Latest news with #CybersecurityandInfrastructureAgency
NBC News
01-08-2025
- Politics
- NBC News
Less staff, even less trust: Some states say they can't rely on Trump's DHS for election security
When Arizona discovered in June that its website for politicians to file as candidates had been hacked, Secretary of State Adrian Fontes did something that would have been unthinkable in the past two presidential administrations: He kept the feds in the dark. Hackers had replaced past candidates' photos with that of Iran's former supreme leader, Ayatollah Ruhollah Khomeini. Such website defacements are relatively common and are often crimes of opportunity, where hackers spot a flaw they can exploit and use it to draw attention to their cause without doing serious damage. Arizona took the portal offline and remedied the issue. Still, an attack by pro-Iranian hackers is something to note, the kind of thing that secretaries of state and cybersecurity experts share in order to keep colleagues aware of ongoing threats. But in this political climate, Fontes decided it was best to handle on his own. 'The political theater that we've seen out of the Department of Homeland Security, I don't want that anywhere near my security operations,' he said. 'I don't want that anywhere near my Threat Assessment operations. I don't want that anywhere near my technicians or the folks who are actually doing the hard work keeping us and our system safe.' Fontes' decision highlights a major concern around cybersecurity cooperation and election security in the second Trump administration. Cuts to the federal government's election security work and the politicization of Homeland Security have left somestate election heads unsure of how they would work with the federal government if they are hacked. Experts say that a lack of communication could lead to more and worse hacks surrounding elections. 'The challenge in the wake of the evisceration of election security funding by the Trump administration is that it is unclear who to call at [the Cybersecurity and Infrastructure Agency] to share this information and what resources are still available,' Shenna Bellows, the secretary of state of Maine, told NBC News. Bellows and Fontes are Democrats. The Cybersecurity and Infrastructure Agency (CISA), created in 2018 in the first Trump administration as part of the Department of Homeland Security to protect crucial services from hackers, has emerged in recent years as the clearinghouse for election officials to share cybersecurity information. But things have changed in the second Trump administration, which has cut most of CISA's election security services and has sought to punish its first director for openly defying the president, particularly around election fraud claims. Three state election heads and a former CISA official who spoke to NBC News said it's clear the agency is no longer as effective in protecting U.S. elections. 'You're hanging states out to dry, basically, to let them fend for themselves,' said Pam Smith, the president of Verified Voting, a nonpartisan nonprofit devoted to providing election officials with resources for their jobs. 'If you do that, I don't think you can expect that people will share,' she said. 'That sort of trusted relationship is essentially broken. That's not to say that it couldn't be rebuilt, but it would require some evidence that they've got your back.' Bellows said that it was unclear how helpful the agency will be going forward or even if it can help. 'It's not that I don't know the names of appointees in certain titles," Bellows said. "But the people doing the work on the ground over the last four years, many of them were fired, and funding for core election cybersecurity services has been eliminated." Phil McGrane, Idaho's secretary of state and a Republican, said the lack of resources at CISA is clear, leaving state officials to figure out a new way forward. 'As a community, we're going through a process right now trying to determine, 'All right, what does this look like moving forward? How much do the states pick up and do some of this work and provide services to their offices?'' he told NBC News. The Trump administration has cut most election security resources from CISA, which before this year had worked to beef up trust with state and local election officials. A CISA spokesperson declined to tell NBC News if any dedicated election security officials still worked at the agency, citing a policy of not discussing personnel matters. The agency also cut funding for the EI-ISAC, a threat information sharing program for election officials. Election officials are still able to receive CISA's general warnings of cyberthreats, like the recent flaw in Microsoft's SharePoint platform. In an emailed statement, a DHS spokesperson said: 'The integrity and security of our nation's elections systems are non-negotiable. We look forward to working with Arizona to continue making sure their citizens get what they deserve — secure and transparent elections.' The White House did not respond to a request for comment. In the Biden administration and during Trump's first term, CISA was the central hub for election cyber information. It may not have been able to keep a state like Arizona from being hacked, but it could have quickly sounded the alarm if it were, minimizing the chance that other states fell to the same tactics. CISA also had open channels with intelligence agencies like the FBI and National Security Agency to get advance warning of what foreign intelligence agencies were planning, information not generally available to local election officials. But CISA caught Trump and his allies' ire in 2020 when it publicly rebutted false claims about elections being rigged or stolen, countering Trump's insistence that he had actually won that year's election. Since retaking the presidency, Trump has called for the agency's director in his first term, Christopher Krebs, to be investigated despite no public evidence of wrongdoing, a move that has disheartened and upset agency employees. One former CISA official, who requested to not be publicly identified because of the current political atmosphere around the agency, said open communication between the agency and states was fundamental to how the government protected elections from hackers. 'Encouraging voluntary information sharing during incidents was so vital to the whole enterprise, and that appears to be severely degraded,' he told NBC News. 'Less complete information and slower response means potentially more victims and more disruptive impact.' 'We would have been all over this. 'We'd want to know, is there a foreign nexus?' he said about the Arizona hack. 'What else did they try to get into? Was it in other states? Did compromises occur elsewhere? There would be people looking at [reports], working with federal and industry partners, trying to figure out how widespread or isolated it was. Was it targeting elections, was it broader?' he said. Voting machines are generally not directly connected to the internet, and the likelihood of a hacker remotely changing official results is extremely low. The vast majority of voting machines in the U.S. now use paper ballots, which the voter can verify and which can be audited. But many other election-related systems are online, and hackers can theoretically exploit them to make it more difficult for people to vote or to sow chaos around unofficial results as they come in. Smith, the head of Verified Voting, questioned why the cuts to election security happened in the first place. 'The most important thing is that relational trust got broken," she said. "You slash funding for important threat sharing centers. You cut whole teams of people whose job it was to support election officials and their work. 'There's no sign of any explanation about why all of that is necessary, or prudent, or helpful,' she added.
The Hill
02-05-2025
- Politics
- The Hill
Trump budget would eliminate CISA disinformation offices, alleging censorship
President Trump proposed the shuttering of the disinformation offices and programs at the Cybersecurity and Infrastructure Agency (CISA), alleging they contributed to the censorship of the president and his supporters in the White House budget request. The president's budget proposal, released Friday, claimed CISA's disinformation offices and programs 'functioned as a hub in the Censorship Industrial Complex.' 'CISA was more focused on cooperating with Big Tech to target free speech than our nation's critical systems,' the White House wrote in a fact sheet. 'Even CISA's own systems have fallen prey to attacks.' CISA, formed in 2018 during the first Trump administration, is tasked with securing the nation's infrastructure, including election voting systems. It is housed under the Department of Homeland Security. The proposal calls for slashing the agency's budget by about $491 million. This would be a nearly 16 percent reduction in funding the agency recieved last year. It currently has a budget of about $3 billion. Trump and some Republicans have repeatedly gone after CISA, accusing the agency of working with social media companies to censor conservative content. The fiscal year 2026 budget proposal echoes this sentiment, claiming it is part of the administration's efforts to stop the 'weaponization of the federal government.' 'Under President Trump's leadership, CISA will protect our critical infrastructure instead of censoring Americans,' the fact sheet stated. 'The Budget refocuses CISA on its core mission—Federal network defense and coordinating with critical infrastructure partners—while eliminating weaponization and waste.' The president and his allies have also taken issue with CISA for the agency's efforts to prevent misinformation about the 2020 election. Trump fired former CISA director Christopher Krebs from his post in November 2020, just days after he refused the president's false claims of election fraud. The Trump administration launched an investigation into Krebs earlier this month and revoked his security clearance. The administration is reportedly planning workforce cuts at CISA as part of its broader goal to reduce the federal government, though it is not clear if and when this restructuring plan will happen. Trump tapped Sean Plankey as the next director of CISA, but he has not yet been confirmed. His nomination was placed on hold last month by Sen. Ron Wyden (D-Ore.), who is demanding the agency release a report about telecommunications insecurity.
CBS News
07-03-2025
- Business
- CBS News
Cybersecurity agency's top recruits decimated by DOGE cuts
For Kelly Shaw, unemployment is unfamiliar territory. "I've never been in this situation before. I've never been fired," Shaw said, suddenly quiet, while seated at her kitchen table in Northern Virginia. Nearly three years ago, the longtime senior intelligence analyst left the Navy, after being recruited by the nation's top cyber defense agency and rising up through the ranks. Eventually, Shaw helped establish a congressionally mandated program designed to continuously monitor and detect cyber breaches of the nation's power grid, pipelines and water system – installing sensors across critical infrastructure designed to detect insider threats and foreign adversaries like China, Russia and Iran. "It was all about the information we can get within networks to find the bad guys – any indicators of compromise, evidence of the adversary, moving through a network and attempting to do bad things. That's what we did," Shaw said, pausing. "Well, that's what some will still do." The former manager for the Cybersecurity and Infrastructure Agency's " CyberSentry" program, Shaw was also among the 130 probationary CISA workers mass fired in the "Valentine's Day Massacre" during the holiday weekend last month. That weekend, the form letter termination notices arrived for over 4% of CISA's workforce, telling them they were "not fit for continued employment because your ability, knowledge and skills do not fit the Agency's current needs." Among them were the nation's threat hunters, incident response team members, disabled veterans and employees who'd already signed onto the federal government's deferred resignation program. Others were former private sector workers who left lucrative jobs making seven-figure salaries to join the federal government and officials recruited into DHS' innovative hiring program — dubbed the " Cyber Talent Management System" — and analysts with top secret security clearances. "I waited literally 13 months from the moment I got my offer letter to the moment I started this job," said former cybersecurity specialist Paula Davis, recounting her arduous security clearance process. Before her termination letter arrived in her email inbox, Davis said she was required to send agency leadership an email justifying her position, but she never received a response. Davis spent her days analyzing code for state and local municipalities, identifying risks or abnormalities across the nation's aging critical infrastructure. "We're being targeted daily, hourly and every single minute," Davis said, citing suspected cybercriminals' attempts to infiltrate water systems and the power grid. She called her role fighting those intrusions her "dream job." "I didn't take an oath to the Constitution just to start getting a paycheck," Davis said, "Or else I would have just gone back into the private sector. I would have stayed at a big corporation." Since last month, the rapid-fire firings have shaken lawmakers and high-ranking officials, leaving many current and former employees dumbfounded. CBS News has spoken with over a dozen current and former CISA employees, including several who were granted anonymity in interviews, due to fear of reprisal. "These are the people that are the first line of defense in responding to incidents like Volt Typhoon and Salt Typhoon, and if we go even further back, SolarWinds," said one former CISA employee, referencing a string of foreign cyber espionage campaigns dating back to President Trump's first administration. "These are elite hunters that look across critical infrastructure and government networks to figure out if these bad actors are active in these networks," the former employee continued. "The people who find how deeply they've penetrated and 'how do we get them out of there?'" Democratic Rep. Bennie Thompson of Mississippi, the ranking member of the House Homeland Security Committee, warned at a hearing Wednesday that lawmakers are hearing that "significant cuts are coming for the remaining workforce" at CISA. "That kind of talent, you just don't find it every day," Thompson told CBS News. "You have to convince many of those individuals to leave lucrative private sector employment and come and accept the public mission of securing our cyber security systems and protecting our country." In a post on LinkedIn, last month, Former CISA Director Jen Easterly wrote that the agency had hired over 2,000 new employees during her more than three-year tenure. Since 2021, CISA's "strategic recruitment" program – congressionally mandated and more than seven years in the making – has competed with the private sector to attract and retain world-class talent to execute a core mission of the Department of Homeland Security, which oversees CISA. Cyber Talent Management System or "CTMS" hires were by law employees with " measurable or observable" attributes including "knowledge, skills, abilities and behaviors." A former human resources employee for CISA who was among those fired told CBS News that before his termination, he was tasked with compiling a list of probationary employees, and among them were over 100 CTMS staff members. "Everybody in CTMS is automatically in a three-year probation, so it's easier to get rid of them," the former HR employee told CBS News. "Close to 99% of our CTMS employees were probationary." "You are extinguishing the best and brightest in one fell swoop," a current CISA employee said. A CISA spokesperson told CBS News in a statement that the agency had 142 employees as part of its talent recruitment program, but did not disclose the number of employees fired. Shaw was among the first recruits to the "CTMS" program, entering with 12 years of government service, two master degrees in electrical engineering and cybersecurity, plus at least nine different specialized cyber certifications. "I had such confidence," Shaw said. "With all my prior experience. I just completed my doctorate in May of last year. So I thought I was well positioned to stay at CISA….But when I saw that executive order come through about probationary employees, I kind of panicked." In a statement to CBS News, DHS spokesperson Tricia McLaughlin said the Trump administration is "making sweeping cuts and reform across the federal government to eliminate egregious waste and incompetence that has been happening for decades at the expense of the American taxpayer." "To me, knowing how sleek and how well organized of an engine we had at CISA, that's a lie," Shaw said of the effort to slash federal spending by eliminating federal workers. "I don't know who else is going to be cut loose from our nation's cyber defense organizations. But I'm worried about that. I'm worried about that. This should be the last place that we should be cutting this expertise." Along with firing scores of probationary workers, over the last month, CISA has put on leave at least a dozen employees who are tasked with stopping foreign interference in U.S. elections, part of a wider trend of dismantling U.S. efforts to fight foreign meddling in elections. But concerns stemming from cybersecurity workforce cuts extend beyond the CISA workforce. Former NSA cybersecurity director Rob Joyce raised "grave concerns" that aggressive threats to cuts of U.S. government probationary employees will have a "devastating impact on the cybersecurity and our national security." "At my former agency, remarkable technical talent was recruited into developmental programs that provided intensive unique training and hands-on experience to cultivate vital skills," Joyce said. "Eliminating probationary employees will destroy a pipeline of top talent responsible for hunting and eradicating [Chinese] threats." To help assist fired employers at her former agency, Easterly has created a matching website to connect former CISA alumni and prospective employers. For his part, Thompson has started a hotline to encourage fired employees at the Department of Homeland Security and its components to share their stories. After the Trump administration tapped the Office of Personnel Management to fire federal employees en masse, a federal judge temporarily blocked it, citing OPM's lack of authority to fire employees at other agencies. This week, OPM updated its guidance to reflect that firing decisions are made by individual departments and agencies, spurring the rehiring or reinstatement of batches of fired workers in the weeks since. CISA has yet to follow suit. Asked if she'd return to the agency, Shaw paused. "I would have to go back," she finally said, citing CISA's essential mission and a regular paycheck. "I mean, they'd have to earn my trust back. But I don't know how you do that." Colby Hochmuth contributed to this report.
Yahoo
24-02-2025
- Business
- Yahoo
What you need to know about the 'Ghost' cyberattacks and why the FBI is concerned
The FBI has issued a warning about a Chinese ransomware group called Ghost. Ghost has attacked critical infrastructure, schools, and businesses in over 70 countries. The FBI advises using security updates and multifactor authentication to prevent ransomware attacks. The FBI is warning about a new ransomware hacker group called "Ghost." The FBI published a security advisory with the Cybersecurity and Infrastructure Agency that said the group began indiscriminately attacking organizations in more than 70 countries starting in 2021. The warning from the FBI and the CISA says Ghost is now one of the top ransomware groups, targeting organizations all over the world as recently as January. "Ghost actors, located in China, conduct these widespread attacks for financial gain," the report says. "Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses." Ransomware is a type of malware that lets bad actors encrypt a victim's data until they pay a ransom. Ransomware attacks have become more common in recent years, sometimes targeting large companies or government infrastructure. A ransomware attack in February 2024 against Chain Healthcare, the payment arm of healthcare giant UnitedHealth Group, briefly crippled the pharmacy industry after it caused a major backlog in filling customer subscriptions. Most ransomware hackers use phishing methods, sending fake messages to victims in the hope that they'll click a link and install malware on their devices. The hackers in the Ghost group, however, use publicly available code to exploit common vulnerabilities in organizations' software that have not been removed by updated patches, the FBI says. "The FBI has observed Ghost actors obtaining initial access to networks by exploiting public-facing applications that are associated with multiple Common Vulnerabilities and Exposures," the warning says. The FBI said in the warning that Ghost attackers usually claim that they will sell the victim's stolen data if they do not pay a ransom. However, the agency said they "do not frequently exfiltrate a significant amount of information or files, such as intellectual property or personally identifiable information that would cause significant harm to victims if leaked." The FBI recommends consulting its StopRansomware guide for comprehensive information on how companies can guard against ransomware attacks. Some tips for fighting against common ransomware tactics are to maintain regular system backups of sensitive information, patch known system vulnerabilities with security updates and use phishing-resistant multifactor authentication for company email accounts. The FBI recommends reporting any ransomware attacks to the agency. In the security advisory, the FBI said it is particularly interested in "any information that can be shared, including logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, and/or decryptor files." Read the original article on Business Insider
