People
DHS, cyber industry mobilize to get CISA director nominee confirmed
“It’s a national security risk to not have him,” said a current U.S. official.
Cybersecurity
China is using advanced ‘Brickstorm’ malware against government and IT orgs, US assesses
The malware was detected in the recently disclosed breach of F5, an application delivery and security provider.
Cybersecurity
CISA tells staff to not speak with reporters, internal email shows
“CISA does not comment on leaked internal emails, especially when they’re about leaking internal emails,” CISA Director of Public Affairs Marci McCarthy told Nextgov/FCW when asked for comment.
Cybersecurity
Dem lawmakers renew calls for release of delayed telecom security report
In a letter to DHS and ODNI, Sens. Ron Wyden of Oregon and Mark Warner of Virginia said the release of a 2022 report detailing cyber vulnerabilities in the U.S. telecommunications sector is “critically important to U.S. national security.”
People
DHS says shutdown layoffs at CISA will proceed despite court injunction
The cybersecurity agency says it has complied with the court’s order because the firing of 54 people in its Stakeholder Engagement Division was planned beforehand and doesn’t affect unionized employees.
People
Top CISA official exits for TSA role amid recent cyber office reductions
Ryan Donaghy had served at CISA since 2016. It’s not clear if she was voluntarily moved to TSA or was given transfer orders.
Cybersecurity
US cyber policy goals have regressed during Trump 2.0 in ‘unprecedented setback,’ landmark report says
Cuts to various agencies and the politicization of disinfo-tracking work have slowed implementation goals set out five years ago by a congressionally authorized cybersecurity policy group.
Exclusive
Cybersecurity
House Democrats want answers on CISA reassignments to border security, immigration roles
A letter led by Rep. James Walkinshaw, D-Va., argues DHS violated the Antideficiency Act when it conducted a reduction in force during the government shutdown.
Cybersecurity
CISA orders government to patch F5 products after ‘nation-state’ cyber intrusion
“This cyber threat actor presents an imminent threat to federal networks using F5 devices and software,” CISA’s directive says. China-linked hackers previously exploited F5 vulnerabilities.
Cybersecurity
Top cyber lawmaker wants answers on CISA workforce reductions
Rep. Eric Swalwell, D-Calif., penned a strongly-worded letter to CISA’s acting director asking for an update on the status of the cyberdefense agency’s staffing posture.
Cybersecurity
Senator makes new attempt to extend cyber info-sharing law by 10 years
Sen. Gary Peters, D-Mich., said he’s spoken directly with Senate Majority Leader John Thune, R-S.D., about renewing the 2015 Cybersecurity Information Sharing Act, which lapsed when the government shut down.
People
Hundreds of DHS staff face reassignments to border security, immigration
Affected workers — including people in the Cybersecurity and Infrastructure Security Agency — have been given a week to respond or risk termination from federal service.
Cybersecurity
Former CISA lead Matt Hartman joins Merlin Group as chief strategy officer
Hartman most recently served as acting head of cyber at the Cyber and Infrastructure Security Agency. He now joins Merlin to grow its partnerships with technology companies and government agencies.
Cybersecurity
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
Cybersecurity
CISA wants more international involvement in cyber vulnerability catalog, official says
Nick Andersen, the agency’s assistant executive director for cybersecurity, says the CVE project would benefit from a "more holistic look" with international partners.
Cybersecurity
CISA ready to accept any extension for key cyber info-sharing law, official says
“Give us two years. Give us ten years. Give us 50. Whatever you take, we’ll take it,” CISA’s Nick Andersen said of the soon-to-expire 2015 Cybersecurity Information Sharing Act.
Cybersecurity
CISA weighs ‘alternative funding sources’ to preserve cyber vulnerability-tracking project
The Common Vulnerabilities and Exposures Program almost lapsed in April, according to MITRE, a key funder.
Cybersecurity
House panel advances bill to extend bedrock cyber info-sharing law
Some Republicans want to ensure there’s language that would prevent the nation’s core cyberdefense agency from engaging in alleged “censorship” of Americans’ free speech.
People
Nick Andersen onboards into top CISA cyber position
Andersen has served in both public and private roles, and he held top cybersecurity positions in the Department of Energy in Donald Trump’s first term.
People