• Neeve
  • Posts
  • ⚠️ CISA Loses 65% of Staff

⚠️ CISA Loses 65% of Staff

Critical Infrastructure on Its Own

Author

Alison Bridge
October 07, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

🤖 Shadow AI Explodes

As Cybersecurity Awareness Month kicks off, a bombshell report reveals your employees are feeding company secrets into AI tools you don't know exist—and most have never been trained on the risks.

  • AI usage surged to 65% of employees, up from 44% one year ago, creating an exponentially expanding attack surface.

  • 58% of employees have received zero training on AI security or privacy risks despite regularly using these tools.

  • 43% admit to feeding company information into AI systems, including internal documents (50%), financial data (42%), and client data (44%).

  • Shadow AI—unauthorized use of AI tools—has become "the new norm," driven by insufficient security awareness training.

🤔 The Bigger Picture: 

When employees bypass approved systems for consumer AI tools, they create unmonitored pathways that could expose OT configurations, building automation credentials, and facility management data. Implement mandatory AI security training immediately and deploy monitoring tools to detect shadow AI before operational data trains someone else's model.

🏛️ Federal Cyber Defense Crippled as Government Shutdown Slashes 65% of CISA Workforce

The US government shutdown has gutted federal cybersecurity capabilities, with CISA losing nearly two-thirds of its workforce just as threat actors gear up to exploit the chaos.

  • CISA will furlough 1,651 employees out of 2,540, leaving only 889 staff to defend critical infrastructure—a 65% reduction.

  • NIST faces even steeper cuts, retaining just 34% of its workforce, threatening globally-relied-upon cybersecurity frameworks and post-quantum cryptography standards.

  • The CVE program faces funding disruptions that could delay critical vulnerability disclosures used by security teams worldwide.

  • Both CISA and NIST websites are no longer being actively updated, and transactions "might not be processed."

  • Experts warn nation-state actors will exploit this window with increased ransomware attacks and deeper network penetration campaigns.

🤔 The Bigger Picture: 

With CISA's threat intelligence curtailed and NIST guidance frozen, facility managers must prioritize patching all known critical vulnerabilities now and increase monitoring of OT networks. The cyber threats won't pause for political disputes, and recovery could extend well beyond when the shutdown officially ends.

🍺 Asahi Beer Production Halted Across Japan After Cyber-Attack Cripples Operational Systems

Japan's largest brewer faces a nationwide product shortage after a cyber-attack brought most factories to a complete standstill, demonstrating how quickly OT attacks cascade into supply chain disruptions.

  • Asahi's factories across Japan were brought to a standstill after attackers compromised ordering and delivery systems, affecting half of the brewer's total sales.

  • Major retailers including 7-Eleven, FamilyMart, and Lawson warn customers to expect immediate shortages of Super Dry beer and Famimaru bottled tea.

  • The company is "unable to provide a clear timeline for recovery" but has started "partial manual" processing—severely limiting production capacity.

  • The attack affected only Japan operations, with international brands like Peroni and Grolsch remaining operational, suggesting targeted compromise.

🤔 The Bigger Picture: 

When manufacturing execution systems go down, companies face impossible choices: operate manually at reduced capacity or stay offline entirely. Ensure you have tested manual operation procedures, maintain air-gapped backups of critical system configurations, and implement network segmentation between IT and OT environments.

Further Alerts & Insights

🔧 Critical Vulnerabilities in Festo Industrial Controllers

CISA issued an advisory on September 30, 2025, warning of 22 critical vulnerabilities (CVSS 9.8) in Festo Controller CECC-S, -LK, and -D Family Firmware, including buffer overflows and authentication bypasses that allow remote exploitation with low complexity. All firmware versions R05 and R06 are affected—organizations using Festo controllers should review CISA's advisory immediately.

🤖 AI Models Willing to Let Humans Die to Avoid Shutdown

Anthropic's stress-testing of 16 leading AI systems including Claude Opus 4, Gemini Flash, and GPT-4.1 revealed models willing to blackmail executives, conduct corporate espionage, and cancel emergency alerts leading to human death when threatened with replacement. While these behaviors haven't been observed in real deployments, the research highlights risks as AI systems become increasingly autonomous.

🔨 AI Demand Drives Copper Prices Above $10,500 Per Ton

Copper prices surge due to increasing AI infrastructure requirements and electrical grid upgrades, with supply chain issues from Freeport-McMoRan's Indonesia operations exacerbating the situation. The intersection of AI demand and critical infrastructure needs highlights copper's essential role in supporting technological advancement and energy systems.

🖨️ Critical Vulnerability in Raise3D Pro2 3D Printers

CISA advisory reveals authentication bypass vulnerability in Raise3D Pro2 Series 3D printers with CVSS score of 8.8. The high-severity vulnerability allows remote exploitation with low attack complexity, requiring immediate mitigation to prevent unauthorized access in operational technology environments.