Cybersecurity
Treasury sanctions Russian firm said to have stolen and sold US cyber tools
The sanctions coincide with an FBI investigation into Peter Williams, a former employee of U.S. defense contractor L3Harris who pleaded guilty to selling cyber exploits to a Russian entity.
Exclusive
Energy Department patched flaws enabling email impersonation in critical minerals system
The vulnerabilities could have let malicious users masquerade as agency officials, potentially misleading researchers, contractors and others.
Chinese telecom hackers likely holding stolen data ‘in perpetuity’ for later attempts, FBI official says
“I think it’s important to say we do not know exactly what the [People’s Republic of China] intends to do with a lot of this information,” said FBI cyber official Michael Machtinger.
US cyber responses will be ‘linked to adversary actions’ and involve industry coordination, official says
That dynamic will be outlined in a national cyber strategy, which will be released “soon,” said ONCD’s Alexandra Seymour.
New Treasury initiative targets improved cyber risk management for AI tools
The department says it plans to release deliverables from a public-private working group in phases throughout the rest of February.
CISA threat-hunting leader to depart for private sector role
Jermaine Roebuck announced his voluntary departure last week. The cyber agency has already lost a third of its workforce in the past year.
CISA to furlough most of its workforce under impending DHS shutdown
The shutdown would also slow ongoing revamps of a major cyber incident reporting rule that was signed into law in 2022, acting director Madhu Gottumukkala said this week.
CISA orders agencies to patch and replace end-of-life devices, citing active exploitation
The directive gives agencies three months to identify unsupported edge devices, a year to begin removing them and 18 months to eliminate them entirely.
Domestic surveillance fears loom over Congress debate to renew spying power
Lawmakers’ concerns about immigration enforcement and Fourth Amendment compliance are weighing on the reauthorization fight for Section 702 of FISA, even as the FBI privately warns against letting the foreign spying law lapse.
Senator says AT&T and Verizon blocked release of Salt Typhoon security reports
“AT&T and Verizon apparently intervened” to block a major cyber intelligence firm from sending documentation about the telecom hackers, Sen. Maria Cantwell wrote in a letter.
AI info-sharing center is in development, CISA official says
CISA’s Nick Andersen told reporters that he didn’t know of a completion timeline, but talks were ongoing across government and industry.
White House cyber shop is crafting AI security policy framework, top official says
ONCD chief Sean Cairncross also said a bedrock National Cyber Strategy, initially expected last month, is coming “sooner rather than later” without specifying a date.
Featured eBooks
Key cyber statutes at risk again as Congress works to avert shutdown
One measure allows the private sector to provide threat data to government agencies with key legal protections in place.
NIST releases a new draft cybersecurity framework for systems that never stop moving
Sometimes the most important cybersecurity work is not flashy.
US developed ‘non-kinetic’ cell ahead of Venezuela mission to push cyber operations
Officials said that cyber capabilities are expected to play a central role in future U.S. military undertakings.
OMB reverses Biden-era software attestation order
A new executive branch memorandum instead allows agencies to lean on software bills of materials, or SBOMs, in lieu of a universal attestation framework.
CISA to cease participation at RSAC conference after Biden-era cyber leader named CEO
The decision, which has been in motion over the last week, highlights the Trump administration’s push to strictly control how current officials participate in industry events linked to former senior leaders now under White House scrutiny.
Democrats press CISA’s acting chief over major staffing cuts
Madhu Gottumukkala also faced questions about a reported failed polygraph exam and attempts to reassign the agency’s chief information officer.
Lawmaker worries NSF program loophole enables Chinese institutions to access US-backed computing resources
Chinese entities are able to access a stockpile of high-performance computing tools funded by the U.S. government, creating potential technology transfer risks, Rep. John Moolenaar said in a letter sent this week.
Experts press for large‑scale US offensive cyber operations at House hearing
The U.S. will be “hamstrung” until it fully integrates cyber and computer network matters into its military doctrine, the head of the McCrary Institute for Cyber and Critical Infrastructure said.
