Cybersecurity experts at Lawrence Livermore National Laboratory are not able to analyze potential cyber threat data on the networks of some critical infrastructure organizations, as the Cybersecurity and Infrastructure Security Agency reviews its agreement with the lab.
The funding agreement in question involves analysts at Lawrence Livermore National Laboratory examining data from CISA’s “CyberSentry” program. As part of CyberSentry, critical infrastructure organizations voluntarily allow CISA to place sensors on both their IT and operational technology networks to monitor for cyber threats.
Analysts at Lawrence Livermore play a “core” role in CyberSentry by developing advanced analytics to monitor and hunt for threats on the networks for partner organizations, according to Nate Gleason, program leader at LLNL.
But Gleason, testifying before the House Homeland Security Committee’s subcommittee on cybersecurity and infrastructure protection today, said the funding agreement for the lab to participate in CyberSentry lapsed this week.
Gleason was asked about the status of the CyberSentry program by subcommittee Ranking Member Eric Swalwell (D-Calif.).
“We’ve supported CISA in various aspects of critical infrastructure security for about a decade,” Gleason said. “Currently, we have funding agreements that are making their way through DHS processes. Unfortunately, those are still making their way through DHS processes and our work with CISA expired last Sunday.”
Gleason said the lab needs an interagency agreement between the Department of Homeland Security and the Energy Department to be completed before resuming the work.
“The sensors are still deployed,” Gleason said. “They’re still gathering data. We just aren’t analyzing the data that’s coming in.”
In a statement, CISA Executive Assistant Director for Cybersecurity Chris Butera said the CyberSentry program “remains fully operational.” Butera said the agency has an “ongoing review” of its agreement with LLNL.
“Through this program, CISA gains deeper insight into network activity of CyberSentry partners, which in turn helps us to disseminate actionable threat information that critical infrastructure owners and operators use to strengthen the security of their networks and to safeguard American interests, people, and our way of life,” Butera said. “CISA routinely reviews all agreements and contracts that support its programs in order to ensure mission alignment and responsible investment of taxpayer dollars. CISA’s ongoing review of its agreement with Lawrence Livermore National Laboratory has not impacted day-to-day operations of CyberSentry and we look forward to a continued partnership.”
But during the hearing, Gleason said the “loss of visibility” under CyberSentry is a “significant loss.”
“We’re looking for threats that haven’t been seen before,” he said. “We’re looking for threats that exist right now in our infrastructure. One of the great things about the CyberSentry program is it takes the research and marries it with what is actually happening on the real networks. So we’re not just doing science projects. We’re deploying that technology out in the real world, detecting real threats.”
The latest funding lapse at CISA comes as the cyber agency undergoes significant changes under the Trump administration. The agency has seen nearly a third of its workforce depart in recent months.
The turbulence has also impacted CISA’s contracting amid a broader review of nearly any DHS spending of significance under Homeland Security Secretary Kristi Noem. In April, for instance, funding for the Common Vulnerabilities and Exposures (CVE), program nearly ran out before CISA extended the contract at the last minute.
Meanwhile, LLNL has also seen other funding agreements with CISA expire in recent months. Gleason said the lab’s support for CISA’s National Infrastructure Simulation and Analysis Center expired in March.
Gleason said the lab had been supporting CISA’s efforts to analyze interdependencies between different facets of critical infrastructure, such as the power grid, water utilities and transportation.
“A lot of times when we’re thinking about cyber attacks on critical infrastructure, the target may not be that infrastructure system itself,” he said. “It may be what is supported by that infrastructure system. And when we fail to understand those interdependencies, we are opening up avenues for our adversaries to disrupt key national security capabilities.”
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
