with CISA lacking sufficient personnel to respond effectively. Legal uncertainties (e.g., antitrust exposure, FOIA disclosures) and reduced real-time intelligence-sharing exacerbate the threat landscape, particularly for critical infrastructure. Senators and industry leaders emphasize the urgency of reauthorization, citing risks to **national/economic security**, but partisan delays persist.

755
critical -25
CIS0332103101125
Incident Details -
Type
Policy/Regulatory Failure Operational Risk
Vulnerability Exploited
Lapse of CISA 2015 liability protections Reduced CISA staffing (from ~2,500 to <900) Expiration of State and Local Cybersecurity Grant Program Lack of real-time threat-sharing incentives
Impact
Reduced federal cybersecurity response capability Discouraged private-sector information sharing Increased legal/regulatory risks for companies sharing threat data Potential delays in state/local government cybersecurity improvements Erosion of public trust in federal cybersecurity preparedness Perception of political dysfunction hindering cyber defense Loss of antitrust protections for threat-sharing companies Risk of FOIA-disclosure of shared threat data Potential regulatory fines for companies sharing information without protections
Response
Cyber Threat Alliance (information-sharing coordination) Internet Security Alliance (advocacy for policy updates) Sen. Gary Peters' 10-year CISA 2015 reauthorization bill (Protecting America from Cyber Threats Act) House Homeland Security Committee's 10-year extension bill (sponsored by Rep. Andrew Garbarino) Proposed updates to cyber-threat indicator definitions (e.g., supply chain, AI threats) Incentives for sharing single-point-of-failure data (proposed by Internet Security Alliance) Short-term extensions via Continuing Resolution (CR) in House/Senate bills Potential inclusion in larger legislative vehicles Sen. Peters' public warnings about national/economic security risks Media outreach by Cyber Threat Alliance and Internet Security Alliance House Democratic staffer comments on program success in state/local governments
Regulatory Compliance
Cybersecurity Information Sharing Act (CISA 2015) Lapse of FOIA exemptions for shared threat data Loss of antitrust protections for collaborating companies
Lessons Learned
Short-term legislative patches are insufficient for cybersecurity operations requiring long-term certainty. Political objections (e.g., Sen. Rand Paul's conflation of CISA 2015 with the CISA agency) can derail critical cybersecurity measures. Corporate legal teams may hesitate to share threat data without liability protections, even if operational teams support collaboration. State/local cybersecurity grants have tangible impacts on community resilience (e.g., schools, hospitals). CISA's reduced staffing during shutdowns creates systemic vulnerability to major incidents.
Recommendations
Pass a 10-year reauthorization of CISA 2015 with retroactive protections to Oct. 1, 2023. Modernize the definition of 'cyber-threat indicators' to include supply chain and AI-related threats. Incentivize sharing of single-point-of-failure data to address systemic risks. Restore full funding for CISA to avoid operational gaps during shutdowns. Reauthorize the State and Local Cybersecurity Grant Program for 10 years, with provisions for AI-system support. Clarify distinctions between CISA (the agency) and CISA 2015 (the law) to address political misconceptions. Establish bipartisan task forces to depoliticize cybersecurity legislation.
Investigation Status
['Ongoing (political/legislative; no technical investigation)']
Stakeholder Advisories
Sen. Peters' warnings to reporters about national security risks. Cyber Threat Alliance and Internet Security Alliance statements on information-sharing impacts. House Homeland Security Committee Republican aide comments on CR extensions. House Democratic staffer remarks on state/local grant program success.
Post Incident Analysis
Political gridlock preventing timely reauthorization of critical cybersecurity programs. Conflation of CISA 2015 (law) with CISA (agency) by key senators (e.g., Rand Paul). Over-reliance on short-term Continuing Resolutions for long-term cybersecurity needs. Lack of clear legislative vehicles for updating CISA 2015's threat definitions (e.g., AI, supply chain). Insufficient contingency planning for CISA operations during government shutdowns. Bipartisan negotiation to separate CISA 2015 reauthorization from unrelated political disputes. Development of a dedicated legislative process for cybersecurity updates (e.g., 5-year review cycles). Expansion of CISA's shutdown-exempt staff to maintain core functions. Public-private working groups to modernize threat-sharing frameworks (e.g., AI, systemic risks). State/local cybersecurity coalitions to sustain grant-funded initiatives during federal lapses.
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Cybersecurity and Infrastructure Security Agency is 511, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 507.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 501.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 494.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 487.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 472.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 505.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 497.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 516.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 510.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 503.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 490.

Over the past 12 months, the average per-incident point impact on Cybersecurity and Infrastructure Security Agency’s A.I Rankiteo Cyber Score has been -29.75 points.

You can access Cybersecurity and Infrastructure Security Agency’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/cisagov.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Cybersecurity and Infrastructure Security Agency’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/cisagov.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.