The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.
Up until now, its Cybersecurity Alerts and Advisories website has been posting a variety of bulletins, including known vulnerabilities under attack, flaws found in everything from industrial control systems to smart TVs, and warnings about specific products.
[…]
IT admins and others who want to know are advised to sign up for CISA’s email notifications to stay informed. Some updates will still be available via RSS, though users tracking the Known Exploited Vulnerabilities Catalog must subscribe to that topic through the GovDelivery email service. X will also carry general cybersecurity updates. We’ve asked CISA for further comment.
One has to wonder if this policy shift is linked to staff cuts at the agency, which began in March under the direction of Musk’s DOGE – a Trump-blessed project to trim costs at various federal agencies that oversee the Tesla tycoon’s businesses.
While some CISA workers have left, more layoffs are expected, as President Trump’s wish-list budget for 2026 proposes slashing CISA’s funding by about 17 percent. Former agency chief Jen Easterly has publicly criticized the recommendation, and described it as harmful to America.
“In a world where we are facing more serious, more complex, more dynamic threats, in a world where cyber crime damages are expected to cost the world $10.5 trillion by the end of this year, in a world where actors from the Chinese People’s Liberation Army are burrowed into our most sensitive critical infrastructure, that is a real loss for America to see the capability and capacity of America’s cyber defense agency being undermined,” she told the RSA Conference last month.
At the same time, US government bodies are increasingly moving more of their communications to Elon Musk’s social network. In February, following two major aviation accidents, the National Transportation Safety Board announced it would no longer distribute updates about press conferences or investigations via email, and would instead post all such information to its X account.
Then in April, the Social Security Administration began cutting staff from its communications office and told regional offices they would no longer issue press releases or “Dear Colleague” letters. Instead, agency updates will now be posted on X.
“If you’re used to getting press releases and Dear Colleague letters, you might want to subscribe to the official SSA X account, so you can stay up to date with agency news,” said SSA Midwest-West (MWW) Regional Commissioner Linda Kerr-Davis said at the time. “I know this probably sounds very foreign to you — it did to me as well — and not what we are used to, but we are in different times now.”
[…]
280 characters isn’t a lot of space to convey information, but maybe these agencies will get a group discount on X Premium for longer tweets. Either way, it’s good news for one of Trump’s more-favored billionaires. ®
Updated to add on May 13
Just a day after announcing it was changing the way it sent out alerts, CISA has changed its mind and reverted back to its old system of putting everything on its website.
“We recognize this has caused some confusion in the cyber community,” the site now reads. “As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders.”
While the infosec world has been rather peeved about the surprise overhaul by CISA, there may be another reason for the latest shift in policy. CISA intended to place more reliance on the GovDelivery email service – which had earlier been compromised, TechCrunch pointed out today.
It appears a contractor working for the state of Indiana had their credentials stolen, leading to GovDelivery sending out scam messages requesting money for unpaid toll fees. Maybe CISA figured there ought to be other ways to reach people, just in case.
Source: CISA changes vulnerabilities updates, shifts to X and emails • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft