Latest news with #CybersecurityandInfrastructureAgency
The Hill
02-05-2025
- Politics
- The Hill
Trump budget would eliminate CISA disinformation offices, alleging censorship
President Trump proposed the shuttering of the disinformation offices and programs at the Cybersecurity and Infrastructure Agency (CISA), alleging they contributed to the censorship of the president and his supporters in the White House budget request. The president's budget proposal, released Friday, claimed CISA's disinformation offices and programs 'functioned as a hub in the Censorship Industrial Complex.' 'CISA was more focused on cooperating with Big Tech to target free speech than our nation's critical systems,' the White House wrote in a fact sheet. 'Even CISA's own systems have fallen prey to attacks.' CISA, formed in 2018 during the first Trump administration, is tasked with securing the nation's infrastructure, including election voting systems. It is housed under the Department of Homeland Security. The proposal calls for slashing the agency's budget by about $491 million. This would be a nearly 16 percent reduction in funding the agency recieved last year. It currently has a budget of about $3 billion. Trump and some Republicans have repeatedly gone after CISA, accusing the agency of working with social media companies to censor conservative content. The fiscal year 2026 budget proposal echoes this sentiment, claiming it is part of the administration's efforts to stop the 'weaponization of the federal government.' 'Under President Trump's leadership, CISA will protect our critical infrastructure instead of censoring Americans,' the fact sheet stated. 'The Budget refocuses CISA on its core mission—Federal network defense and coordinating with critical infrastructure partners—while eliminating weaponization and waste.' The president and his allies have also taken issue with CISA for the agency's efforts to prevent misinformation about the 2020 election. Trump fired former CISA director Christopher Krebs from his post in November 2020, just days after he refused the president's false claims of election fraud. The Trump administration launched an investigation into Krebs earlier this month and revoked his security clearance. The administration is reportedly planning workforce cuts at CISA as part of its broader goal to reduce the federal government, though it is not clear if and when this restructuring plan will happen. Trump tapped Sean Plankey as the next director of CISA, but he has not yet been confirmed. His nomination was placed on hold last month by Sen. Ron Wyden (D-Ore.), who is demanding the agency release a report about telecommunications insecurity.
CBS News
07-03-2025
- Business
- CBS News
Cybersecurity agency's top recruits decimated by DOGE cuts
For Kelly Shaw, unemployment is unfamiliar territory. "I've never been in this situation before. I've never been fired," Shaw said, suddenly quiet, while seated at her kitchen table in Northern Virginia. Nearly three years ago, the longtime senior intelligence analyst left the Navy, after being recruited by the nation's top cyber defense agency and rising up through the ranks. Eventually, Shaw helped establish a congressionally mandated program designed to continuously monitor and detect cyber breaches of the nation's power grid, pipelines and water system – installing sensors across critical infrastructure designed to detect insider threats and foreign adversaries like China, Russia and Iran. "It was all about the information we can get within networks to find the bad guys – any indicators of compromise, evidence of the adversary, moving through a network and attempting to do bad things. That's what we did," Shaw said, pausing. "Well, that's what some will still do." The former manager for the Cybersecurity and Infrastructure Agency's " CyberSentry" program, Shaw was also among the 130 probationary CISA workers mass fired in the "Valentine's Day Massacre" during the holiday weekend last month. That weekend, the form letter termination notices arrived for over 4% of CISA's workforce, telling them they were "not fit for continued employment because your ability, knowledge and skills do not fit the Agency's current needs." Among them were the nation's threat hunters, incident response team members, disabled veterans and employees who'd already signed onto the federal government's deferred resignation program. Others were former private sector workers who left lucrative jobs making seven-figure salaries to join the federal government and officials recruited into DHS' innovative hiring program — dubbed the " Cyber Talent Management System" — and analysts with top secret security clearances. "I waited literally 13 months from the moment I got my offer letter to the moment I started this job," said former cybersecurity specialist Paula Davis, recounting her arduous security clearance process. Before her termination letter arrived in her email inbox, Davis said she was required to send agency leadership an email justifying her position, but she never received a response. Davis spent her days analyzing code for state and local municipalities, identifying risks or abnormalities across the nation's aging critical infrastructure. "We're being targeted daily, hourly and every single minute," Davis said, citing suspected cybercriminals' attempts to infiltrate water systems and the power grid. She called her role fighting those intrusions her "dream job." "I didn't take an oath to the Constitution just to start getting a paycheck," Davis said, "Or else I would have just gone back into the private sector. I would have stayed at a big corporation." Since last month, the rapid-fire firings have shaken lawmakers and high-ranking officials, leaving many current and former employees dumbfounded. CBS News has spoken with over a dozen current and former CISA employees, including several who were granted anonymity in interviews, due to fear of reprisal. "These are the people that are the first line of defense in responding to incidents like Volt Typhoon and Salt Typhoon, and if we go even further back, SolarWinds," said one former CISA employee, referencing a string of foreign cyber espionage campaigns dating back to President Trump's first administration. "These are elite hunters that look across critical infrastructure and government networks to figure out if these bad actors are active in these networks," the former employee continued. "The people who find how deeply they've penetrated and 'how do we get them out of there?'" Democratic Rep. Bennie Thompson of Mississippi, the ranking member of the House Homeland Security Committee, warned at a hearing Wednesday that lawmakers are hearing that "significant cuts are coming for the remaining workforce" at CISA. "That kind of talent, you just don't find it every day," Thompson told CBS News. "You have to convince many of those individuals to leave lucrative private sector employment and come and accept the public mission of securing our cyber security systems and protecting our country." In a post on LinkedIn, last month, Former CISA Director Jen Easterly wrote that the agency had hired over 2,000 new employees during her more than three-year tenure. Since 2021, CISA's "strategic recruitment" program – congressionally mandated and more than seven years in the making – has competed with the private sector to attract and retain world-class talent to execute a core mission of the Department of Homeland Security, which oversees CISA. Cyber Talent Management System or "CTMS" hires were by law employees with " measurable or observable" attributes including "knowledge, skills, abilities and behaviors." A former human resources employee for CISA who was among those fired told CBS News that before his termination, he was tasked with compiling a list of probationary employees, and among them were over 100 CTMS staff members. "Everybody in CTMS is automatically in a three-year probation, so it's easier to get rid of them," the former HR employee told CBS News. "Close to 99% of our CTMS employees were probationary." "You are extinguishing the best and brightest in one fell swoop," a current CISA employee said. A CISA spokesperson told CBS News in a statement that the agency had 142 employees as part of its talent recruitment program, but did not disclose the number of employees fired. Shaw was among the first recruits to the "CTMS" program, entering with 12 years of government service, two master degrees in electrical engineering and cybersecurity, plus at least nine different specialized cyber certifications. "I had such confidence," Shaw said. "With all my prior experience. I just completed my doctorate in May of last year. So I thought I was well positioned to stay at CISA….But when I saw that executive order come through about probationary employees, I kind of panicked." In a statement to CBS News, DHS spokesperson Tricia McLaughlin said the Trump administration is "making sweeping cuts and reform across the federal government to eliminate egregious waste and incompetence that has been happening for decades at the expense of the American taxpayer." "To me, knowing how sleek and how well organized of an engine we had at CISA, that's a lie," Shaw said of the effort to slash federal spending by eliminating federal workers. "I don't know who else is going to be cut loose from our nation's cyber defense organizations. But I'm worried about that. I'm worried about that. This should be the last place that we should be cutting this expertise." Along with firing scores of probationary workers, over the last month, CISA has put on leave at least a dozen employees who are tasked with stopping foreign interference in U.S. elections, part of a wider trend of dismantling U.S. efforts to fight foreign meddling in elections. But concerns stemming from cybersecurity workforce cuts extend beyond the CISA workforce. Former NSA cybersecurity director Rob Joyce raised "grave concerns" that aggressive threats to cuts of U.S. government probationary employees will have a "devastating impact on the cybersecurity and our national security." "At my former agency, remarkable technical talent was recruited into developmental programs that provided intensive unique training and hands-on experience to cultivate vital skills," Joyce said. "Eliminating probationary employees will destroy a pipeline of top talent responsible for hunting and eradicating [Chinese] threats." To help assist fired employers at her former agency, Easterly has created a matching website to connect former CISA alumni and prospective employers. For his part, Thompson has started a hotline to encourage fired employees at the Department of Homeland Security and its components to share their stories. After the Trump administration tapped the Office of Personnel Management to fire federal employees en masse, a federal judge temporarily blocked it, citing OPM's lack of authority to fire employees at other agencies. This week, OPM updated its guidance to reflect that firing decisions are made by individual departments and agencies, spurring the rehiring or reinstatement of batches of fired workers in the weeks since. CISA has yet to follow suit. Asked if she'd return to the agency, Shaw paused. "I would have to go back," she finally said, citing CISA's essential mission and a regular paycheck. "I mean, they'd have to earn my trust back. But I don't know how you do that." Colby Hochmuth contributed to this report.
Yahoo
24-02-2025
- Business
- Yahoo
What you need to know about the 'Ghost' cyberattacks and why the FBI is concerned
The FBI has issued a warning about a Chinese ransomware group called Ghost. Ghost has attacked critical infrastructure, schools, and businesses in over 70 countries. The FBI advises using security updates and multifactor authentication to prevent ransomware attacks. The FBI is warning about a new ransomware hacker group called "Ghost." The FBI published a security advisory with the Cybersecurity and Infrastructure Agency that said the group began indiscriminately attacking organizations in more than 70 countries starting in 2021. The warning from the FBI and the CISA says Ghost is now one of the top ransomware groups, targeting organizations all over the world as recently as January. "Ghost actors, located in China, conduct these widespread attacks for financial gain," the report says. "Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses." Ransomware is a type of malware that lets bad actors encrypt a victim's data until they pay a ransom. Ransomware attacks have become more common in recent years, sometimes targeting large companies or government infrastructure. A ransomware attack in February 2024 against Chain Healthcare, the payment arm of healthcare giant UnitedHealth Group, briefly crippled the pharmacy industry after it caused a major backlog in filling customer subscriptions. Most ransomware hackers use phishing methods, sending fake messages to victims in the hope that they'll click a link and install malware on their devices. The hackers in the Ghost group, however, use publicly available code to exploit common vulnerabilities in organizations' software that have not been removed by updated patches, the FBI says. "The FBI has observed Ghost actors obtaining initial access to networks by exploiting public-facing applications that are associated with multiple Common Vulnerabilities and Exposures," the warning says. The FBI said in the warning that Ghost attackers usually claim that they will sell the victim's stolen data if they do not pay a ransom. However, the agency said they "do not frequently exfiltrate a significant amount of information or files, such as intellectual property or personally identifiable information that would cause significant harm to victims if leaked." The FBI recommends consulting its StopRansomware guide for comprehensive information on how companies can guard against ransomware attacks. Some tips for fighting against common ransomware tactics are to maintain regular system backups of sensitive information, patch known system vulnerabilities with security updates and use phishing-resistant multifactor authentication for company email accounts. The FBI recommends reporting any ransomware attacks to the agency. In the security advisory, the FBI said it is particularly interested in "any information that can be shared, including logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, and/or decryptor files." Read the original article on Business Insider
