Do Son 
The Cybersecurity and Infrastructure Security Agency (CISA) is discontinuing the use of two pivotal cyber threat analysis tools—Censys and VirusTotal. This development was confirmed by sources familiar with the matter, as well as by an internal memo circulated to hundreds of cybersecurity professionals.
According to reporting by Nextgov/FCW, CISA’s access to the Censys platform was terminated at the end of March, while Google-owned VirusTotal ceased operations within the agency on April 20. These widely used platforms enabled CISA analysts to track malicious objects, conduct reverse engineering, and detect active threats across federal infrastructure.
In a letter dated April 16 and addressed to more than 500 analysts, the agency acknowledged the critical importance of these tools and affirmed that it is actively seeking alternatives to minimize operational disruption. Nonetheless, no official comments have been issued by Google, Censys, or CISA itself.
The decommissioning of these platforms coincided with contractor layoffs, affecting personnel from firms such as Nightwing and Peraton. Sources report that affected staff have already returned government-issued devices, further fueling concerns that restructuring efforts under the Trump administration are beginning to impact CISA’s operational core.
Earlier this month, reports emerged indicating the government’s intent to fully terminate cyber hunting contracts with private-sector partners. Several agreements have already been canceled, raising alarm among security experts. Meanwhile, Secretary of Homeland Security Kristi Noem stated that the agency must become “smaller, more agile, and more effective,” focusing on infrastructure protection rather than combating misinformation.
CISA has faced sustained criticism from Republican lawmakers since agency personnel began coordinating with social media platforms to identify misinformation in the lead-up to the 2020 elections and during the pandemic. At the time, then-director Chris Krebs publicly affirmed the security of the election process, after which he was promptly dismissed by President Donald Trump. Krebs’s name has once again resurfaced as a target of criticism from both the former and current president.
A recent leak from MITRE also rattled the cybersecurity community, suggesting the potential discontinuation of CISA’s support for the flagship CVE program—the backbone of the global vulnerability catalog. Though the contract was ultimately extended for an additional 11 months, the incident underscored the instability and uncertainty surrounding the agency’s strategic direction.
All of this is unfolding amid broader trends of budget reductions and a narrowing of CISA’s mandate, despite its vital role in threat monitoring across federal systems. As it stands, the agency is losing access to indispensable tools—without which comprehensive cyber threat hunting becomes all but impossible.
