CISA Terminates $2.4 Billion Cybersecurity Contract

The Cybersecurity and Infrastructure Security Agency (CISA) has abruptly withdrawn a $2.4 billion offer to government contractor Leidos, which was intended to bolster the National Cybersecurity Protection System (commonly referred to as the “Einstein” system). This decision, detailed in recent court documents, marks a significant shift in the agency’s approach to cybersecurity infrastructure.

On May 12, 2025, CISA informed the U.S. Court of Federal Claims of its decision to rescind the offer, stating that the Department of Homeland Security (DHS) has reassessed its IT and cybersecurity service requirements due to evolving organizational needs. The agency emphasized that the decision was not a reflection of Leidos’ capabilities, but rather a necessary pivot in priorities. Following this notification, Judge Zachary N. Somers dismissed the related case.

The contract, known as Agile Cybersecurity Technical Solutions (ACTS), was intended to evolve from a prior $1.15 billion deal awarded to Raytheon in 2017. Nightwing, a competitor that emerged from Raytheon, alleged that CISA’s evaluation process was flawed, claiming that a Leidos team member had access to confidential staffing information and proprietary performance data pertaining to Nightwing.

The ongoing scrutiny of the Einstein system, which has faced criticism for its mixed efficacy over the years, raises important questions about its future role in federal cybersecurity efforts. A 2016 report by the Government Accountability Office concluded that the system was only partially meeting its stated objectives, which casts doubt on its capacity to address the increasingly sophisticated threat landscape.

In September 2023, during congressional hearings, CrowdStrike executives likened the Einstein system to a relic from a bygone era, asserting that its efficacy has diminished as cyber threats have evolved. They advocated for the development of more contemporary systems to effectively address current and future security challenges.

CISA has not disclosed its precise motivations for canceling the ACTS procurement, yet the agency faces ongoing personnel challenges and uncertainty regarding its budget, which is projected to be reduced by $500 million for the coming fiscal year. This climate of instability could force CISA to rethink its approach to cybersecurity in a rapidly changing operational environment.

For stakeholders, including business owners, this incident emphasizes the importance of remaining vigilant against evolving cybersecurity threats. Utilizing frameworks like the MITRE ATT&CK Matrix is essential for understanding adversary tactics such as initial access and privilege escalation that may be employed by malicious actors targeting governmental and organizational infrastructures.