Expiration of accord for essential CISA cybersecurity risk evaluation duties
The funding agreement for the CyberSentry program, a joint initiative between the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and Lawrence Livermore National Laboratory (LLNL), has expired, causing a temporary halt in active threat analysis on critical infrastructure networks.
This funding lapse, which occurred over the weekend of July 20-21, 2025, has had an immediate impact on critical infrastructure security. With the program staff at LLNL legally unable to operate without active government funding, threat hunters have stopped monitoring network activity, reducing real-time detection and response capabilities against cyber threats.
The CyberSentry program is significant because it employs DOE national lab resources such as AI-driven analytics and high-performance computing to identify novel threats rapidly and proactively. Analysts at LLNL play a core role in the program by developing advanced analytics to monitor and hunt for threats on the networks for partner organisations.
However, officials have stated that the program remains operational, and funding renewal discussions are ongoing within DHS. The lapse is temporary but has raised concerns among lawmakers and infrastructure operators about increased risk exposure during this period without active data analysis.
The sensors placed by CISA on critical infrastructure organisations' networks are still gathering data, but LLNL is not currently analysing the data. Critical infrastructure organisations voluntarily allow CISA to place sensors on both their IT and operational technology networks as part of CyberSentry.
Gleason, a prominent figure in the cybersecurity community, emphasised that LLNL’s work with CISA is crucial for detecting real threats in the infrastructure that haven’t been seen before. The loss of visibility under CyberSentry due to the funding lapse is a concern, as it may open up avenues for adversaries to disrupt key national security capabilities by targeting infrastructure supported by critical systems.
This lapse comes at a time when CISA is already facing challenges. Nearly a third of its workforce has departed in recent months, and the ongoing review of its agreement with LLNL is part of a broader review of nearly any DHS spending of significance under Homeland Security Secretary Kristi Noem.
Key points:
- Funding status: Contract expired in late July 2025; renewal pending through DHS processes
- Immediate impact: Threat monitoring and data analysis halted; sensors still collect data but unanalyzed
- Security implications: Increased risk to OT and critical infrastructure networks; lack of real-time threat detection
- Program significance: Uses AI and advanced analytics at LLNL to detect new and emerging cyber threats
- Official stance: Program still operational; funding renewal underway
In summary, the CyberSentry program’s funding agreement with LLNL has lapsed, causing a temporary suspension in critical threat data analysis that puts operational technology security at risk. Efforts are underway to renew the funding and restore full functionality.
- The temporary halt in active threat analysis on critical infrastructure networks, due to the expired funding of the CyberSentry program, has highlighted the importance of the federal workforce, such as the staff at Lawrence Livermore National Laboratory, in cybersecurity, particularly in the realm of technology and finance, as their work contributes significantly to the rapid identification of novel threats and proactive protection of critical infrastructure.
- With the reimagined workforce of the CyberSentry program, including AI-driven analytics and high-performance computing, now not actively analyzing data from critical infrastructure organizations, there is a growing concern among lawmakers and infrastructure operators that adversaries may exploit this vulnerability to disrupt key national security capabilities, targeting infrastructure supported by critical systems.
