Cyber Threats
New bill proposes government-wide processes to attribute, sanction hackers
The measure would permit “robust sanctions against designated actors, including asset blocking, financial restrictions, export controls, procurement prohibitions, visa bans and suspension of assistance.”
Senators expect 10-year extension of cyber data-sharing law in future budget package
The Cybersecurity Information Sharing Act of 2015 got a temporary reprieve after the government reopened this month, but it risks lapsing again at the end of January.
National cyber strategy coming ‘as quickly as possible,’ official says
“It’s going to be a short statement of intent and policy, and then it will be paired very quickly with action items and deliverables under that,” National Cyber Director Sean Cairncross explained.
Dem lawmakers renew calls for release of delayed telecom security report
In a letter to DHS and ODNI, Sens. Ron Wyden of Oregon and Mark Warner of Virginia said the release of a 2022 report detailing cyber vulnerabilities in the U.S. telecommunications sector is “critically important to U.S. national security.”
Bill to end shutdown includes temporary cyber info-sharing law extension
The Cybersecurity Information Sharing Act of 2015 expired when the government’s calendar reset without a funding package for FY 2026.
CBO systems accessed in ‘security incident’ possibly tied to foreign hackers
The office estimates the cost and economic impact of proposed legislation and helps forecast federal spending, revenues, deficits and debt.
AI has leveled the field between cybercriminals and nation-state hackers, FBI official says
The FBI is slower to adopt AI tools due to the sensitive nature of the data that it works with, Brett Leatherman, the FBI Cyber Division head, said.
UN cybercrime treaty enables authoritarian regimes, top think tank argues
The agreement is scheduled to be signed in Vietnam next week, but the concept has raised concerns for some time.
US cyber policy goals have regressed during Trump 2.0 in ‘unprecedented setback,’ landmark report says
Cuts to various agencies and the politicization of disinfo-tracking work have slowed implementation goals set out five years ago by a congressionally authorized cybersecurity policy group.
CISA orders government to patch F5 products after ‘nation-state’ cyber intrusion
“This cyber threat actor presents an imminent threat to federal networks using F5 devices and software,” CISA’s directive says. China-linked hackers previously exploited F5 vulnerabilities.
Multiple CISA divisions targeted in shutdown layoffs, people familiar say
CISA units including its Stakeholder Engagement division are believed to have been hit. A DHS spokesperson said that the RIFs are meant to help get CISA “back on mission.”
Risks of cyber fraud allegations remain high for companies subject to government requirements
COMMENTARY | Stricter government cybersecurity requirements present elevated risk to companies due to increased enforcement pressure and additional bases for allegations of cybersecurity fraud.
Featured eBooks
Senator makes new attempt to extend cyber info-sharing law by 10 years
Sen. Gary Peters, D-Mich., said he’s spoken directly with Senate Majority Leader John Thune, R-S.D., about renewing the 2015 Cybersecurity Information Sharing Act, which lapsed when the government shut down.
Attorneys scramble to advise clients after lapse of key cyber info-sharing law
Organizations may lean on contract arrangements to facilitate data-sharing channels previously enabled by the now-expired regulation, a former U.S. official said.
Exclusive
‘Widespread’ breach let hackers steal employee data from FEMA and CBP
A Citrix vulnerability — suspected to have led to firings of multiple FEMA technology staff — enabled the breach, which let hackers pilfer data from FEMA servers connected to states at the southern border.
Vital cyber data-sharing law appears likely to expire amid looming government shutdown
Law firms are advising clients to prepare for this possibility, although the extent of information sharing that will cease if the law lapses remains unclear.
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
House funding extension tacks on two-month reprieve for key cybersecurity laws
The short-term measure gives lawmakers extra time to iron out differences between House and Senate versions of the renewal.
CISA ready to accept any extension for key cyber info-sharing law, official says
“Give us two years. Give us ten years. Give us 50. Whatever you take, we’ll take it,” CISA’s Nick Andersen said of the soon-to-expire 2015 Cybersecurity Information Sharing Act.
CISA weighs ‘alternative funding sources’ to preserve cyber vulnerability-tracking project
The Common Vulnerabilities and Exposures Program almost lapsed in April, according to MITRE, a key funder.
