Cybersecurity

OPM asks to dismiss email server lawsuit, citing misinterpretation of law

The agency notably released a privacy impact assessment for the dubious email server used to mass-message federal employees about a deferred resignation offer on the same day as the legal dismissal request.

Trump’s anti-DEI efforts damage national security, former officials say

The rollback of diversity, equity and inclusion initiatives weakens intelligence operations, erodes workforce morale and limits the U.S. government’s ability to navigate global threats, former national security officials argue.

CISA among DHS offices exempt from taking OPM’s deferred buyout offer

President Trump’s DHS chief said she wants to scale back the cybersecurity agency’s size and mission scope.

Democrats worry over Trump funding priorities for CISA’s disinfo efforts

President Donald Trump’s nominee to run DHS wants the Cybersecurity and Infrastructure Security Agency to be smaller and stay out of monitoring disinfo.

DHS cyber review board cleaned out in Trump move to eliminate ‘misuse of resources’

The board was actively investigating a Chinese hack into telecommunications systems.

US sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks

The Treasury Department also sanctioned an individual involved in recent Chinese hacks into its own systems.

Space companies say cyber threat intelligence is often overclassified, unactionable

Space and aerospace industry feedback from a series of government-run workshops noted that such threat intelligence is difficult to translate into actionable cyber efforts.

Biden signs executive order inspired by lessons from recent cyberattacks

The order gives CISA more eyes to hunt cyber threats on government networks and directs agencies and contractors to be more transparent about the security of their software stockpiles.

Salt Typhoon breach was first detected on federal networks, CISA head says

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the group was first detected “before we understood it was Salt Typhoon.”

FBI deleted Chinese malware from 4,200 US computers

The malware’s command server appears to be based in Tokyo and was accessed by French authorities who helped craft the code needed to remove the infection.

Forthcoming executive order seeks to plug holes in federal cyber practices

The eleventh-hour cybersecurity executive action asks agencies to rethink software procurement, supply chains and AI, among other things.

US has ‘a lot of work to do’ on cyber defenses, departing cyber czar says

Outgoing National Cyber Director Harry Coker thinks his office needs more influence over the federal cyber budget but not necessarily more authority on offensive cyber operations.

White House unveils Cyber Trust Mark program for consumer devices

The label is designed to help consumers make more cybersecure choices when they pick products off the shelf.

Exclusive

GAO mulls cost evaluation of nationwide telecom hardware replacement

One major vulnerability exploited by China’s Salt Typhoon hacking unit is a Cisco hardware flaw that can’t be patched and requires physical replacement, according to a person with knowledge of the intrusions.

US sanctions Chinese company that helped facilitate espionage hacks

Integrity Technology Group, known to researchers as Flax Typhoon, contracted with China’s Ministry of State Security to carry out infiltrations into internet of things devices, the FBI previously said.

Lawmakers request briefing from Treasury secretary on Chinese hack

The compromised third-party offering was a commercial remote services tool not listed in the marketplace for FedRAMP, the government’s cloud security compliance framework.

Chinese-sponsored hackers accessed Treasury documents in ‘major incident’

The incident comes in the final days of the Biden presidency and as officials work to root out China-tied hackers from U.S. telecommunications systems.