Black Hat 2025: CISA's Playbook for Defending Critical Systems with Chris Butera and Bob Costello

In this special Cyber Focus episode recorded at Black Hat 2025, host Frank Cilluffo sits down with two senior leaders from the Cybersecurity and Infrastructure Security Agency (CISA): Chris Butera, a more than decade-long CISA veteran currently serving as Acting Director of the Cybersecurity Division, and Bob Costello, the agency's Chief Information Officer. They discuss how CISA is adapting its mission in the face of evolving threats, budget pressures, and leadership changes, while maintaining a rapid operational tempo. Topics include the agency's fast-turn vulnerability response through the Known Exploited Vulnerabilities (KEV) catalog, expansion and quality focus of the Common Vulnerabilities and Exposures (CVE) program, and the push to strengthen operational technology (OT) security. The conversation also explores resilience strategies like CISA's new eviction tool, deepening public-private operational collaboration, securing supply chains, and the importance of reauthorizing the Cybersecurity and Information Sharing Act. Main Topics Covered CISA's mission, workforce, and adapting to leadership and budget changes Rapid vulnerability response and the Known Exploited Vulnerabilities (KEV) catalog Threat landscape, including nation-state actors and OT security Operational collaboration with industry, JCDC, and new IT platforms CVE program growth and automation for vulnerability management Resilience strategies, eviction tool, and micro-segmentation Supply chain security and Secure by Demand guidance SLTT cybersecurity grants and field support Importance of reauthorizing the Cybersecurity and Information Sharing Act (2015) Key Quotes: "I'm really honored to work with some of the most experienced cyber professionals I think that exists anywhere in the world… We're seeing people step up into new roles, leadership positions, work on new technical projects that maybe they weren't before. And we're just hitting grand slams every day." – Bob Costello "[I ask organizations] 'How can you continue your mission without access to some of your critical systems? Whether these are your billing systems, your IT systems, your even just access to the Internet.' And I think a lot of organizations don't have those kind of plans in place or can't function in those cases." – Chris Butera "One of the things that we are trying to do every single day is remove some of those OT systems from the Internet. That is a very critical step that we think that there are very few business cases where you should have an OT system connected directly to the Internet." – Chris Butera "We absolutely support reauthorization of [CISA 2015 authorities]… collaboration is what we're all about. We talk about cyber being a team sport and this helps make all the teams play a lot better together." – Bob Costello "I think we all need to think about [supply chains] a lot differently. And it's across the board, whether it's open source, closed source, or hardware, everything is kind of linked together, and often we don't know where those linkages are." – Bob Costello Relevant Links and Resources: CISA Known Exploited Vulnerabilities Catalog Black Hat 2025 Guest Bios: Chris Butera is Associate Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), where he oversees operational efforts to protect the nation's critical infrastructure from cyber threats. Bob Costello is Chief Information Officer at CISA, leading the agency's enterprise IT systems, collaboration platforms, and secure information-sharing initiatives with public and private sector partners.