The Cybersecurity and Infrastructure Security Agency (CISA) has alerted its threat hunting teams to immediately discontinue use of two widely trusted cyber threat intelligence tools, Censys and VirusTotal.
The notification, sent to hundreds of CISA staffers this week, marks a significant shift in the agency’s operational approach as it contends with internal budget reductions and mounting political scrutiny.
According to internal correspondence seen by Nextgov/FCW and confirmed by two people familiar with the matter, CISA’s threat hunting division ceased using Censys, an internet scanning and threat analysis platform, late last month.
.png
)
The tool proved essential for mapping cyber threat activity across networks. Additionally, all use of Google-owned VirusTotal — a staple for malware and suspicious file analysis — is set to end by April 20.
CISA’s email to over 500 cyber threat hunters acknowledged the move could impact operations, stating, “We understand the importance of these tools in our operations and are actively exploring alternative tools to ensure minimal disruption. We are confident that we will find suitable alternatives soon.”
So far, CISA, Google, and Censys have declined public comment.
Contractor Cuts and Broader Downsizing
Alongside these tool retirements, CISA’s contractor workforce is also feeling the squeeze.
According to sources, Nightwing and Peraton contractors were ordered to return agency phones, a move presaging a significant reduction in private-sector support. This follows reports of anticipated broad-scale cuts to CISA contracts, particularly those dedicated to threat hunting.
These changes come as CISA faces scrutiny from the Trump administration and congressional Republicans, who have argued the agency has overreached in its fight against online disinformation, including accusations of bias against conservative viewpoints.
Homeland Security Secretary Kristi Noem has publicly supported downsizing the agency, pushing for a tighter focus on defending critical infrastructure rather than content moderation.
This week’s developments have stoked concerns across the U.S. cybersecurity sector.
In a related incident, internal MITRE correspondence leaked online suggested CISA would withdraw support for the globally critical Common Vulnerabilities and Exposures (CVE) Program — a decision the agency quickly reversed following public outcry.
CISA, established in 2018 to safeguard America’s digital and physical infrastructure, finds itself at a crossroads.
With major threat hunting capabilities in flux and its mission under renewed review, cybersecurity experts warn that the loss of proven tools like Censys and VirusTotal could hamper the agency’s ability to identify and neutralize threats—a critical function as cyberattacks on federal networks remain at historically high levels.
For now, CISA assures it is working to identify new solutions, but many inside and outside the agency fear critical gaps could emerge during this transition.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
