{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreid3vglsvfrhbqvefnahr47y2n5jtfqgou2ftxgrn3zxl3h45wvvy4",
"uri": "at://did:plc:mg5ozsljpp6t5b4lvwys4t72/app.bsky.feed.post/3lundp2zbzoy2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreidfym45tlbbszb3ke5k3zmw3zpkeo3wfnimfctj23i2h3jrsv7rqm"
},
"mimeType": "image/png",
"size": 902970
},
"description": "Expert reveals that funding holdup at DHS has left some critical infrastructure more vulnerable to novel cybersecurity attacks",
"path": "/national-laboratory-ceases-monitoring-of-u-s-critical-infrastructure-for-cyberthreats/",
"publishedAt": "2025-07-23T15:32:10.000Z",
"site": "https://broadbandbreakfast.com",
"tags": [
"_told lawmakers_",
"_CyberSentry_",
"_****There's a whole community behind your FREE membership...****_",
"There's a whole community behind your FREE membership...",
"_monitoring focuses_",
"_told news site CyberScoop_",
"_uses_",
"_such as D.C. Water_",
"_Midcontinent Independent System Operator_",
"_also noted_",
"_a list_"
],
"textContent": "WASHINGTON, July 23, 2025 – A major partner with the government’s CyberSentry program was no longer monitoring systems for zero-day cyberattacks.\n\nDr. **Nate Gleason** , program leader at Lawrence Livermore National Laboratory, _told lawmakers_ on Tuesday that funding agreements between his organization and the _CyberSentry_ program were bogged down at the Department of Homeland Security.\n\nThose agreements allowed the National Laboratory to monitor operational technology infrastructure from participating entities and detect potential threats. The delay forced the lab to stop monitoring incoming data on Sunday.\n\n\n\n_****There's a whole community behind your FREE membership...****_\n\n There's a whole community behind your FREE membership... \n\nRanking member **Eric Swalwell** , D-Calif., appeared dumbfounded.\n\n“You’re telling me, because you don’t have the funding, you’re not allowed to look at the data legally. That’s the problem,” Swalwell asked Gleason. “So theoretically, we have deployed sensors on critical infrastructure and there could be a malicious attack occurring right now that you are not legally able to see until the program is refunded?”\n\n“That is correct,” Gleason said.\n\nAlthough the Cybersecurity and Infrastructure Security Agency (CISA), which administers the CyberSentry program, also monitors these sites, their _monitoring focuses_ on identifying already-known threats, though they can catch some novel attacks.\n\nIn response, **Chris Butera** , CISA’s acting executive assistant director for cybersecurity, _told news site CyberScoop_ that its analysts continue to review the live sensor feed for signature hits and traffic anomalies, so the program’s baseline monitoring ‘remains fully operational’ even without the Lawrence Livermore National Laboratory’s deep‑dive analytics.\n\n### _Lab’s advanced analytics uncover hidden threats_\n\nIn contrast, Livermore _uses_ advanced analytics and artificial intelligence to focus on detecting cyberattacks never seen before, such as those deployed by nation-states. In 2022, the lab detected Chinese surveillance cameras that had been secretly built into U.S. critical infrastructure systems. The lab developed tools to detect these cameras, and according to the laboratory, found hundreds of cameras on some individual networks.\n\nThough CISA doesn’t publish a list of program participants, Gleason’s written testimony notes that “participants are from a wide range of critical infrastructure sectors including energy; water and wastewater; transportation; chemical; nuclear reactors, materials and waste; food and agriculture; dams; and critical manufacturing.”\n\nIn addition, some organizations have publicly signaled that they participate in the program, _such as D.C. Water_ and _Midcontinent Independent System Operator_. Exelon Corporation, the largest regulated electric utility in the U.S., _also noted_ that private companies used the CyberSentry program.\n\nIt is unclear what kind of cybersecurity systems, if any, these organizations have. When asked by _Broadband Breakfast_ if there were other entities monitoring these systems, the company referred _Broadband Breakfast_ back to Gleason’s testimony and declined to comment further.\n\nThough the data was still being collected, it cannot be analyzed by Livermore until after funding was restored. Even if funding was restored soon, damage may still be done to U.S. infrastructure; according to **Tatyana Bolton** , executive director at the Operational Technology Cyber Coalition, once a network is breached, it can be nearly impossible to restore its security.\n\n“We can’t guarantee that [China is] off the networks, even when we find them,” she told lawmakers. “We find them too late, we find them three years after the fact.”\n\nOther than Swalwell, no lawmaker asked Gleason about the cut funding or its implications.\n\n### _Witnesses warn of broader cyber vulnerabilities_\n\nThe shutting off of monitoring systems was just one of many examples that witnesses brought up to lawmakers at the Tuesday hearing of the House Subcommittee on Cybersecurity and Infrastructure Protection.\n\n“Let me be blunt, we are not prepared for a major attack on our critical infrastructure,” **Robert Lee** , CEO and co-founder of Dragos, said in his opening remarks. “We are not doing enough to prepare, and the results of continued failure could be catastrophic, including the loss of life.”\n\nWitnesses stressed during the hearing, entitled _“_ Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats to Critical Infrastructure _,”_ that the U.S. was particularly vulnerable to attacks on its “operational technology.” The term refers to the software and infrastructure that control objects in the physical world, such as power plants and automated prison doors.\n\nLack of clear guidance and direction over what agencies have jurisdiction over cybersecurity has led to much of the confusion.\n\n“I would think that if you map out who’s got what, who’s responsible for what, it would look like a bowl of spaghetti,” Rep. **Carlos Gimenez** , R-Fla., said. Bolton agreed with his assessment.\n\nThat confusion was on full display during the hearing. Lee told Rep. **Morgan Luttrell** , R-Texas, that the SANS Institute had _a list_ of the top five things businesses should do to improve their operational cybersecurity. Just a few minutes later, Bolton noted that CISA had also released a top five guide for operational technology.\n\n“Is it the exact same list [as the SANS Institute list],” Luttrell asked Bolton.\n\nShe responded by saying it was not. Luttrell threw his arms up in disbelief.\n\n### _Expiring CISA law raises alarm_\n\nAs vulnerable as U.S. cybersecurity is now, it may soon get worse. The law governing CISA passed in 2015 will expire in September if legislators don’t renew it. That law gives companies that choose to share information about cybersecurity attacks and their responses to them with the government liability protections.\n\nAlthough there was bipartisan support to renew CISA 2015, Swalwell acknowledged that Congress probably would not be able to do it in time.\n\n“There is a wide consensus that we don’t have time to do that [renew CISA 2015] now,” Swalwell said. “Congress will be in recess effective this week until after Labor Day, and then we will be right up against CISA’s expiration.”\n\nBolton explained that the effects of the law expiring would be dire.\n\n“The estimates are that about 80-90 percent of information sharing would be cut off from the federal government,” she said.\n\nAlthough the U.S. has not yet faced a Stuxnet-like virus, **Kim Zetter** , author of _Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon_ and Georgetown adjunct professor, warned the committee that that could soon change.\n\n“Those who have the ability haven’t until now really had the will to go after U.S. critical infrastructure,” she said. “And those who have had the will…haven’t necessarily had the ability. It doesn’t take much to marry those two together.”\n\n“We’ve relied on the large nation-states, China and Russia, we’ve relied on them not having the will to target U.S. infrastructure,” she continued. “We’ve eliminated that gate, and they do have the will now potentially to go after U.S. infrastructure.”",
"title": "National Laboratory Ceases Monitoring of U.S. Critical Infrastructure for Cyberthreats",
"updatedAt": "2026-03-11T05:49:06.609Z"
}