For years, the US federal government has promoted October as Cybersecurity Awareness Month. 2025’s theme is Building a Cyber Strong America, highlighting the need to strengthen the country’s infrastructure against cyber threats, ensuring resilience and security.
At the time of this writing, in the midst of a US government shutdown, it comes at a bitter moment. the Cybersecurity & Infrastructure Security Agency (CISA) is operating with about one third of its staff (889 of 2,540 employees).
Cyber threats don’t take time off, said the agency. “As the federal lead for Cybersecurity Awareness Month and the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency, or CISA, urges all U.S. small and medium businesses and state, local, tribal, and territorial governments to take one action today to improve their cybersecurity.”
Cybersecurity Awareness Month Toolkit
Despite the shutdown, the CISA Web site offers informational toolkits for use by IT and cybersecurity professionals in their own internal affairs, and also, to educate vendors, partners, employees and the general public.
The toolkit includes Cybersecurity Best Practices, Nine Ways to Stay Safe Online, essentials to protect your business or government organization and enhanced defenses; plus additional publicity materials, and three workplace posters.
Why it matters
CISA is responsible for helping safeguard the Nation’s critical infrastructure and public gatherings by enhancing stakeholder capacity to mitigate risks. The agency supports and promotes communications used by emergency responders and government officials to keep America safe, secure, and resilient. CISA leads the Nation’s operable and interoperable public safety and national security and emergency preparedness communications efforts.
Under the government shutdown any reduction of capability at CISA carries risk. This shutdown comes as two-thirds of CISA’s staff is “on furlough.” Furthermore, a key cyber-threat sharing law has expired. The Cybersecurity and Information Sharing Act (CISA) of 2015 “shielded companies from legal liability for monitoring information systems and providing cyberthreat indicators to the federal government. It also protected companies from antitrust lawsuits for exchanging information or providing assistance related to countering cyberthreats,” according to reporting by The Hill.
Further reading
Cybersecurity Awareness Month. October 2025. Landing page and informational resource. Cybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity Awareness Month Toolkit. Landing page and informational resource. Cybersecurity and Infrastructure Security Agency (CISA)
Cyberthreat sharing law expires as government shuts down. Article. October 1, 2025. by Julia Shapero. The Hill.
CISA Fact Sheet Informational document. July 2025. Cybersecurity and Infrastructure Security Agency (CISA)
Procedures relating to a lapse in appropriations. Page 45 for CISA. Guidelines document. September 29, 2025. US Department of Homeland Security (DHS)
